All In For The Coming World of 'Things'
Flash Poll: CSOs Need A New Boss
Hacker Couture: As Seen At Black Hat USA, BSides, DEF CON
Debugging The Myths Of Heartbleed
Q&A: DEF CON At 22
News & Commentary
Online Tools For Bug Disclosure Abound
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
What's driving the bounty of software vulnerability disclosure offerings today from Bugcrowd, HackerOne, and Synack.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/26/2014
Comment0 comments  |  Read  |  Post a Comment
Sony, XBox Victims Of DDoS, Hacktivist Threats
Sara Peters, Senior Editor at Dark ReadingQuick Hits
Hacktivists from Anonymous and from a presumed Islamic extremist group targeted a variety of online gaming services.
By Sara Peters Senior Editor at Dark Reading, 8/26/2014
Comment0 comments  |  Read  |  Post a Comment
Top 5 Reasons Your Small Business Website is Under Attack
Chris Weltzien, CEO, 6Scan Commentary
There is no such thing as “too small to hack.” If a business has a website, hackers can exploit it.
By Chris Weltzien CEO, 6Scan , 8/26/2014
Comment10 comments  |  Read  |  Post a Comment
10 Ways To Strengthen Healthcare Security
Alison Diana, Senior Editor
As recent hacks show, keeping a healthcare organization safe from security threats takes planning, technical expertise, and business knowledge. Has your team taken these 10 steps?
By Alison Diana Senior Editor, 8/26/2014
Comment4 comments  |  Read  |  Post a Comment
27 Million South Koreans Victimized In Online Gaming Heist
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
16 suspects arrested in South Korea as authorities pursue additional suspects, including a Chinese hacker.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/25/2014
Comment6 comments  |  Read  |  Post a Comment
Breach of Homeland Security Background Checks Raises Red Flags
Sara Peters, Senior Editor at Dark ReadingNews
"We should be burning down the house over this," says a GRC expert.
By Sara Peters Senior Editor at Dark Reading, 8/25/2014
Comment11 comments  |  Read  |  Post a Comment
When Big Data & Infants' Privacy Collide
Alison Diana, Senior EditorCommentary
Technology allows researchers to discover newborns' genetic secrets, but the long-term repercussions worry some parents and privacy advocates.
By Alison Diana Senior Editor, 8/25/2014
Comment12 comments  |  Read  |  Post a Comment
All In For The Coming World of 'Things'
Don Bailey, Founder & CEO, Lab Mouse SecurityCommentary
At a Black Hat round table, experts discuss the strategies necessary to lock down the Internet of Things, the most game-changing concept in Internet history.
By Don Bailey Founder & CEO, Lab Mouse Security, 8/25/2014
Comment4 comments  |  Read  |  Post a Comment
Android Flaw Might Also Affect iOS, Windows
Thomas Claburn, Editor-at-LargeCommentary
Sandboxing flaw let researchers hijack Gmail 92% of the time, and could also affect iOS and Windows.
By Thomas Claburn Editor-at-Large, 8/23/2014
Comment17 comments  |  Read  |  Post a Comment
Healthcare Industry, Feds Talk Information Sharing
Brian Prince, Contributing Writer, Dark ReadingNews
Representatives from the healthcare industry as well as government discuss importance of threat intelligence-sharing in light of the Community Health Systems breach.
By Brian Prince Contributing Writer, Dark Reading, 8/22/2014
Comment0 comments  |  Read  |  Post a Comment
JP Morgan Targeted In New Phishing Campaign
Sara Peters, Senior Editor at Dark ReadingQuick Hits
Double-whammy 'Smash and Grab' hits targets with two ways to steal credentials.
By Sara Peters Senior Editor at Dark Reading, 8/22/2014
Comment4 comments  |  Read  |  Post a Comment
Flash Poll: CSOs Need A New Boss
Marilyn Cohodas, Community Editor, Dark ReadingCommentary
Only one out of four respondents to our flash poll think the CSO should report to the CIO.
By Marilyn Cohodas Community Editor, Dark Reading, 8/22/2014
Comment4 comments  |  Read  |  Post a Comment
Hacker Or Military? Best Of Both In Cyber Security
John B. Dickson, CISSP,  Principal, Denim GroupCommentary
How radically different approaches play out across the security industry.
By John B. Dickson CISSP, Principal, Denim Group, 8/21/2014
Comment6 comments  |  Read  |  Post a Comment
51 UPS Stores' Point-of-Sale Systems Breached
Sara Peters, Senior Editor at Dark ReadingNews
Customers will not receive individual breach notifications.
By Sara Peters Senior Editor at Dark Reading, 8/21/2014
Comment7 comments  |  Read  |  Post a Comment
Wanted: Cloud Brokers
Jonathan Feldman, CIO, City of Asheville, NCCommentary
Do you know the ins and outs of cloud software stacks and security? Got the finesse to break through cultural resistance? Then you may have found your next career.
