6 Things That Stink About SSL
Dark Reading Radio: The Changing Role Of The CSO
In Fog Of Cyberwar, US Tech Is Caught In Crossfire
Facebook Helps Cripple Greek Botnet
6 Tips for Using Big Data to Hunt Cyberthreats
News & Commentary
Cloud & The Fuzzy Math of Shadow IT
Krishna Narayanaswamy, Founder & Chief Scientist, NetskopeCommentary
Do you know how many cloud apps, on average, are running in your organization? The number is probably greater than you think.
By Krishna Narayanaswamy Founder & Chief Scientist, Netskope, 7/10/2014
Comment0 comments  |  Read  |  Post a Comment
'Windows To Go' Device Wins Federal Cryptographic Certification
David F Carr, Editor, InformationWeek HealthcareCommentary
With FIPS 140-2 Level 3 certification, the Imation IronKey portable USB-based workspace becomes a mobility option for both civilian and military agencies.
By David F Carr Editor, InformationWeek Healthcare, 7/10/2014
Comment0 comments  |  Read  |  Post a Comment
Chinese Hackers Target Logistics & Shipping Firms With Poisoned Inventory Scanners
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
'ZombieZero' still actively pushing rigged handheld scanning devices, reviving concerns of doing business with Chinese tech companies.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 7/10/2014
Comment0 comments  |  Read  |  Post a Comment
Fake Google Digital Certificates Found & Confiscated
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
A certificate authority in India had issued rogue certificates for some Google domains, the search engine giant discovers.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 7/9/2014
Comment3 comments  |  Read  |  Post a Comment
BrutPOS Botnet Targets Retail's Low-Hanging Fruit
Sara Peters, News
FireEye discovers a botnet that's going after point-of-sale systems showing bad passwords and other basic security no-nos.
By Sara Peters , 7/9/2014
Comment3 comments  |  Read  |  Post a Comment
In Fog Of Cyberwar, US Tech Is Caught In Crossfire
Julian Waits, President & CEO, ThreatTrack SecurityCommentary
Distrust of the US intelligence community is eroding consumer confidence and hampering US technology firms on the global stage at a time when the sector should be showing unprecedented growth.
By Julian Waits President & CEO, ThreatTrack Security, 7/9/2014
Comment4 comments  |  Read  |  Post a Comment
6 Things That Stink About SSL
Sara Peters,
Users might not care to trust the very mechanism that's supposed to provide online trust.
By Sara Peters , 7/9/2014
Comment3 comments  |  Read  |  Post a Comment
Controversial Cyber Security Bill Advances
Thomas Claburn, Editor-at-LargeCommentary
Senate bill aims to promote information sharing to combat cyberthreats, but critics contend it lacks privacy protections.
By Thomas Claburn Editor-at-Large, 7/9/2014
Comment7 comments  |  Read  |  Post a Comment
Facebook Helps Cripple Greek Botnet
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
Arrests made in Lecpetex malware campaign that was spreading via Facebook, emails.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 7/8/2014
Comment4 comments  |  Read  |  Post a Comment
Electronic Frontier Foundation Sues NSA, Director of National Intelligence
Sara Peters, Quick Hits
EFF says that the agencies have failed to provide documents requested under the Freedom of Information Act.
By Sara Peters , 7/8/2014
Comment2 comments  |  Read  |  Post a Comment
6 Tips for Using Big Data to Hunt Cyberthreats
Timber Wolfe, Principal Security Engineer, TrainACECommentary
You need to be smart about harnessing big data to defend against today’s security threats, data breaches, and attacks.
By Timber Wolfe Principal Security Engineer, TrainACE, 7/8/2014
Comment1 Comment  |  Read  |  Post a Comment
Online Scammers Take Advantage Of iPhone 6, iWatch Hype
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Phishing message claims to provide links to leaked iPhone 6 information and pictures.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/8/2014
Comment1 Comment  |  Read  |  Post a Comment
Dark Reading Radio: The Changing Role Of The CSO
Marilyn Cohodas, Community Editor, Dark ReadingCommentary
Why does the CSO report to the CIO? Join us for a panel discussion. Showtime is today, Wednesday, 1:00 p.m., New York, 10 a.m., San Francisco.
By Marilyn Cohodas Community Editor, Dark Reading, 7/8/2014
Comment4 comments  |  Read  |  Post a Comment
Chinese Attackers Targeting U.S. Think Tanks, Researchers Say
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
Government-backed group "Deep Panda" compromised "several" nonprofit national security policy research organizations, CrowdStrike says
