10 Common Software Security Design Flaws
How I Hacked My Home, IoT Style
All In For The Coming World of 'Things'
Heartbleed Not Only Reason For Health Systems Breach
Hacker Couture: As Seen At Black Hat USA, BSides, DEF CON
News & Commentary
Home Depot The Latest Hack Victim?
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
Home improvement chain--along with law enforcement and banks--are investigating 'unusual activity.'
By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/2/2014
Comment0 comments  |  Read  |  Post a Comment
“Contactless” HCE Payments Promise Simplicity But Is It Secure?
Pat Carroll, Executive Chairman & Founder, ValidSoftCommentary
Host Card Emulation is a powerful and flexible technology, but like most software-dependent solutions, it can be hacked and exploited.
By Pat Carroll Executive Chairman & Founder, ValidSoft, 9/2/2014
Comment2 comments  |  Read  |  Post a Comment
How To Create A Risk 'Pain Chart'
Brian Prince, Contributing Writer, Dark ReadingNews
Consultant John Pironti outlines how to execute a risk-based approach to defending corporate assets.
By Brian Prince Contributing Writer, Dark Reading, 8/29/2014
Comment5 comments  |  Read  |  Post a Comment
California Smartphone Kill-Switch Law: What It Means
Thomas Claburn, Editor-at-LargeCommentary
Do you understand the consequences of California's new smartphone anti-theft law? Our FAQ will clear up the confusion.
By Thomas Claburn Editor-at-Large, 8/29/2014
Comment31 comments  |  Read  |  Post a Comment
Why Are Security Pros Blasé About Compliance?
François Amigorena, Founder & CEO, IS DecisionsCommentary
A survey of 500 IT and security decision makers in the UK and US shows that a majority are in the dark about regulatory requirements for their business organization.
By François Amigorena Founder & CEO, IS Decisions, 8/29/2014
Comment17 comments  |  Read  |  Post a Comment
CryptoWall More Pervasive, Less Profitable Than CryptoLocker
Sara Peters, Senior Editor at Dark ReadingNews
The former CryptoLocker wannabe has netted 625,000 infected systems and more than $1 million in ransoms.
By Sara Peters Senior Editor at Dark Reading, 8/28/2014
Comment5 comments  |  Read  |  Post a Comment
Feds Investigating Breaches At JPMorgan, Other Banks
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
JPMorgan working with FBI, US Secret Service to determine scope of breach, but other newly reported intrusions at financial firms may not be related.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/28/2014
Comment8 comments  |  Read  |  Post a Comment
NIST Drafts Mobile App Security Guidelines
Richard W. Walker, Commentary
National Institute for Standards and Technology issues first draft of guidelines intended to help federal agencies balance benefits and risks of third-party mobile apps.
By Richard W. Walker , 8/28/2014
Comment5 comments  |  Read  |  Post a Comment
Backoff, Dairy Queen, UPS & Retail's Growing PoS Security Problem
Sara Peters, Senior Editor at Dark ReadingNews
Retail brands are trying to pass the buck for data security to banks and franchisees, say some experts.
By Sara Peters Senior Editor at Dark Reading, 8/27/2014
Comment9 comments  |  Read  |  Post a Comment
10 Common Software Security Design Flaws
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Google, Twitter, and others identify the most common software design mistakes -- compiled from their own organizations -- that lead to security woes and how to avoid them.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/27/2014
Comment17 comments  |  Read  |  Post a Comment
How I Hacked My Home, IoT Style
David Jacoby, Sr. Security Researcher, Kaspersky LabCommentary
It didn’t take long to find a score of vulnerabilities in my home entertainment, gaming, and network storage systems.
By David Jacoby Sr. Security Researcher, Kaspersky Lab, 8/27/2014
Comment16 comments  |  Read  |  Post a Comment
Online Tools For Bug Disclosure Abound
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
What's driving the bounty of software vulnerability disclosure offerings today from Bugcrowd, HackerOne, and Synack.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/26/2014
Comment4 comments  |  Read  |  Post a Comment
Sony, XBox Victims Of DDoS, Hacktivist Threats
Sara Peters, Senior Editor at Dark ReadingQuick Hits
Hacktivists from Anonymous and from a presumed Islamic extremist group targeted a variety of online gaming services.
By Sara Peters Senior Editor at Dark Reading, 8/26/2014
Comment6 comments  |  Read  |  Post a Comment
Top 5 Reasons Your Small Business Website is Under Attack
Chris Weltzien, CEO, 6Scan Commentary
There is no such thing as “too small to hack.” If a business has a website, hackers can exploit it.
