Shellshocked: A Future Of 'Hair On Fire' Bugs
Dark Reading Radio: Trends In Application Security
The Truth About Ransomware: You're On Your Own
How SaaS Adoption Is Changing Cloud Security
7 Reasons To Love Passwords
News & Commentary
Be Aware: 8 Tips for Security Awareness Training
Sara Peters, Senior Editor at Dark Reading
Hint: One giant security training session to rule them all is not the way to go.
By Sara Peters Senior Editor at Dark Reading, 9/29/2014
Comment0 comments  |  Read  |  Post a Comment
Coordinated Attacks Call For More Sophisticated Cyber Defense
Henry Kenyon, Commentary
Agencies and industry are rethinking how they defend against coordinated attacks by teams of specialized hackers.
By Henry Kenyon , 9/29/2014
Comment0 comments  |  Read  |  Post a Comment
New Bash Bugs Surface
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Time to patch again: Newly discovered flaws in Bash put Linux-based systems at risk.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/29/2014
Comment0 comments  |  Read  |  Post a Comment
Making Sense Of Shellshock Attack Chaos
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Attacks against the Bash bug increase in volume and variety, with an emphasis on information gathering and botnet building.
By Ericka Chickowski Contributing Writer, Dark Reading, 9/29/2014
Comment2 comments  |  Read  |  Post a Comment
FDA Pushes To Improve Medical Device Security
Jai Vijayan, Freelance writerCommentary
Cyber attacks pose a grave threat to the integrity of healthcare services, agency says.
By Jai Vijayan Freelance writer, 9/29/2014
Comment0 comments  |  Read  |  Post a Comment
Can We Talk? Finding A Common Security Language
Jason Polancich, Founder & Chief Architect, SurfWatchLabsCommentary
How engineers can get beyond the crippling vocabulary and semantic barrier of infosec and actually communicate about cyber risk with bosses and business colleagues.
By Jason Polancich Founder & Chief Architect, SurfWatchLabs, 9/29/2014
Comment5 comments  |  Read  |  Post a Comment
Shellshock's Threat To Healthcare
Mac McMillan, CEO, CynergisTekCommentary
The Bash bug is everywhere, including in medical devices. The industry must be better prepared to protect itself and patients.
By Mac McMillan CEO, CynergisTek, 9/29/2014
Comment3 comments  |  Read  |  Post a Comment
When Layers On Layers Of Security Equals LOL Security
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Defense-in-depth is often poorly executed when architecture is not carefully considered.
By Ericka Chickowski Contributing Writer, Dark Reading, 9/29/2014
Comment3 comments  |  Read  |  Post a Comment
Apple: Majority Of Mac OS X Users Not At Risk To 'Shellshock'
Brian Prince, Contributing Writer, Dark ReadingNews
According to Apple, Mac OS X systems are not exposed to remote exploits of Bash unless users have certain UNIX services configured.
By Brian Prince Contributing Writer, Dark Reading, 9/26/2014
Comment5 comments  |  Read  |  Post a Comment
Breach Awareness Made Easy
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
What if companies had to disclose breach history in the same way food companies display nutritional information?
By Sara Peters Senior Editor at Dark Reading, 9/26/2014
Comment3 comments  |  Read  |  Post a Comment
Shellshocked: A Future Of ‘Hair On Fire’ Bugs
Paul Vixie, Chairman & CEO, Farsight Security, Inc.Commentary
Most computers affected by Bash will be updated within 10 years. The rest will be vulnerable for the lifespans of all humans now living. This should concern us. But then, global warming should also concern us.
By Paul Vixie Chairman & CEO, Farsight Security, Inc., 9/26/2014
Comment21 comments  |  Read  |  Post a Comment
Amazon Reboots Cloud Servers, Xen Bug Blamed
Charles Babcock, Editor At Large, InformationWeek Commentary
Amazon tells customers it has to patch and reboot 10% of its EC2 cloud servers before Oct. 1.
By Charles Babcock Editor At Large, InformationWeek , 9/26/2014
Comment4 comments  |  Read  |  Post a Comment
iOS In-App Browsing Poses Security Risk
Thomas Claburn, Editor-at-LargeCommentary
iOS developer warns that browser windows invoked within third-party apps allow information theft.
By Thomas Claburn Editor-at-Large, 9/26/2014
Comment1 Comment  |  Read  |  Post a Comment
Breached Retailers Harden PoS, For Now
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Yet another point-of-sale (POS) breach at a major retail chain, and the victim adds encryption.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/25/2014
Comment8 comments  |  Read  |  Post a Comment