By Tim Wilson Editor in Chief, Dark Reading, 7/7/2014
Comment0 comments  |  Read  |  Post a Comment
Q&A: Panda Security Staging A Comeback
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
New Panda CEO and former IBM security executive Diego Navarrete shares his strategy and insight into turning around the security company that has fallen off the radar screen over the last couple of years.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 7/7/2014
Comment1 Comment  |  Read  |  Post a Comment
Black Hat USA 2014: Third-Party Vulns Spread Like Diseases
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Understanding the impact of vulnerabilities in libraries and other components
By Ericka Chickowski Contributing Writer, Dark Reading, 7/7/2014
Comment2 comments  |  Read  |  Post a Comment
Florida Law Aims To Tighten Data Security
Alison Diana, Senior EditorCommentary
Florida's new data privacy law increases security accountability for all enterprises; healthcare providers could face greater burden to protect patients' personal information.
By Alison Diana Senior Editor, 7/7/2014
Comment10 comments  |  Read  |  Post a Comment
TSA Requires Charged Devices At Some Overseas Airports
Eric Zeman, Commentary
Homeland Security tells US-bound air travelers at certain overseas airports that mobile devices need to be operational when boarding, or gadgets will be confiscated.
By Eric Zeman , 7/7/2014
Comment7 comments  |  Read  |  Post a Comment
10 Ways Google Must Improve Android
Rodney Brown, Editor, The Mobility Hub
Google's upcoming Android "L" version introduces improvements including Android for Work and stronger app security. But Google still has plenty of gaps to fill.
By Rodney Brown Editor, The Mobility Hub, 7/5/2014
Comment25 comments  |  Read  |  Post a Comment
Microsoft's Seizure Of No-IP Domains Disrupted Criminals & Innocents Alike
Sara Peters, News
Microsoft successfully disrupted roughly one-quarter of the APT actors Kaspersky monitors, but took down millions of innocent hostnames too.
By Sara Peters , 7/3/2014
Comment6 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Security Insights
Microsoft, No-IP, And The Need For Clarity
Microsoft, No-IP, And The Need For Clarity
The Microsoft vs. No-IP case highlights the need for clear standards of abuse handling and transparency on which service providers measure up.
Comment0 comments
Read | Post a Comment
More Sophos Security Insights
PR Newswire
Hello. We were unable to find the address you requested. You may search for the content you are seeking using our search form or email technical support with any questions.
In Fog Of Cyberwar, US Tech Is Caught In Crossfire
Julian Waits, President & CEO, ThreatTrack Security,  7/9/2014
Facebook Helps Cripple Greek Botnet
Kelly Jackson Higgins, Senior Editor, Dark Reading,  7/8/2014
Dark Reading Radio: The Changing Role Of The CSO
Marilyn Cohodas, Community Editor, Dark Reading,  7/8/2014
Register for Dark Reading Newsletters
Dark Reading Radio
Archived Dark Reading Radio
Marilyn Cohodas and her guests look at the evolving nature of the relationship between CIO and CSO.
Cartoon
White Papers
Current Issue
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2963
Published: 2014-07-10
Multiple cross-site scripting (XSS) vulnerabilities in group/control_panel/manage in Liferay Portal 6.1.2 CE GA3, 6.1.X EE, and 6.2.X EE allow remote attackers to inject arbitrary web script or HTML via the (1) _2_firstName, (2) _2_lastName, or (3) _2_middleName parameter.

CVE-2014-3310
Published: 2014-07-10
The File Transfer feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center does not verify that a requested file was an offered file, which allows remote attackers to read arbitrary files via a modified request, aka Bug IDs CSCup62442 and CSCup58463.

CVE-2014-3311
Published: 2014-07-10
Heap-based buffer overflow in the file-sharing feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center allows remote attackers to execute arbitrary code via crafted data, aka Bug IDs CSCup62463 and CSCup58467.

CVE-2014-3315
Published: 2014-07-10
Cross-site scripting (XSS) vulnerability in viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCup76308.

CVE-2014-3316
Published: 2014-07-10
The Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to bypass intended upload restrictions via a crafted parameter, aka Bug ID CSCup76297.

Best of the Web
DevOps’ Impact on Application Security
DevOps’ Impact on Application Security
Managing the interdependency between software and infrastructure is a thorny challenge. Often, it’s a “developers are from Mars, systems engineers are from Venus” situation.
Video
Slideshows
Twitter Feed
Flash Poll