Hacker Couture: As Seen At Black Hat USA, BSides, DEF CON
Heartbleed Not Only Reason For Health Systems Breach
Debugging The Myths Of Heartbleed
Q&A: DEF CON At 22
Traffic To Hosting Companies Hijacked In Crypto Currency Heist
News & Commentary
Hacker Or Military? Best Of Both In Cyber Security
John B. Dickson, CISSP,  Principal, Denim GroupCommentary
How radically different approaches play out across the security industry.
By John B. Dickson CISSP, Principal, Denim Group, 8/21/2014
Comment4 comments  |  Read  |  Post a Comment
51 UPS Stores' Point-of-Sale Systems Breached
Sara Peters, Senior Editor at Dark ReadingNews
Customers will not receive individual breach notifications.
By Sara Peters Senior Editor at Dark Reading, 8/21/2014
Comment5 comments  |  Read  |  Post a Comment
Wanted: Cloud Brokers
Jonathan Feldman, CIO, City of Asheville, NCCommentary
Do you know the ins and outs of cloud software stacks and security? Got the finesse to break through cultural resistance? Then you may have found your next career.
By Jonathan Feldman CIO, City of Asheville, NC, 8/21/2014
Comment3 comments  |  Read  |  Post a Comment
Heartbleed Not Only Reason For Health Systems Breach
Sara Peters, Senior Editor at Dark ReadingNews
Community Health Systems' bad patching practices are nothing compared to its poor encryption, network monitoring, fraud detection, and data segmentation, experts say.
By Sara Peters Senior Editor at Dark Reading, 8/20/2014
Comment7 comments  |  Read  |  Post a Comment
Website Attack Attempts Via Vegas Rose During Black Hat, DEF CON
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
Data snapshot from Imperva shows major jump in malicious activity during security and hacker conferences in Sin City.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/20/2014
Comment2 comments  |  Read  |  Post a Comment
US, German Researchers Build Android Security Framework
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
The Android Security Modules (ASM) framework aims to streamline and spread security features, updates to Android devices.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/20/2014
Comment1 Comment  |  Read  |  Post a Comment
US House Inspector General: IT Audit Activist
David F Carr, Editor, InformationWeek HealthcareCommentary
At the 2014 GRC Conference, House IG Theresa Grafenstine argues internal auditors must be more forward looking -- and explains why being exempt from regulations just makes her job harder.
By David F Carr Editor, InformationWeek Healthcare, 8/20/2014
Comment2 comments  |  Read  |  Post a Comment
4 Tips: Protect Government Data From Mobile Malware
Julie M. Anderson, Managing Director, Civitas GroupCommentary
Mobile malware continues to proliferate, particularly on Android devices. These four steps help counter the threat.
By Julie M. Anderson Managing Director, Civitas Group, 8/20/2014
Comment2 comments  |  Read  |  Post a Comment
Debugging The Myths Of Heartbleed
Steve Riley, Technical Leader, Office of the CTO, Riverbed TechnologyCommentary
Does Heartbleed really wreak havoc without a trace? The media and many technical sites seemed convinced of this, but some of us were skeptical.
By Steve Riley Technical Leader, Office of the CTO, Riverbed Technology, 8/20/2014
Comment3 comments  |  Read  |  Post a Comment
Q&A: DEF CON At 22
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
DEF CON founder Jeff Moss, a.k.a. The Dark Tangent, reflects on DEF CON's evolution, the NSA fallout, and wider security awareness.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/19/2014
Comment2 comments  |  Read  |  Post a Comment
Nuclear Regulatory Commission Compromised 3 Times In Past 3 Years
Sara Peters, Senior Editor at Dark ReadingQuick Hits
Unnamed actors try to swipe privileged credentials.
By Sara Peters Senior Editor at Dark Reading, 8/19/2014
Comment4 comments  |  Read  |  Post a Comment
Cybersecurity: How Involved Should Boards Of Directors Be?
David F Carr, Editor, InformationWeek HealthcareCommentary
Security audit groups ISACA and IIA weigh in on what role the board of directors should play in an enterprise's cybersecurity strategies.
By David F Carr Editor, InformationWeek Healthcare, 8/19/2014
Comment7 comments  |  Read  |  Post a Comment
Access Point Pinched From Black Hat Show WLAN
Kelly Jackson Higgins, Executive Editor at Dark ReadingCommentary
A few apparent pranks, practice DDoS attacks, and other mischievous activities were spotted on the Black Hat USA wireless network in Las Vegas this month.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/19/2014
Comment2 comments  |  Read  |  Post a Comment
Why John McAfee Is Paranoid About Mobile