Malvertising Could Rival Exploit Kits
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Spate of malvertising campaigns gain steam in recent months, including the Kyle and Stan network, which researchers now believe is nine times bigger than initially estimated.
By Ericka Chickowski Contributing Writer, Dark Reading, 9/25/2014
Comment2 comments  |  Read  |  Post a Comment
'Shellshock' Bash Bug Impacts Basically Everything, Exploits Appear In Wild
Sara Peters, Senior Editor at Dark ReadingNews
CGI-based web servers are the biggest target, but other web servers, hosting services, embedded systems, Mac OSX, and IoT endpoints are all at risk.
By Sara Peters Senior Editor at Dark Reading, 9/25/2014
Comment6 comments  |  Read  |  Post a Comment
'BERserk' Bug Uncovered In Mozilla NSS Crypto Library Impacts Firefox, Chrome
Brian Prince, Contributing Writer, Dark ReadingNews
Attackers can exploit the bug to create forged RSA certificates -- it affects versions of Firefox, Thunderbird, Chrome, and SeaMonkey.
By Brian Prince Contributing Writer, Dark Reading, 9/25/2014
Comment1 Comment  |  Read  |  Post a Comment
How SaaS Adoption Is Changing Cloud Security
Tal Klein, VP Strategy, AdallomCommentary
Sanctioning cloud-based services requires a new approach to security that "assumes breach" and accounts for the limitations of endpoint and perimeter defenses.
By Tal Klein VP Strategy, Adallom, 9/25/2014
Comment6 comments  |  Read  |  Post a Comment
Bash Bug May Be Worse Than Heartbleed
Sara Peters, Senior Editor at Dark ReadingNews
Linux, Unix, and Internet of Things devices affected by critical vulnerability.
By Sara Peters Senior Editor at Dark Reading, 9/24/2014
Comment10 comments  |  Read  |  Post a Comment
Jimmy John's Gourmet Sandwiches POS Systems Hacked
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
Sandwich chain is the latest data breach victim, with credit and debit card data breached in 216 of its restaurants.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/24/2014
Comment4 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Security Insights
3 Places to Enable 2-Factor Authentication Now
3 Places to Enable 2-Factor Authentication Now
Two-factor authentication is a ubiquitous, mature technology. Whether or not you use it for your network, here are three external services for which you should immediately enable it.
Comment1 comments
Read | Post a Comment
More Sophos Security Insights
PR Newswire
Shellshocked: A Future Of 'Hair On Fire' Bugs
Paul Vixie, Chairman & CEO, Farsight Security, Inc.,  9/26/2014
Bash Bug May Be Worse Than Heartbleed
Sara Peters, Senior Editor at Dark Reading,  9/24/2014
Breached Retailers Harden PoS, For Now
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/25/2014
Register for Dark Reading Newsletters
Dark Reading Radio
Archived Dark Reading Radio
In our next Dark Reading Radio broadcast, we’ll take a close look at some of the latest research and practices in application security.
Cartoon
White Papers
Current Issue
Dark Reading Must Reads - September 25, 2014
Dark Reading's new Must Reads is a compendium of our best recent coverage of identity and access management. Learn about access control in the age of HTML5, how to improve authentication, why Active Directory is dead, and more.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-5619
Published: 2014-09-29
The Sleuth Kit (TSK) 4.0.1 does not properly handle "." (dotfile) file system entries in FAT file systems and other file systems for which . is not a reserved name, which allows local users to hide activities it more difficult to conduct forensics activities, as demonstrated by Flame.

CVE-2012-5621
Published: 2014-09-29
lib/engine/components/opal/opal-call.cpp in ekiga before 4.0.0 allows remote attackers to cause a denial of service (crash) via an OPAL connection with a party name that contains invalid UTF-8 strings.

CVE-2012-6107
Published: 2014-09-29
Apache Axis2/C does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

CVE-2012-6110
Published: 2014-09-29
bcron-exec in bcron before 0.10 does not close file descriptors associated with temporary files when running a cron job, which allows local users to modify job files and send spam messages by accessing an open file descriptor.

CVE-2013-1874
Published: 2014-09-29
Untrusted search path vulnerability in csi in Chicken before 4.8.2 allows local users to execute arbitrary code via a Trojan horse .csirc in the current working directory.

Best of the Web
10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Flash Poll
Video
Slideshows
Twitter Feed