Hacker Couture: As Seen At Black Hat USA, BSides, DEF CON
Traffic To Hosting Companies Hijacked In Crypto Currency Heist
Infographic: 70 Percent of World's Critical Utilities Breached
Tech Insight: Hacking The Nest Thermostat
Cloud Apps & Security: When Sharing Matters
News & Commentary
Q&A: DEF CON At 22
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
DEF CON founder Jeff Moss, a.k.a. The Dark Tangent, reflects on DEF CON's evolution, the NSA fallout, and wider security awareness.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/19/2014
Comment0 comments  |  Read  |  Post a Comment
Nuclear Regulatory Commission Compromised 3 Times In Past 3 Years
Sara Peters, Senior Editor at Dark ReadingQuick Hits
Unnamed actors try to swipe privileged credentials.
By Sara Peters Senior Editor at Dark Reading, 8/19/2014
Comment3 comments  |  Read  |  Post a Comment
Cybersecurity: How Involved Should Boards Of Directors Be?
David F Carr, Editor, InformationWeek HealthcareCommentary
Security audit groups ISACA and IIA weigh in on what role the board of directors should play in an enterprise's cybersecurity strategies.
By David F Carr Editor, InformationWeek Healthcare, 8/19/2014
Comment7 comments  |  Read  |  Post a Comment
Access Point Pinched From Black Hat Show WLAN
Kelly Jackson Higgins, Executive Editor at Dark ReadingCommentary
A few apparent pranks, practice DDoS attacks, and other mischievous activities were spotted on the Black Hat USA wireless network in Las Vegas this month.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/19/2014
Comment2 comments  |  Read  |  Post a Comment
Why John McAfee Is Paranoid About Mobile
Peter Zavlaris, Analyst, RiskIQCommentary
Mobile apps are posing expanding risks to both enterprises and their customers. But maybe being paranoid about mobile is actually healthy for security.
By Peter Zavlaris Analyst, RiskIQ, 8/19/2014
Comment5 comments  |  Read  |  Post a Comment
Community Health Systems Breach Atypical For Chinese Hackers
Sara Peters, Senior Editor at Dark ReadingNews
Publicly traded healthcare organization's stock goes up as breach notifications go out.
By Sara Peters Senior Editor at Dark Reading, 8/18/2014
Comment8 comments  |  Read  |  Post a Comment
Pakistan The Latest Cyberspying Nation
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
A look at Operation Arachnophobia, a suspected cyber espionage campaign against India.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/18/2014
Comment2 comments  |  Read  |  Post a Comment
Hacker Couture: As Seen At Black Hat USA, BSides, DEF CON
Kelly Jackson Higgins, Executive Editor at Dark Reading
'Leet tattoos, piercings, mega-beards, (the real) John McAfee, and even a cute puppy were among the colorful sights in Las Vegas this month.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/18/2014
Comment10 comments  |  Read  |  Post a Comment
Chinese Hackers Hit Community Health System
Alison Diana, Senior EditorCommentary
Hackers who broke into network hospital group Community Health Systems stole non-medical customer data including credit cards, says new report.
By Alison Diana Senior Editor, 8/18/2014
Comment5 comments  |  Read  |  Post a Comment
Cloud Apps & Security: When Sharing Matters
Krishna Narayanaswamy, Founder & Chief Scientist, NetskopeCommentary
Sharing documents and data is happening all over the cloud today but not all sharing activity carries equal risk.
By Krishna Narayanaswamy Founder & Chief Scientist, Netskope, 8/18/2014
Comment5 comments  |  Read  |  Post a Comment
Identity And Access Management Market Heats Up
Brian Prince, Contributing Writer, Dark ReadingNews
The past few weeks have seen a number of acquisitions and investments surrounding cloud and on-premises IAM vendors.
By Brian Prince Contributing Writer, Dark Reading, 8/15/2014
Comment2 comments  |  Read  |  Post a Comment
SuperValu Food Stores Reports Network Intrusion
Sara Peters, Senior Editor at Dark ReadingQuick Hits
The company is investigating whether data was breached, but it is already offering customers identity theft protection.
By Sara Peters Senior Editor at Dark Reading, 8/15/2014
Comment8 comments  |  Read  |  Post a Comment
Infographic: 70 Percent of World's Critical Utilities Breached
Mark L. Cohn, Chief Technology Officer, Unisys Federal SystemsCommentary
New research from Unisys and Ponemon Institute finds alarming security gaps in worldwide ICS and SCADA systems within the last 12 months.
By Mark L. Cohn Chief Technology Officer, Unisys Federal Systems, 8/15/2014
Comment5 comments  |  Read  |  Post a Comment
Test Drive: GFI LanGuard 2014
John H. Sawyer, Contributing Writer, Dark ReadingCommentary
LanGuard worked well in the lab and may prove more beneficial to IT operations than security teams.
By John H. Sawyer Contributing Writer, Dark Reading, 8/15/2014
Comment1 Comment  |  Read  |  Post a Comment
Traffic To Hosting Companies Hijacked In Crypto Currency Heist
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Attacker likely a current or former ISP employee, researchers say.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/14/2014
Comment2 comments  |  Read  |  Post a Comment
Stuxnet Exploits Still Alive & Well
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
Exploits continue abusing a four-year-old bug used in the Stuxnet attack, Kaspersky Lab says.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/14/2014
Comment3 comments  |  Read  |  Post a Comment
Why Patching Makes My Heart Bleed
John Rostern, CRISC, QSA, VP Technology Audit & Advisory Services, CoalfireCommentary
Heartbleed was a simple mistake that was allowed to propagate through "business as usual" patching cycles and change management. It could easily happen again.
By John Rostern CRISC, QSA, VP Technology Audit & Advisory Services, Coalfire, 8/14/2014
Comment2 comments  |  Read  |  Post a Comment
Tech Insight: Hacking The Nest Thermostat
John H. Sawyer, Contributing Writer, Dark ReadingNews
Researchers at Black Hat USA demonstrated how they were able to compromise a popular smart thermostat.
By John H. Sawyer Contributing Writer, Dark Reading, 8/14/2014
Comment5 comments  |  Read  |  Post a Comment
Cyberspies Target Chinese Ethnic Group
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
Academic researchers study phishing emails targeting the World Uyghur Congress (WUC), which represents the Uyghur ethnic group residing in China and in exile.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/13/2014
Comment0 comments  |  Read  |  Post a Comment
Internet Of Things Security Reaches Tipping Point
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Public safety issues bubble to the top in security flaw revelations.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/13/2014
Comment11 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by Kelly Jackson Higgins
Current Conversations Digging his (literal) leet tat.
In reply to: Re: Love Tod's tattoo
Post Your Own Reply
More Conversations
Security Insights
3 Places to Enable 2-Factor Authentication Now
3 Places to Enable 2-Factor Authentication Now
Two-factor authentication is a ubiquitous, mature technology. Whether or not you use it for your network, here are three external services for which you should immediately enable it.
Comment1 comments
Read | Post a Comment
More Sophos Security Insights
PR Newswire
Time To Broaden CompSci Curriculum Beyond STEM
Lysa Myers, Security Researcher, ESET,  8/13/2014
Internet Of Things Security Reaches Tipping Point
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/13/2014
Hacker Couture: As Seen At Black Hat USA, BSides, DEF CON
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/18/2014
Register for Dark Reading Newsletters
Dark Reading Radio
Archived Dark Reading Radio
Dark Reading continuing coverage of the Black Hat 2014 conference brings interviews and commentary to Dark Reading listeners.
Cartoon
White Papers
Current Issue
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3341
Published: 2014-08-19
The SNMP module in Cisco NX-OS 7.0(3)N1(1) and earlier on Nexus 5000 and 6000 devices provides different error messages for invalid requests depending on whether the VLAN ID exists, which allows remote attackers to enumerate VLANs via a series of requests, aka Bug ID CSCup85616.

