How To Hack A Human
Be Aware: 8 Tips for Security Awareness Training
Can We Talk? Finding A Common Security Language
Shellshocked: A Future Of 'Hair On Fire' Bugs
The Truth About Ransomware: You're On Your Own
News & Commentary
Smart Meter Hack Shuts Off The Lights
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
European researchers will reveal major security weaknesses in smart meters that could allow an attacker to order a power blackout.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/1/2014
Comment1 Comment  |  Read  |  Post a Comment
SuperValu Reports Second Cyberattack
Brian Prince, Contributing Writer, Dark ReadingNews
So far, no payment card data is known to have been stolen, according to the company.
By Brian Prince Contributing Writer, Dark Reading, 10/1/2014
Comment0 comments  |  Read  |  Post a Comment
5 New Truths To Teach Your CIO About Identity
Patrick Harding, Commentary
When CIOs talk security they often use words like "firewall" and "antivirus." Here’s why today’s technology landscape needs a different vocabulary.
By Patrick Harding , 10/1/2014
Comment0 comments  |  Read  |  Post a Comment
How A Major Bank Hacked Its Java Security
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Deutsche Bank London helped create a new application self-defense tool to lock down and virtually patch its Java-based enterprise applications -- even the oldest ones.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/30/2014
Comment2 comments  |  Read  |  Post a Comment
Retailers Realize EMV Won't Save Them From Fraudsters
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Fraudsters hit retailers harder than ever in 2014 and many recognize that even though EMV's chip-and-pin authentication will stem skimming, breaches and other forms of fraud will persist.
By Ericka Chickowski Contributing Writer, Dark Reading, 9/30/2014
Comment2 comments  |  Read  |  Post a Comment
Software Assurance: Time to Raise the Bar on Static Analysis
Kevin E. Greene, Software Assurance Program Manager, Department of Homeland Security Science & Technology DirectorateCommentary
The results from tools studies suggest that using multiple tools together can produce more powerful analytics and more accurate results.
By Kevin E. Greene Software Assurance Program Manager, Department of Homeland Security Science & Technology Directorate, 9/30/2014
Comment5 comments  |  Read  |  Post a Comment
How To Hack A Human
Kelly Jackson Higgins, Executive Editor at Dark ReadingCommentary
Check out social engineering expert and founder of the DEF CON Social Engineering Capture the Flag contest Chris Hadnagy's recent interview on Dark Reading Radio.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/30/2014
Comment8 comments  |  Read  |  Post a Comment
Be Aware: 8 Tips for Security Awareness Training
Sara Peters, Senior Editor at Dark Reading
Hint: One giant security training session to rule them all is not the way to go.
By Sara Peters Senior Editor at Dark Reading, 9/29/2014
Comment7 comments  |  Read  |  Post a Comment
Coordinated Attacks Call For More Sophisticated Cyber Defense
Henry Kenyon, Commentary
Agencies and industry are rethinking how they defend against coordinated attacks by teams of specialized hackers.
By Henry Kenyon , 9/29/2014
Comment0 comments  |  Read  |  Post a Comment
New Bash Bugs Surface
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Time to patch again: Newly discovered flaws in Bash put Linux-based systems at risk.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/29/2014
Comment1 Comment  |  Read  |  Post a Comment
Making Sense Of Shellshock Attack Chaos
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Attacks against the Bash bug increase in volume and variety, with an emphasis on information gathering and botnet building.
By Ericka Chickowski Contributing Writer, Dark Reading, 9/29/2014
Comment4 comments  |  Read  |  Post a Comment
FDA Pushes To Improve Medical Device Security
Jai Vijayan, Freelance writerCommentary
Cyber attacks pose a grave threat to the integrity of healthcare services, agency says.
By Jai Vijayan Freelance writer, 9/29/2014
Comment1 Comment  |  Read  |  Post a Comment
Can We Talk? Finding A Common Security Language
Jason Polancich, Founder & Chief Architect, SurfWatchLabsCommentary
How engineers can get beyond the crippling vocabulary and semantic barrier of infosec and actually communicate about cyber risk with bosses and business colleagues.