By Jonathan Feldman CIO, City of Asheville, NC, 8/21/2014
Comment3 comments  |  Read  |  Post a Comment
Heartbleed Not Only Reason For Health Systems Breach
Sara Peters, Senior Editor at Dark ReadingNews
Community Health Systems' bad patching practices are nothing compared to its poor encryption, network monitoring, fraud detection, and data segmentation, experts say.
By Sara Peters Senior Editor at Dark Reading, 8/20/2014
Comment12 comments  |  Read  |  Post a Comment
Website Attack Attempts Via Vegas Rose During Black Hat, DEF CON
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
Data snapshot from Imperva shows major jump in malicious activity during security and hacker conferences in Sin City.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/20/2014
Comment4 comments  |  Read  |  Post a Comment
US, German Researchers Build Android Security Framework
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
The Android Security Modules (ASM) framework aims to streamline and spread security features, updates to Android devices.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/20/2014
Comment2 comments  |  Read  |  Post a Comment
US House Inspector General: IT Audit Activist
David F Carr, Editor, InformationWeek HealthcareCommentary
At the 2014 GRC Conference, House IG Theresa Grafenstine argues internal auditors must be more forward looking -- and explains why being exempt from regulations just makes her job harder.
By David F Carr Editor, InformationWeek Healthcare, 8/20/2014
Comment3 comments  |  Read  |  Post a Comment
4 Tips: Protect Government Data From Mobile Malware
Julie M. Anderson, Managing Director, Civitas GroupCommentary
Mobile malware continues to proliferate, particularly on Android devices. These four steps help counter the threat.
By Julie M. Anderson Managing Director, Civitas Group, 8/20/2014
Comment2 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Security Insights
3 Places to Enable 2-Factor Authentication Now
3 Places to Enable 2-Factor Authentication Now
Two-factor authentication is a ubiquitous, mature technology. Whether or not you use it for your network, here are three external services for which you should immediately enable it.
Comment1 comments
Read | Post a Comment
More Sophos Security Insights
PR Newswire
Heartbleed Not Only Reason For Health Systems Breach
Sara Peters, Senior Editor at Dark Reading,  8/20/2014
Breach of Homeland Security Background Checks Raises Red Flags
Sara Peters, Senior Editor at Dark Reading,  8/25/2014
Top 5 Reasons Your Small Business Website is Under Attack
Chris Weltzien, CEO, 6Scan ,  8/26/2014
Register for Dark Reading Newsletters
Dark Reading Radio
Archived Dark Reading Radio
Three interviews on critical embedded systems and security, recorded at Black Hat 2014 in Las Vegas.
Flash Poll
White Papers
Current Issue
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6335
Published: 2014-08-26
The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x before 6.2.5.3, 6.3.x before 6.3.2, 6.4.x before 6.4.2, and 7.1.x before 7.1.0.3 on Linux and AIX, and 5.x and 6.x before 6.1.5.6 on Solaris and HP-UX, does not preserve file permissions across backup and ...

CVE-2014-0480
Published: 2014-08-26
The core.urlresolvers.reverse function in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not properly validate URLs, which allows remote attackers to conduct phishing attacks via a // (slash slash) in a URL, which triggers a scheme-relative URL ...

CVE-2014-0481
Published: 2014-08-26
The default configuration for the file upload handling system in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 uses a sequential file name generation process when a file with a conflicting name is uploaded, which allows remote attackers to cause a d...

CVE-2014-0482
Published: 2014-08-26
The contrib.auth.middleware.RemoteUserMiddleware middleware in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3, when using the contrib.auth.backends.RemoteUserBackend backend, allows remote authenticated users to hijack web sessions via vectors relate...

CVE-2014-0483
Published: 2014-08-26
The administrative interface (contrib.admin) in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not check if a field represents a relationship between models, which allows remote authenticated users to obtain sensitive information via a to_field ...

Best of the Web
Threat Intel Today
Threat Intel Today
The 397 respondents to our new survey buy into using intel to stay ahead of attackers: 85% say threat intelligence plays some role in their IT security strategies, and many of them subscribe to two or more third-party feeds; 10% leverage five or more.
Video
Slideshows
Twitter Feed
Cartoon