By Chris Weltzien CEO, 6Scan , 8/26/2014
Comment28 comments  |  Read  |  Post a Comment
10 Ways To Strengthen Healthcare Security
Alison Diana, Senior Editor
As recent hacks show, keeping a healthcare organization safe from security threats takes planning, technical expertise, and business knowledge. Has your team taken these 10 steps?
By Alison Diana Senior Editor, 8/26/2014
Comment13 comments  |  Read  |  Post a Comment
27 Million South Koreans Victimized In Online Gaming Heist
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
16 suspects arrested in South Korea as authorities pursue additional suspects, including a Chinese hacker.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/25/2014
Comment6 comments  |  Read  |  Post a Comment
Breach of Homeland Security Background Checks Raises Red Flags
Sara Peters, Senior Editor at Dark ReadingNews
"We should be burning down the house over this," says a GRC expert.
By Sara Peters Senior Editor at Dark Reading, 8/25/2014
Comment13 comments  |  Read  |  Post a Comment
When Big Data & Infants' Privacy Collide
Alison Diana, Senior EditorCommentary
Technology allows researchers to discover newborns' genetic secrets, but the long-term repercussions worry some parents and privacy advocates.
By Alison Diana Senior Editor, 8/25/2014
Comment13 comments  |  Read  |  Post a Comment
All In For The Coming World of 'Things'
Don Bailey, Founder & CEO, Lab Mouse SecurityCommentary
At a Black Hat round table, experts discuss the strategies necessary to lock down the Internet of Things, the most game-changing concept in Internet history.
By Don Bailey Founder & CEO, Lab Mouse Security, 8/25/2014
Comment6 comments  |  Read  |  Post a Comment
Android Flaw Might Also Affect iOS, Windows
Thomas Claburn, Editor-at-LargeCommentary
Sandboxing flaw let researchers hijack Gmail 92% of the time, and could also affect iOS and Windows.
By Thomas Claburn Editor-at-Large, 8/23/2014
Comment18 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Security Insights
3 Places to Enable 2-Factor Authentication Now
3 Places to Enable 2-Factor Authentication Now
Two-factor authentication is a ubiquitous, mature technology. Whether or not you use it for your network, here are three external services for which you should immediately enable it.
Comment1 comments
Read | Post a Comment
More Sophos Security Insights
PR Newswire
Hello. We were unable to find the address you requested. You may search for the content you are seeking using our search form or email technical support with any questions.
10 Common Software Security Design Flaws
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/27/2014
Why Are Security Pros Blasé About Compliance?
François Amigorena, Founder & CEO, IS Decisions,  8/29/2014
How I Hacked My Home, IoT Style
David Jacoby, Sr. Security Researcher, Kaspersky Lab,  8/27/2014
Register for Dark Reading Newsletters
Dark Reading Radio
Archived Dark Reading Radio
This episode of Dark Reading Radio looks at infosec security from the big enterprise POV with interviews featuring Ron Plesco, Cyber Investigations, Intelligence & Analytics at KPMG; and Chris Inglis & Chris Bell of Securonix.
Cartoon
White Papers
Current Issue
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0485
Published: 2014-09-02
S3QL 1.18.1 and earlier uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object in (1) common.py or (2) local.py in backends/.

CVE-2014-3861
Published: 2014-09-02
Cross-site scripting (XSS) vulnerability in CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted reference element within a nonXMLBody element.

CVE-2014-3862
Published: 2014-09-02
CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to discover potentially sensitive URLs via a crafted reference element that triggers creation of an IMG element with an arbitrary URL in its SRC attribute, leading to information disclosure in a Referer log.

CVE-2014-5076
Published: 2014-09-02
The La Banque Postale application before 3.2.6 for Android does not prevent the launching of an activity by a component of another application, which allows attackers to obtain sensitive cached banking information via crafted intents, as demonstrated by the drozer framework.

CVE-2014-5136
Published: 2014-09-02
Cross-site scripting (XSS) vulnerability in Innovative Interfaces Sierra Library Services Platform 1.2_3 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

Best of the Web
Threat Intel Today
Threat Intel Today
The 397 respondents to our new survey buy into using intel to stay ahead of attackers: 85% say threat intelligence plays some role in their IT security strategies, and many of them subscribe to two or more third-party feeds; 10% leverage five or more.
Flash Poll
Video
Slideshows
Twitter Feed