CEO Report Card: Low Grades for Risk Management
Dark Reading Radio: Where Do Security Startups Come From?
6 Things That Stink About SSL
Payment Card Data Theft: Tips For Small Business
A New Age in Cyber Security: Public Cyberhealth
News & Commentary
Internet of Things: Security For A World Of Ubiquitous Computing
Candace Worley, SVP & GM, Endpoint Security, McAfeeCommentary
Endpoint security is hardly dead, and claiming that it is oversimplifies the challenges corporations face now and in the not-very-distant future.
By Candace Worley SVP & GM, Endpoint Security, McAfee, 7/21/2014
Comment0 comments  |  Read  |  Post a Comment
Hacking Your Hotel Room
Brian Prince, Contributing Writer, Dark ReadingNews
At Black Hat USA next month, a researcher will show how to hack your way into controlling everything in a hotel room -- from lighting to television sets.
By Brian Prince Contributing Writer, Dark Reading, 7/18/2014
Comment10 comments  |  Read  |  Post a Comment
CEO Report Card: Low Grades for Risk Management
Marilyn Cohodas, Community Editor, Dark ReadingCommentary
Dark Reading's latest community poll shows a stunning lack of confidence in chief execs' commitment to cyber security.
By Marilyn Cohodas Community Editor, Dark Reading, 7/18/2014
Comment2 comments  |  Read  |  Post a Comment
Government-Grade Stealth Malware In Hands Of Criminals
Sara Peters, News
"Gyges" can be bolted onto other malware to hide it from anti-virus, intrusion detection systems, and other security tools.
By Sara Peters , 7/17/2014
Comment10 comments  |  Read  |  Post a Comment
Website Hacks Dropped During World Cup Final
Kelly Jackson Higgins, Senior Editor, Dark ReadingQuick Hits
Hackers apparently took time off to watch the Germany-Argentina title match of the 2014 FIFA World Cup.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 7/17/2014
Comment10 comments  |  Read  |  Post a Comment
A New Age in Cyber Security: Public Cyberhealth
Brian Foster, CTO, DamballaCommentary
The cleanup aimed at disrupting GameOver Zeus and CryptoLocker offers an instructive template for managing mass cyber infections.
By Brian Foster CTO, Damballa, 7/17/2014
Comment3 comments  |  Read  |  Post a Comment
Ransomware: 5 Threats To Watch
Kelly Jackson Higgins, Senior Editor, Dark Reading
Cyber criminals have kicked it up a notch with nasty malware that locks you out of your machine and holds it for ransom.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 7/17/2014
Comment3 comments  |  Read  |  Post a Comment
Senate Hearing Calls for Changes to Cybercrime Law
Sara Peters, News
In the wake of Microsoft's seizure of No-IP servers and domains, private and public sector representatives met to discuss what can be done to address the problem of botnets.
By Sara Peters , 7/16/2014
Comment9 comments  |  Read  |  Post a Comment
Passwords & The Future Of Identity: Payment Networks?
Andre Boysen, EVP, Digital Identity Evangelist, SecureKeyCommentary
The solution to the omnipresent and enduring password problem may be closer than you think.
By Andre Boysen EVP, Digital Identity Evangelist, SecureKey, 7/16/2014
Comment17 comments  |  Read  |  Post a Comment
Automobile Industry Accelerates Into Security
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
Industry looking at intelligence-sharing platform or an Auto-ISAC in anticipation of more automated, connected -- and vulnerable -- vehicles.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 7/15/2014
Comment13 comments  |  Read  |  Post a Comment
Payment Card Data Theft: Tips For Small Business
Chris Nutt, Director, Incident Response & Malware, MandiantCommentary
For small businesses looking to reduce their exposure to data theft the good news is the advantage of being small.
By Chris Nutt Director, Incident Response & Malware, Mandiant, 7/15/2014
Comment7 comments  |  Read  |  Post a Comment
Tapping Into A Homemade Android Army
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Black Hat speaker will detail how security researchers can expedite their work across numerous Android devices at once.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/15/2014
Comment2 comments  |  Read  |  Post a Comment
Active Directory Flaw Lets Attackers Change Passwords
Sara Peters, Quick Hits
Aorato finds way to compromise Active Directory and change passwords without being noticed by SIEM.
By Sara Peters , 7/15/2014
Comment10 comments  |  Read  |  Post a Comment
Google Forms Zero-Day Hacking Team
Kelly Jackson Higgins, Senior Editor, Dark ReadingQuick Hits
'Project Zero' to hunt bugs in all software that touches the Net.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 7/15/2014
Comment3 comments  |  Read  |  Post a Comment
Dark Reading Radio: Where Do Security Startups Come From?
Tim Wilson, Editor in Chief, Dark ReadingCommentary
This week's radio broadcast will discuss how hot new security companies are born and how they are funded. Showtime is 1:00 p.m. ET.
By Tim Wilson Editor in Chief, Dark Reading, 7/15/2014
Comment2 comments  |  Read  |  Post a Comment
DropCam Vulnerable To Hijacking
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
Researchers at DEF CON to demonstrate flaws in a popular WiFi video monitoring system.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 7/14/2014
Comment8 comments  |  Read  |  Post a Comment
New GameoverZeuS Variant Found In The Wild
Sara Peters, News
A new botnet abandons peer-to-peer communication and may or may not be operated by the one disrupted by Operation Tovar last month.
By Sara Peters , 7/14/2014
Comment0 comments  |  Read  |  Post a Comment
How Next-Generation Security Is Redefining The Cloud
Bill Kleyman, National Director of Strategy & Innovation, MTM TechnologiesCommentary
Your cloud, datacenter, and infrastructure all contain flexible and agile components. Your security model should be the same.
By Bill Kleyman National Director of Strategy & Innovation, MTM Technologies, 7/14/2014
Comment10 comments  |  Read  |  Post a Comment
Hacking Password Managers
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Researchers find four classes of common vulnerabilities in popular password managers and recommend greater industry scrutiny and more automated ways to find vulnerabilities.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/14/2014
Comment12 comments  |  Read  |  Post a Comment
Attack Campaign Targets Facebook, Dropbox User Credentials
Brian Prince, Contributing Writer, Dark ReadingNews
The goal of the attackers is not fully clear but the credential theft could set up sophisticated targeted attackers.
By Brian Prince Contributing Writer, Dark Reading, 7/11/2014
Comment4 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Security Insights
Microsoft, No-IP, And The Need For Clarity
Microsoft, No-IP, And The Need For Clarity
The Microsoft vs. No-IP case highlights the need for clear standards of abuse handling and transparency on which service providers measure up.
Comment0 comments
Read | Post a Comment
More Sophos Security Insights
PR Newswire
Hello. We were unable to find the address you requested. You may search for the content you are seeking using our search form or email technical support with any questions.
Passwords & The Future Of Identity: Payment Networks?
Andre Boysen, EVP, Digital Identity Evangelist, SecureKey,  7/16/2014
Automobile Industry Accelerates Into Security
Kelly Jackson Higgins, Senior Editor, Dark Reading,  7/15/2014
Hacking Your Hotel Room
Brian Prince, Contributing Writer, Dark Reading,  7/18/2014
Register for Dark Reading Newsletters
Dark Reading Radio
Archived Dark Reading Radio
Where do information security startups come from? More important, how can I tell a good one from a flash in the pan? Learn how to separate ITSec wheat from chaff in this episode.
Flash Poll
White Papers
Current Issue
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-4734
Published: 2014-07-21
Cross-site scripting (XSS) vulnerability in e107_admin/db.php in e107 2.0 alpha2 and earlier allows remote attackers to inject arbitrary web script or HTML via the type parameter.

