Database Security
Authentication
Privacy
Compliance
Careers & People
Identity & Access Management
Threat Intelligence
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Stolen Passwords Used In Most Data Breaches
FAQ: Understanding The True Price of Encryption
Heartbleed Attack Targeted Enterprise VPN
Cartoon: E2c$y5tion
Heartbleed: A Password Manager Reality Check
News & Commentary
Intelligence-Sharing Suffers Growing Pains
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
For most organizations, intelligence-sharing remains mainly ad-hoc and informal -- and thus fraught with frustration and pitfalls, new report from Ponemon finds.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 4/23/2014
Comment0 comments  |  Read  |  Post a Comment
Android Heartbleed Alert: 150 Million Apps Still Vulnerable
Mathew J. Schwartz, News
Android developers are starting to patch OpenSSL flaws. Meanwhile, Apple ships an SSL fix for iOS and OS X.
By Mathew J. Schwartz , 4/23/2014
Comment1 Comment  |  Read  |  Post a Comment
Workplace Data Privacy Vs. Security: The New Balance
David Melnick, Founder & CEO, WebLife BalanceCommentary
Is it time to rethink the traditional lock-down approach to employee use of corporate networks at work?
By David Melnick Founder & CEO, WebLife Balance, 4/23/2014
Comment6 comments  |  Read  |  Post a Comment
Michaels Data Breach Response: 7 Facts
Mathew J. Schwartz, News
Could the retailer have done more to spot the eight-month intrusion in the first place?
By Mathew J. Schwartz , 4/22/2014
Comment4 comments  |  Read  |  Post a Comment
Bots Attack US Mainly During Dinnertime
Kelly Jackson Higgins, Senior Editor, Dark ReadingQuick Hits
Most bot-infected machines hail from the US and wage attacks there between 6 and 9 p.m. Eastern Time, new report finds.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 4/22/2014
Comment8 comments  |  Read  |  Post a Comment
7 Tips To Improve 'Signal-to-Noise' In The SOC
Joshua Goldfarb, CSO, nPulse TechnologiesCommentary
When security analysts are desensitized to alerts because of sheer volume, they miss the true positives that can prevent a large-scale data breach. Here's how to up your game.
By Joshua Goldfarb CSO, nPulse Technologies, 4/22/2014
Comment4 comments  |  Read  |  Post a Comment
Free Scanning Tool Promises To Find Heartbleed On Any Device
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
CrowdStrike says tool identifies the flaw on web servers, VPNs, servers, routers, printers, and phones.
By Tim Wilson Editor in Chief, Dark Reading, 4/22/2014
Comment5 comments  |  Read  |  Post a Comment
Stolen Passwords Used In Most Data Breaches
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
New Verizon 2014 Data Breach Investigations Report identifies nine types of attack patterns that accounted for 93 percent of security incidents in the past decade.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 4/22/2014
Comment10 comments  |  Read  |  Post a Comment
FAQ: Understanding The True Price of Encryption
Sol Cates, CSO, VormetricCommentary
In the wake of recent events like Heartbleed, the search for cost-effective, easy, and scalable encryption solutions has never been more important.
By Sol Cates CSO, Vormetric, 4/21/2014
Comment5 comments  |  Read  |  Post a Comment
Heartbleed Attack Targeted Enterprise VPN
Mathew J. Schwartz, News
Attack spotted using the OpenSSL Heartbleed bug to steal session tokens and bypass two-factor authentication.
By Mathew J. Schwartz , 4/21/2014
Comment2 comments  |  Read  |  Post a Comment
Michaels Retail Chain Reveals Details Of Breach: Nearly 3M Affected
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
Attack on point-of-sale systems went on for more than six months, officials say.
By Tim Wilson Editor in Chief, Dark Reading, 4/18/2014
Comment4 comments  |  Read  |  Post a Comment
Poll: Dark Reading Community Acts On Heartbleed
Marilyn Cohodas, Community Editor, Dark ReadingCommentary
Roughly 60 percent of respondents to our flash poll have installed the Heartbeat fix or are in the process of doing so.
By Marilyn Cohodas Community Editor, Dark Reading, 4/18/2014
Comment2 comments  |  Read  |  Post a Comment
Heartbleed: A Password Manager Reality Check
Mathew J. Schwartz, News
Is a password manager an effective defense against vulnerabilities like Heartbleed, or just another way to lose data to hackers?
By Mathew J. Schwartz , 4/18/2014
Comment13 comments  |  Read  |  Post a Comment
Phishers Recruit Home PCs
Brian Prince, Contributing Writer, Dark ReadingNews
Residential broadband machines spotted hosting phishing attacks.
By Brian Prince Contributing Writer, Dark Reading, 4/18/2014
Comment5 comments  |  Read  |  Post a Comment
SQL Injection Cleanup Takes Two Months or More
Kelly Jackson Higgins, Senior Editor, Dark ReadingQuick Hits
A new report highlights the prevalence and persistence of SQL injection attacks.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 4/17/2014
Comment1 Comment  |  Read  |  Post a Comment
Satellite Communications Wide Open To Hackers
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
Satellite terminals widely used in transportation, military, and industrial plants contain backdoors, hardcoded credentials, weak encryption algorithms, and other design flaws, a new report says.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 4/17/2014
Comment3 comments  |  Read  |  Post a Comment
11 Heartbleed Facts: Vulnerability Discovery, Mitigation Continue
Mathew J. Schwartz, News
Millions of websites, applications from Cisco and VMware, Google Play apps, as well as millions of Android devices are vulnerable -- and the list keeps growing.
By Mathew J. Schwartz , 4/17/2014
Comment2 comments  |  Read  |  Post a Comment
Microsoft Delays Enterprise Windows 8.1 Support Doomsday
Mathew J. Schwartz, News
Responding to criticism, Microsoft gives businesses until August to adopt Windows 8.1 Update and continue receiving security updates. Consumers still face May 13 deadline.
By Mathew J. Schwartz , 4/17/2014
Comment1 Comment  |  Read  |  Post a Comment
How A Little Obscurity Can Bolster Security
Corey Nachreiner, Director, Security Strategy & Research, WatchGuard TechnologiesCommentary
Most security professionals deride the idea of "security by obscurity." Is it time to re-evaluate the conventional wisdom?
By Corey Nachreiner Director, Security Strategy & Research, WatchGuard Technologies, 4/17/2014
Comment18 comments  |  Read  |  Post a Comment
Did A Faulty Memory Feature Lead To Heartbleed?
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
Debate arises over an older memory allocation feature in OpenSSL, and the OpenBSD community starts to tear down and revise the crypto software for its own use.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 4/16/2014
Comment5 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Security Insights
Preying On A Predator
Preying On A Predator
Mac OS X Snow Leopard is perfectly positioned to be the next target for cybercriminals.
Comment0 comments
Read | Post a Comment
More Sophos Security Insights
Products & Releases
SecureAuth IdP Qualifies For Microsoft Office 365 Qualification
NIST Removes Cryptography Algorithm from Random Number Generator Recommendations
Black Lotus Threat Report Predicts New DrDoS Attacks in Excess of 800 Gbps in 2015
Cloud Control: Launch of Entrust IdentityGuard Cloud Services Simplifies Certificate Management, Credentialing
Verizon Expands Cloud Solutions, With Secure Cloud Interconnect
Mocana Calls Heartbleed a “Wake-Up Call” for Makers of Smart Connected Devices
HID Global Security Survey and Infographic Reveal Attitudes about Best Practices for Physical Access Control
Cisco Launches Managed Threat Defense Service
More Products & Releases
PR Newswire
How A Little Obscurity Can Bolster Security
Corey Nachreiner, Director, Security Strategy & Research, WatchGuard Technologies,  4/17/2014
Heartbleed: A Password Manager Reality Check
Mathew J. Schwartz 4/18/2014
Stolen Passwords Used In Most Data Breaches
Kelly Jackson Higgins, Senior Editor, Dark Reading,  4/22/2014
Register for Dark Reading Newsletters
Cartoon
White Papers
Current Issue
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-0360
Published: 2014-04-23
Memory leak in Cisco IOS before 15.1(1)SY, when IKEv2 debugging is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCtn22376.

