Perimeter
News & Commentary
Top 5 Reasons Your Small Business Website is Under Attack
Chris Weltzien, CEO, 6Scan Commentary
There is no such thing as “too small to hack.” If a business has a website, hackers can exploit it.
By Chris Weltzien CEO, 6Scan , 8/26/2014
Comment25 comments  |  Read  |  Post a Comment
Why John McAfee Is Paranoid About Mobile
Peter Zavlaris, Analyst, RiskIQCommentary
Mobile apps are posing expanding risks to both enterprises and their customers. But maybe being paranoid about mobile is actually healthy for security.
By Peter Zavlaris Analyst, RiskIQ, 8/19/2014
Comment11 comments  |  Read  |  Post a Comment
6 Biometric Factors That Are Working Today
Marilyn Cohodas, Community Editor, Dark Reading
From fingerprints to wearable ECG monitors, there are real options in the market that may relegate the despised password to the dustbin of history.
By Marilyn Cohodas Community Editor, Dark Reading, 8/12/2014
Comment23 comments  |  Read  |  Post a Comment
Dark Reading Plans Special Coverage Of Black Hat USA 2014
Tim Wilson, Editor in Chief, Dark ReadingCommentary
Radio shows, daily newsletter, and panel sessions highlight Dark Reading's comprehensive coverage of the Black Hat conference.
By Tim Wilson Editor in Chief, Dark Reading, 8/4/2014
Comment0 comments  |  Read  |  Post a Comment
LIVE From Las Vegas: Dark Reading Radio at Black Hat
Marilyn Cohodas, