Stolen Passwords Used In Most Data Breaches
FAQ: Understanding The True Price of Encryption
Heartbleed Attack Targeted Enterprise VPN
Cartoon: E2c$y5tion
Heartbleed: A Password Manager Reality Check
News & Commentary
Workplace Data Privacy Vs. Security: The New Balance
David Melnick, Founder & CEO, WebLife BalanceCommentary
Is it time to rethink the traditional lock-down approach to employee use of corporate networks at work?
By David Melnick Founder & CEO, WebLife Balance, 4/23/2014
Comment0 comments  |  Read  |  Post a Comment
Michaels Data Breach Response: 7 Facts
Mathew J. Schwartz, News
Could the retailer have done more to spot the eight-month intrusion in the first place?
By Mathew J. Schwartz , 4/22/2014
Comment3 comments  |  Read  |  Post a Comment
Bots Attack US Mainly During Dinnertime
Kelly Jackson Higgins, Senior Editor, Dark ReadingQuick Hits
Most bot-infected machines hail from the US and wage attacks there between 6 and 9 p.m. Eastern Time, new report finds.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 4/22/2014
Comment8 comments  |  Read  |  Post a Comment
7 Tips To Improve 'Signal-to-Noise' In The SOC
Joshua Goldfarb, CSO, nPulse TechnologiesCommentary
When security analysts are desensitized to alerts because of sheer volume, they miss the true positives that can prevent a large-scale data breach. Here's how to up your game.
By Joshua Goldfarb CSO, nPulse Technologies, 4/22/2014
Comment4 comments  |  Read  |  Post a Comment
Free Scanning Tool Promises To Find Heartbleed On Any Device
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
CrowdStrike says tool identifies the flaw on web servers, VPNs, servers, routers, printers, and phones.
By Tim Wilson Editor in Chief, Dark Reading, 4/22/2014
Comment3 comments  |  Read  |  Post a Comment
Stolen Passwords Used In Most Data Breaches
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
New Verizon 2014 Data Breach Investigations Report identifies nine types of attack patterns that accounted for 93 percent of security incidents in the past decade.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 4/22/2014
Comment8 comments  |  Read  |  Post a Comment
FAQ: Understanding The True Price of Encryption
Sol Cates, CSO, VormetricCommentary
In the wake of recent events like Heartbleed, the search for cost-effective, easy, and scalable encryption solutions has never been more important.
By Sol Cates CSO, Vormetric, 4/21/2014
Comment5 comments  |  Read  |  Post a Comment
Heartbleed Attack Targeted Enterprise VPN
Mathew J. Schwartz, News
Attack spotted using the OpenSSL Heartbleed bug to steal session tokens and bypass two-factor authentication.
By Mathew J. Schwartz , 4/21/2014
Comment2 comments  |  Read  |  Post a Comment
Michaels Retail Chain Reveals Details Of Breach: Nearly 3M Affected
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
Attack on point-of-sale systems went on for more than six months, officials say.
By Tim Wilson Editor in Chief, Dark Reading, 4/18/2014
Comment4 comments  |  Read  |  Post a Comment
Poll: Dark Reading Community Acts On Heartbleed
Marilyn Cohodas, Community Editor, Dark ReadingCommentary
Roughly 60 percent of respondents to our flash poll have installed the Heartbeat fix or are in the process of doing so.
By Marilyn Cohodas Community Editor, Dark Reading, 4/18/2014
Comment2 comments  |  Read  |  Post a Comment
Heartbleed: A Password Manager Reality Check
Mathew J. Schwartz, News
Is a password manager an effective defense against vulnerabilities like Heartbleed, or just another way to lose data to hackers?
By Mathew J. Schwartz , 4/18/2014
Comment13 comments  |  Read  |  Post a Comment
Phishers Recruit Home PCs
Brian Prince, Contributing Writer, Dark ReadingNews
Residential broadband machines spotted hosting phishing attacks.
By Brian Prince Contributing Writer, Dark Reading, 4/18/2014
Comment5 comments  |  Read  |  Post a Comment
SQL Injection Cleanup Takes Two Months or More
Kelly Jackson Higgins, Senior Editor, Dark ReadingQuick Hits
A new report highlights the prevalence and persistence of SQL injection attacks.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 4/17/2014
Comment1 Comment  |  Read  |  Post a Comment
Satellite Communications Wide Open To Hackers
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