CVE-2014-4960
Published: 2014-07-21
Multiple SQL injection vulnerabilities in models\gallery.php in Youtube Gallery (com_youtubegallery) component 4.x through 4.1.7, and possibly 3.x, for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) listid or (2) themeid parameter to index.php.

CVE-2014-5016
Published: 2014-07-21
Multiple cross-site scripting (XSS) vulnerabilities in LimeSurvey 2.05+ Build 140618 allow remote attackers to inject arbitrary web script or HTML via (1) the pid attribute to the getAttribute_json function to application/controllers/admin/participantsaction.php in CPDB, (2) the sa parameter to appl...

CVE-2014-5017
Published: 2014-07-21
SQL injection vulnerability in CPDB in application/controllers/admin/participantsaction.php in LimeSurvey 2.05+ Build 140618 allows remote attackers to execute arbitrary SQL commands via the sidx parameter in a JSON request to admin/participants/sa/getParticipants_json, related to a search parameter...

CVE-2014-5018
Published: 2014-07-21
Incomplete blacklist vulnerability in the autoEscape function in common_helper.php in LimeSurvey 2.05+ Build 140618 allows remote attackers to conduct cross-site scripting (XSS) attacks via the GBK charset in the loadname parameter to index.php, related to the survey resume.

Best of the Web
DevOps’ Impact on Application Security
DevOps’ Impact on Application Security
Managing the interdependency between software and infrastructure is a thorny challenge. Often, it’s a “developers are from Mars, systems engineers are from Venus” situation.
Video
Slideshows
Twitter Feed
Cartoon