CVE-2012-1317
Published: 2014-04-23
The multicast implementation in Cisco IOS before 15.1(1)SY allows remote attackers to cause a denial of service (Route Processor crash) by sending packets at a high rate, aka Bug ID CSCts37717.

CVE-2012-1366
Published: 2014-04-23
Cisco IOS before 15.1(1)SY on ASR 1000 devices, when Multicast Listener Discovery (MLD) tracking is enabled for IPv6, allows remote attackers to cause a denial of service (device reload) via crafted MLD packets, aka Bug ID CSCtz28544.

CVE-2012-3062
Published: 2014-04-23
Cisco IOS before 15.1(1)SY, when Multicast Listener Discovery (MLD) snooping is enabled, allows remote attackers to cause a denial of service (CPU consumption or device crash) via MLD packets on a network that contains many IPv6 hosts, aka Bug ID CSCtr88193.

CVE-2012-3918
Published: 2014-04-23
Cisco IOS before 15.3(1)T on Cisco 2900 devices, when a VWIC2-2MFT-T1/E1 card is configured for TDM/HDLC mode, allows remote attackers to cause a denial of service (serial-interface outage) via certain Frame Relay traffic, aka Bug ID CSCub13317.

Best of the Web
Containing Corporate Data on Mobile Devices
Containing Corporate Data on Mobile Devices
If you’re still focused on securing endpoints, you’ve got your work cut out for you. WiFi network provider iPass surveyed 1,600 mobile workers and found that the average US employee carries three devices -- a smartphone, a computer, and a tablet or e-reader -- with more than 80% of them doing work on personal devices.
Video
Slideshows
Twitter Feed