Dark Reading Radio: The Changing Role Of The CSO
Hacker Movies We Love & Hate
Why Your Application Security Program May Backfire
Q&A: Panda Security Staging A Comeback
Cartoon: Cloud Conundrum
News & Commentary
Fake Google Digital Certificates Found & Confiscated
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
A certificate authority in India had issued rogue certificates for some Google domains, the search engine giant discovers.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 7/9/2014
Comment2 comments  |  Read  |  Post a Comment
BrutPOS Botnet Targets Retail's Low-Hanging Fruit
Sara Peters, News
FireEye discovers a botnet that's going after point-of-sale systems showing bad passwords and other basic security no-nos.
By Sara Peters , 7/9/2014
Comment1 Comment  |  Read  |  Post a Comment
In Fog Of Cyberwar, US Tech Is Caught In Crossfire
Julian Waits, President & CEO, ThreatTrack SecurityCommentary
Distrust of the US intelligence community is eroding consumer confidence and hampering US technology firms on the global stage at a time when the sector should be showing unprecedented growth.
By Julian Waits President & CEO, ThreatTrack Security, 7/9/2014
Comment3 comments  |  Read  |  Post a Comment
6 Things That Stink About SSL
Sara Peters,
Users might not care to trust the very mechanism that's supposed to provide online trust.
By Sara Peters , 7/9/2014
Comment0 comments  |  Read  |  Post a Comment
Controversial Cyber Security Bill Advances
Thomas Claburn, Editor-at-LargeCommentary
Senate bill aims to promote information sharing to combat cyberthreats, but critics contend it lacks privacy protections.
By Thomas Claburn Editor-at-Large, 7/9/2014
Comment7 comments  |  Read  |  Post a Comment
Facebook Helps Cripple Greek Botnet
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
Arrests made in Lecpetex malware campaign that was spreading via Facebook, emails.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 7/8/2014
Comment4 comments  |  Read  |  Post a Comment
Electronic Frontier Foundation Sues NSA, Director of National Intelligence
Sara Peters, Quick Hits
EFF says that the agencies have failed to provide documents requested under the Freedom of Information Act.
By Sara Peters , 7/8/2014
Comment2 comments  |  Read  |  Post a Comment
6 Tips for Using Big Data to Hunt Cyberthreats
Timber Wolfe, Principal Security Engineer, TrainACECommentary
You need to be smart about harnessing big data to defend against today’s security threats, data breaches, and attacks.
By Timber Wolfe Principal Security Engineer, TrainACE, 7/8/2014
Comment1 Comment  |  Read  |  Post a Comment
Online Scammers Take Advantage Of iPhone 6, iWatch Hype
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Phishing message claims to provide links to leaked iPhone 6 information and pictures.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/8/2014
Comment1 Comment  |  Read  |  Post a Comment
Dark Reading Radio: The Changing Role Of The CSO
Marilyn Cohodas, Community Editor, Dark ReadingCommentary
Why does the CSO report to the CIO? Join us for a panel discussion. Showtime is today, Wednesday, 1:00 p.m., New York, 10 a.m., San Francisco.
By Marilyn Cohodas Community Editor, Dark Reading, 7/8/2014
Comment3 comments  |  Read  |  Post a Comment
Chinese Attackers Targeting U.S. Think Tanks, Researchers Say
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
Government-backed group "Deep Panda" compromised "several" nonprofit national security policy research organizations, CrowdStrike says
By Tim Wilson Editor in Chief, Dark Reading, 7/7/2014
Comment0 comments  |  Read  |  Post a Comment
Q&A: Panda Security Staging A Comeback
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
New Panda CEO and former IBM security executive Diego Navarrete shares his strategy and insight into turning around the security company that has fallen off the radar screen over the last couple of years.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 7/7/2014
Comment1 Comment  |  Read  |  Post a Comment
Black Hat USA 2014: Third-Party Vulns Spread Like Diseases
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Understanding the impact of vulnerabilities in libraries and other components
By Ericka Chickowski Contributing Writer, Dark Reading, 7/7/2014
Comment1 Comment  |  Read  |  Post a Comment
Florida Law Aims To Tighten Data Security
Alison Diana, Senior EditorCommentary