CVE-2014-3464
Published: 2014-08-19
The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) 6.2.0 and 6.3.0, does not properly enforce the method level restrictions for outbound messages, which allows remote authenticated users to access otherwise restricted JAX-WS handlers ...

CVE-2014-3472
Published: 2014-08-19
The isCallerInRole function in SimpleSecurityManager in JBoss Application Server (AS) 7, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.3.0, does not properly check caller roles, which allows remote authenticated users to bypass access restrictions via unspecified vectors.

CVE-2014-3490
Published: 2014-08-19
RESTEasy 2.3.1 before 2.3.8.SP2 and 3.x before 3.0.9, as used in Red Hat JBoss Enterprise Application Platform (EAP) 6.3.0, does not disable external entities when the resteasy.document.expand.entity.references parameter is set to false, which allows remote attackers to read arbitrary files and have...

CVE-2014-3504
Published: 2014-08-19
The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_ssl_cert_certificate functions in Serf 0.2.0 through 1.3.x before 1.3.7 does not properly handle a NUL byte in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers...

Best of the Web
Threat Intel Today
Threat Intel Today
The 397 respondents to our new survey buy into using intel to stay ahead of attackers: 85% say threat intelligence plays some role in their IT security strategies, and many of them subscribe to two or more third-party feeds; 10% leverage five or more.
Video
Slideshows
Twitter Feed
Flash Poll