Database Security
Authentication
Privacy
Compliance
Careers & People
Identity & Access Management
Threat Intelligence
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Venture Capital: The Lifeblood Behind Security Innovation
Intelligence-Sharing Suffers Growing Pains
Android Heartbleed Alert: 150 Million Apps Still Vulnerable
Workplace Data Privacy Vs. Security: The New Balance
Michaels Data Breach Response: 7 Facts
News & Commentary
Employees Slacking on Security of Their Mobile Devices
Kelly Jackson Higgins, Senior Editor, Dark ReadingQuick Hits
A survey says that 15% say they had a password compromised.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 4/24/2014
Comment0 comments  |  Read  |  Post a Comment
FBI Informant Sabu Tied To Foreign Attacks
Mathew J. Schwartz, News
Report triggers questions about FBI's apparent use of a zero-day vulnerability, and whether campaign was designed to amass intelligence on foreign targets.
By Mathew J. Schwartz , 4/24/2014
Comment2 comments  |  Read  |  Post a Comment
Venture Capital: The Lifeblood Behind Security Innovation
Tim Wilson, Editor in Chief, Dark ReadingNews
Want to know where the next generation of IT security innovation and technology is coming from? Follow the money.
By Tim Wilson Editor in Chief, Dark Reading, 4/24/2014
Comment7 comments  |  Read  |  Post a Comment
Report: Some Retail Firms Still Don't Recognize Cyber Security Risks
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
Nearly 10 percent of retail firms have not reported any cyber security exposure to the SEC since 2011, Willis Group says.
By Tim Wilson Editor in Chief, Dark Reading, 4/24/2014
Comment2 comments  |  Read  |  Post a Comment
How To Detect Heartbleed Mutations
Chris Chapman, Senior Methodologist, Spirent CommunicationsCommentary
The nightmare of Heartbleed is not the chaos of fixing the bug. It's identifying hundreds, possibly thousands, of small mutations still hiding in the network.
By Chris Chapman Senior Methodologist, Spirent Communications, 4/24/2014
Comment1 Comment  |  Read  |  Post a Comment
Intelligence-Sharing Suffers Growing Pains
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
For most organizations, intelligence-sharing remains mainly ad-hoc and informal -- and thus fraught with frustration and pitfalls, new report from Ponemon finds.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 4/23/2014
Comment3 comments  |  Read  |  Post a Comment
Android Heartbleed Alert: 150 Million Apps Still Vulnerable
Mathew J. Schwartz, News
Android developers are starting to patch OpenSSL flaws. Meanwhile, Apple ships an SSL fix for iOS and OS X.
By Mathew J. Schwartz , 4/23/2014
Comment3 comments  |  Read  |  Post a Comment
Workplace Data Privacy Vs. Security: The New Balance
David Melnick, Founder & CEO, WebLife BalanceCommentary
Is it time to rethink the traditional lock-down approach to employee use of corporate networks at work?
By David Melnick Founder & CEO, WebLife Balance, 4/23/2014
Comment10 comments  |  Read  |  Post a Comment
Michaels Data Breach Response: 7 Facts
Mathew J. Schwartz, News
Could the retailer have done more to spot the eight-month intrusion in the first place?
By Mathew J. Schwartz , 4/22/2014
Comment4 comments  |  Read  |  Post a Comment
Bots Attack US Mainly During Dinnertime
Kelly Jackson Higgins, Senior Editor, Dark ReadingQuick Hits
Most bot-infected machines hail from the US and wage attacks there between 6 and 9 p.m. Eastern Time, new report finds.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 4/22/2014
Comment8 comments  |  Read  |  Post a Comment
7 Tips To Improve 'Signal-to-Noise' In The SOC
Joshua Goldfarb, CSO, nPulse TechnologiesCommentary
When security analysts are desensitized to alerts because of sheer volume, they miss the true positives that can prevent a large-scale data breach. Here's how to up your game.
By Joshua Goldfarb CSO, nPulse Technologies, 4/22/2014
Comment4 comments  |  Read  |  Post a Comment
Free Scanning Tool Promises To Find Heartbleed On Any Device
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
CrowdStrike says tool identifies the flaw on web servers, VPNs, servers, routers, printers, and phones.
By Tim Wilson Editor in Chief, Dark Reading, 4/22/2014
Comment5 comments  |  Read  |  Post a Comment
Stolen Passwords Used In Most Data Breaches
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
New Verizon 2014 Data Breach Investigations Report identifies nine types of attack patterns that accounted for 93 percent of security incidents in the past decade.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 4/22/2014