Peter Zavlaris, Analyst, RiskIQCommentary
Mobile apps are posing expanding risks to both enterprises and their customers. But maybe being paranoid about mobile is actually healthy for security.
By Peter Zavlaris Analyst, RiskIQ, 8/19/2014
Comment11 comments  |  Read  |  Post a Comment
Community Health Systems Breach Atypical For Chinese Hackers
Sara Peters, Senior Editor at Dark ReadingNews
Publicly traded healthcare organization's stock goes up as breach notifications go out.
By Sara Peters Senior Editor at Dark Reading, 8/18/2014
Comment8 comments  |  Read  |  Post a Comment
Pakistan The Latest Cyberspying Nation
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
A look at Operation Arachnophobia, a suspected cyber espionage campaign against India.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/18/2014
Comment3 comments  |  Read  |  Post a Comment
Hacker Couture: As Seen At Black Hat USA, BSides, DEF CON
Kelly Jackson Higgins, Executive Editor at Dark Reading
'Leet tattoos, piercings, mega-beards, (the real) John McAfee, and even a cute puppy were among the colorful sights in Las Vegas this month.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/18/2014
Comment10 comments  |  Read  |  Post a Comment
Chinese Hackers Hit Community Health System
Alison Diana, Senior EditorCommentary
Hackers who broke into network hospital group Community Health Systems stole non-medical customer data including credit cards, says new report.
By Alison Diana Senior Editor, 8/18/2014
Comment5 comments  |  Read  |  Post a Comment
Cloud Apps & Security: When Sharing Matters
Krishna Narayanaswamy, Founder & Chief Scientist, NetskopeCommentary
Sharing documents and data is happening all over the cloud today but not all sharing activity carries equal risk.
By Krishna Narayanaswamy Founder & Chief Scientist, Netskope, 8/18/2014
Comment5 comments  |  Read  |  Post a Comment
Identity And Access Management Market Heats Up
Brian Prince, Contributing Writer, Dark ReadingNews
The past few weeks have seen a number of acquisitions and investments surrounding cloud and on-premises IAM vendors.
By Brian Prince Contributing Writer, Dark Reading, 8/15/2014
Comment2 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Security Insights
3 Places to Enable 2-Factor Authentication Now
3 Places to Enable 2-Factor Authentication Now
Two-factor authentication is a ubiquitous, mature technology. Whether or not you use it for your network, here are three external services for which you should immediately enable it.
Comment1 comments
Read | Post a Comment
More Sophos Security Insights
PR Newswire
Hello. We were unable to find the address you requested. You may search for the content you are seeking using our search form or email technical support with any questions.
Why John McAfee Is Paranoid About Mobile
Peter Zavlaris, Analyst, RiskIQ,  8/19/2014
Hacker Couture: As Seen At Black Hat USA, BSides, DEF CON
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/18/2014
Infographic: 70 Percent of World's Critical Utilities Breached
Mark L. Cohn, Chief Technology Officer, Unisys Federal Systems,  8/15/2014
Register for Dark Reading Newsletters
Dark Reading Radio
Archived Dark Reading Radio
Three interviews on critical embedded systems and security, recorded at Black Hat 2014 in Las Vegas.
Flash Poll
White Papers
Current Issue
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3562
Published: 2014-08-21
Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attackers to obtain sensitive replicated metadata by searching the directory.

CVE-2014-3577
Published: 2014-08-21
org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-...

CVE-2014-5158
Published: 2014-08-21
The (1) av-centerd SOAP service and (2) backup command in the ossim-framework service in AlienVault OSSIM before 4.6.0 allows remote attackers to execute arbitrary commands via unspecified vectors.

CVE-2014-5159
Published: 2014-08-21
SQL injection vulnerability in the ossim-framework service in AlienVault OSSIM before 4.6.0 allows remote attackers to execute arbitrary SQL commands via the ws_data parameter.

CVE-2014-5210
Published: 2014-08-21
The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) remote_task or (2) get_license request, a different vulnerability than CVE-2014-3804 and CVE-2014-3805.

Best of the Web
Threat Intel Today
Threat Intel Today
The 397 respondents to our new survey buy into using intel to stay ahead of attackers: 85% say threat intelligence plays some role in their IT security strategies, and many of them subscribe to two or more third-party feeds; 10% leverage five or more.
Video
Slideshows
Twitter Feed
Cartoon