By Jason Polancich Founder & Chief Architect, SurfWatchLabs, 9/29/2014
Comment9 comments  |  Read  |  Post a Comment
Shellshock's Threat To Healthcare
Mac McMillan, CEO, CynergisTekCommentary
The Bash bug is everywhere, including in medical devices. The industry must be better prepared to protect itself and patients.
By Mac McMillan CEO, CynergisTek, 9/29/2014
Comment2 comments  |  Read  |  Post a Comment
When Layers On Layers Of Security Equals LOL Security
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Defense-in-depth is often poorly executed when architecture is not carefully considered.
By Ericka Chickowski Contributing Writer, Dark Reading, 9/29/2014
Comment3 comments  |  Read  |  Post a Comment
Apple: Majority Of Mac OS X Users Not At Risk To 'Shellshock'
Brian Prince, Contributing Writer, Dark ReadingNews
According to Apple, Mac OS X systems are not exposed to remote exploits of Bash unless users have certain UNIX services configured.
By Brian Prince Contributing Writer, Dark Reading, 9/26/2014
Comment5 comments  |  Read  |  Post a Comment
Breach Awareness Made Easy
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
What if companies had to disclose breach history in the same way food companies display nutritional information?
By Sara Peters Senior Editor at Dark Reading, 9/26/2014
Comment3 comments  |  Read  |  Post a Comment
Shellshocked: A Future Of ‘Hair On Fire’ Bugs
Paul Vixie, Chairman & CEO, Farsight Security, Inc.Commentary
Most computers affected by Bash will be updated within 10 years. The rest will be vulnerable for the lifespans of all humans now living. This should concern us. But then, global warming should also concern us.
By Paul Vixie Chairman & CEO, Farsight Security, Inc., 9/26/2014
Comment22 comments  |  Read  |  Post a Comment
Amazon Reboots Cloud Servers, Xen Bug Blamed
Charles Babcock, Editor At Large, InformationWeek Commentary
Amazon tells customers it has to patch and reboot 10% of its EC2 cloud servers before Oct. 1.
By Charles Babcock Editor At Large, InformationWeek , 9/26/2014
Comment4 comments  |  Read  |  Post a Comment
iOS In-App Browsing Poses Security Risk
Thomas Claburn, Editor-at-LargeCommentary
iOS developer warns that browser windows invoked within third-party apps allow information theft.
By Thomas Claburn Editor-at-Large, 9/26/2014
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Security Insights
3 Places to Enable 2-Factor Authentication Now
3 Places to Enable 2-Factor Authentication Now
Two-factor authentication is a ubiquitous, mature technology. Whether or not you use it for your network, here are three external services for which you should immediately enable it.
Comment1 comments
Read | Post a Comment
More Sophos Security Insights
PR Newswire
Shellshocked: A Future Of 'Hair On Fire' Bugs
Paul Vixie, Chairman & CEO, Farsight Security, Inc.,  9/26/2014
Can We Talk? Finding A Common Security Language
Jason Polancich, Founder & Chief Architect, SurfWatchLabs,  9/29/2014
How To Hack A Human
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/30/2014
Register for Dark Reading Newsletters
Dark Reading Radio
Archived Dark Reading Radio
Chris Hadnagy, who hosts the annual Social Engineering Capture the Flag Contest at DEF CON, will discuss the latest trends attackers are using.
Cartoon
White Papers
Current Issue
Dark Reading Must Reads - September 25, 2014
Dark Reading's new Must Reads is a compendium of our best recent coverage of identity and access management. Learn about access control in the age of HTML5, how to improve authentication, why Active Directory is dead, and more.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-6856
Published: 2014-10-02
The AHRAH (aka com.vet2pet.aid219426) application 219426 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2014-6857
Published: 2014-10-02
The Car Wallpapers HD (aka com.arab4x4.gallery.app) application 1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2014-6858
Published: 2014-10-02
The Mostafa Shemeas (aka com.mostafa.shemeas.website) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2014-6859
Published: 2014-10-02
The Daum Maps - Subway (aka net.daum.android.map) application 3.9.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2014-6860
Published: 2014-10-02
The Trial Tracker (aka com.etcweb.android.trial_tracker) application 1.1.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Best of the Web
10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Flash Poll
Video
Slideshows
Twitter Feed