Comment11 comments  |  Read  |  Post a Comment
FAQ: Understanding The True Price of Encryption
Sol Cates, CSO, VormetricCommentary
In the wake of recent events like Heartbleed, the search for cost-effective, easy, and scalable encryption solutions has never been more important.
By Sol Cates CSO, Vormetric, 4/21/2014
Comment5 comments  |  Read  |  Post a Comment
Heartbleed Attack Targeted Enterprise VPN
Mathew J. Schwartz, News
Attack spotted using the OpenSSL Heartbleed bug to steal session tokens and bypass two-factor authentication.
By Mathew J. Schwartz , 4/21/2014
Comment2 comments  |  Read  |  Post a Comment
Michaels Retail Chain Reveals Details Of Breach: Nearly 3M Affected
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
Attack on point-of-sale systems went on for more than six months, officials say.
By Tim Wilson Editor in Chief, Dark Reading, 4/18/2014
Comment4 comments  |  Read  |  Post a Comment
Poll: Dark Reading Community Acts On Heartbleed
Marilyn Cohodas, Community Editor, Dark ReadingCommentary
Roughly 60 percent of respondents to our flash poll have installed the Heartbeat fix or are in the process of doing so.
By Marilyn Cohodas Community Editor, Dark Reading, 4/18/2014
Comment2 comments  |  Read  |  Post a Comment
Heartbleed: A Password Manager Reality Check
Mathew J. Schwartz, News
Is a password manager an effective defense against vulnerabilities like Heartbleed, or just another way to lose data to hackers?
By Mathew J. Schwartz , 4/18/2014
Comment13 comments  |  Read  |  Post a Comment
Phishers Recruit Home PCs
Brian Prince, Contributing Writer, Dark ReadingNews
Residential broadband machines spotted hosting phishing attacks.
By Brian Prince Contributing Writer, Dark Reading, 4/18/2014
Comment5 comments  |  Read  |  Post a Comment
SQL Injection Cleanup Takes Two Months or More
Kelly Jackson Higgins, Senior Editor, Dark ReadingQuick Hits
A new report highlights the prevalence and persistence of SQL injection attacks.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 4/17/2014
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Security Insights
Preying On A Predator
Preying On A Predator
Mac OS X Snow Leopard is perfectly positioned to be the next target for cybercriminals.
Comment0 comments
Read | Post a Comment
More Sophos Security Insights
Products & Releases
Authentic8 Enhances Silo for Heartbleed
SecureAuth IdP Qualifies For Microsoft Office 365 Qualification
NIST Removes Cryptography Algorithm from Random Number Generator Recommendations
Black Lotus Threat Report Predicts New DrDoS Attacks in Excess of 800 Gbps in 2015
Cloud Control: Launch of Entrust IdentityGuard Cloud Services Simplifies Certificate Management, Credentialing
Verizon Expands Cloud Solutions, With Secure Cloud Interconnect
Mocana Calls Heartbleed a “Wake-Up Call” for Makers of Smart Connected Devices
HID Global Security Survey and Infographic Reveal Attitudes about Best Practices for Physical Access Control
More Products & Releases
PR Newswire
Heartbleed: A Password Manager Reality Check
Mathew J. Schwartz 4/18/2014
Stolen Passwords Used In Most Data Breaches
Kelly Jackson Higgins, Senior Editor, Dark Reading,  4/22/2014
Workplace Data Privacy Vs. Security: The New Balance
David Melnick, Founder & CEO, WebLife Balance,  4/23/2014
Register for Dark Reading Newsletters
Cartoon
White Papers
Current Issue
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-3946
Published: 2014-04-24
Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the packets, aka Bug ID CSCty73682.

CVE-2012-5723
Published: 2014-04-24
Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948.

CVE-2013-6738
Published: 2014-04-24
Cross-site scripting (XSS) vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before 1.2.0.0-CSI-SCALA-IF0003 allows remote attackers to inject arbitrary web script or HTML via an invalid query parameter in a response from an OAuth authorization endpoint.

CVE-2014-0188
Published: 2014-04-24
The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to...

CVE-2014-2391
Published: 2014-04-24
The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potent...

Best of the Web
Containing Corporate Data on Mobile Devices
Containing Corporate Data on Mobile Devices
If you’re still focused on securing endpoints, you’ve got your work cut out for you. WiFi network provider iPass surveyed 1,600 mobile workers and found that the average US employee carries three devices -- a smartphone, a computer, and a tablet or e-reader -- with more than 80% of them doing work on personal devices.
Video
Slideshows
Twitter Feed