Florida's new data privacy law increases security accountability for all enterprises; healthcare providers could face greater burden to protect patients' personal information.
By Alison Diana Senior Editor, 7/7/2014
Comment10 comments  |  Read  |  Post a Comment
TSA Requires Charged Devices At Some Overseas Airports
Eric Zeman, Commentary
Homeland Security tells US-bound air travelers at certain overseas airports that mobile devices need to be operational when boarding, or gadgets will be confiscated.
By Eric Zeman , 7/7/2014
Comment7 comments  |  Read  |  Post a Comment
10 Ways Google Must Improve Android
Rodney Brown, Editor, The Mobility Hub
Google's upcoming Android "L" version introduces improvements including Android for Work and stronger app security. But Google still has plenty of gaps to fill.
By Rodney Brown Editor, The Mobility Hub, 7/5/2014
Comment25 comments  |  Read  |  Post a Comment
Microsoft's Seizure Of No-IP Domains Disrupted Criminals & Innocents Alike
Sara Peters, News
Microsoft successfully disrupted roughly one-quarter of the APT actors Kaspersky monitors, but took down millions of innocent hostnames too.
By Sara Peters , 7/3/2014
Comment6 comments  |  Read  |  Post a Comment
Retail Breaches Change Customer Behavior, Attitudes, Studies Say
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
Recent breaches of retail and credit card data are making customers think twice about where they shop and how they pay, researchers say
By Tim Wilson Editor in Chief, Dark Reading, 7/3/2014
Comment4 comments  |  Read  |  Post a Comment
CosmicDuke: Cosmu & MiniDuke Mash-Up
Sara Peters, News
F-Secure believes that the combo malware might have connections to the perpetrators of the miniDuke attacks.
By Sara Peters , 7/2/2014
Comment1 Comment  |  Read  |  Post a Comment
Why Your Application Security Program May Backfire
Jeff Williams, CTO, Contrast SecurityCommentary
You have to consider the human factor when you’re designing security interventions, because the best intentions can have completely opposite consequences.
By Jeff Williams CTO, Contrast Security, 7/2/2014
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Security Insights
Microsoft, No-IP, And The Need For Clarity
Microsoft, No-IP, And The Need For Clarity
The Microsoft vs. No-IP case highlights the need for clear standards of abuse handling and transparency on which service providers measure up.
Comment0 comments
Read | Post a Comment
More Sophos Security Insights
PR Newswire
Hello. We were unable to find the address you requested. You may search for the content you are seeking using our search form or email technical support with any questions.
Facebook Helps Cripple Greek Botnet
Kelly Jackson Higgins, Senior Editor, Dark Reading,  7/8/2014
Dark Reading Radio: The Changing Role Of The CSO
Marilyn Cohodas, Community Editor, Dark Reading,  7/8/2014
Register for Dark Reading Newsletters
Dark Reading Radio
Archived Dark Reading Radio
Marilyn Cohodas and her guests look at the evolving nature of the relationship between CIO and CSO.
Cartoon
White Papers
Current Issue
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-4988
Published: 2014-07-09
Heap-based buffer overflow in the xjpegls.dll (aka JLS, JPEG-LS, or JPEG lossless) format plugin in XnView 1.99 and 1.99.1 allows remote attackers to execute arbitrary code via a crafted JLS image file.

CVE-2014-0207
Published: 2014-07-09
The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file.

CVE-2014-0537
Published: 2014-07-09
Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 allow attackers to bypass intended access restrictions via uns...

CVE-2014-0539
Published: 2014-07-09
Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 allow attackers to bypass intended access restrictions via uns...

CVE-2014-3309
Published: 2014-07-09
The NTP implementation in Cisco IOS and IOS XE does not properly support use of the access-group command for a "deny all" configuration, which allows remote attackers to bypass intended restrictions on time synchronization via a standard query, aka Bug ID CSCuj66318.

Best of the Web
DevOps’ Impact on Application Security
DevOps’ Impact on Application Security
Managing the interdependency between software and infrastructure is a thorny challenge. Often, it’s a “developers are from Mars, systems engineers are from Venus” situation.
Video
Slideshows
Twitter Feed
Flash Poll