Satellite terminals widely used in transportation, military, and industrial plants contain backdoors, hardcoded credentials, weak encryption algorithms, and other design flaws, a new report says.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 4/17/2014
Comment3 comments  |  Read  |  Post a Comment
11 Heartbleed Facts: Vulnerability Discovery, Mitigation Continue
Mathew J. Schwartz, News
Millions of websites, applications from Cisco and VMware, Google Play apps, as well as millions of Android devices are vulnerable -- and the list keeps growing.
By Mathew J. Schwartz , 4/17/2014
Comment2 comments  |  Read  |  Post a Comment
Microsoft Delays Enterprise Windows 8.1 Support Doomsday
Mathew J. Schwartz, News
Responding to criticism, Microsoft gives businesses until August to adopt Windows 8.1 Update and continue receiving security updates. Consumers still face May 13 deadline.
By Mathew J. Schwartz , 4/17/2014
Comment1 Comment  |  Read  |  Post a Comment
How A Little Obscurity Can Bolster Security
Corey Nachreiner, Director, Security Strategy & Research, WatchGuard TechnologiesCommentary
Most security professionals deride the idea of "security by obscurity." Is it time to re-evaluate the conventional wisdom?
By Corey Nachreiner Director, Security Strategy & Research, WatchGuard Technologies, 4/17/2014
Comment18 comments  |  Read  |  Post a Comment
Did A Faulty Memory Feature Lead To Heartbleed?
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
Debate arises over an older memory allocation feature in OpenSSL, and the OpenBSD community starts to tear down and revise the crypto software for its own use.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 4/16/2014
Comment5 comments  |  Read  |  Post a Comment
The Real Wakeup Call From Heartbleed
Jeff Williams, CTO, Contrast SecurityCommentary
There's nothing special about Heartbleed. It’s another flaw in a popular library that exposed a lot of servers to attack. The danger lies in the way software libraries are built and whether they can be trusted.
By Jeff Williams CTO, Contrast Security, 4/16/2014
Comment10 comments  |  Read  |  Post a Comment
Smartphone Kill Switches Coming, But Critics Cry Foul
Thomas Claburn, Editor-at-LargeCommentary
Smartphone makers and carriers agree to add optional kill switches to smartphones, but law enforcement officials say the anti-theft effort doesn't go far enough.
By Thomas Claburn Editor-at-Large, 4/16/2014
Comment18 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Security Insights
Preying On A Predator
Preying On A Predator
Mac OS X Snow Leopard is perfectly positioned to be the next target for cybercriminals.
Comment0 comments
Read | Post a Comment
More Sophos Security Insights
PR Newswire
How A Little Obscurity Can Bolster Security
Corey Nachreiner, Director, Security Strategy & Research, WatchGuard Technologies,  4/17/2014
Heartbleed: A Password Manager Reality Check
Mathew J. Schwartz 4/18/2014
The Real Wakeup Call From Heartbleed
Jeff Williams, CTO, Contrast Security,  4/16/2014
Register for Dark Reading Newsletters
Cartoon
White Papers
Current Issue
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-1421
Published: 2014-04-22
Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar before 1.2.5, 1.2.6, and other versions before 1.2.7 allows remote attackers to inject arbitrary web script or HTML via the Category Name field to category.php.

CVE-2013-2105
Published: 2014-04-22
The Show In Browser (show_in_browser) gem 0.0.3 for Ruby allows local users to inject arbitrary web script or HTML via a symlink attack on /tmp/browser.html.

CVE-2013-2187
Published: 2014-04-22
Cross-site scripting (XSS) vulnerability in Apache Archiva 1.2 through 1.2.2 and 1.3 before 1.3.8 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to the home page.

CVE-2013-4116
Published: 2014-04-22
lib/npm.js in Node Packaged Modules (npm) before 1.3.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives.

CVE-2013-4472
Published: 2014-04-22
The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.

Best of the Web
Containing Corporate Data on Mobile Devices
Containing Corporate Data on Mobile Devices
If you’re still focused on securing endpoints, you’ve got your work cut out for you. WiFi network provider iPass surveyed 1,600 mobile workers and found that the average US employee carries three devices -- a smartphone, a computer, and a tablet or e-reader -- with more than 80% of them doing work on personal devices.
Video
Slideshows
Twitter Feed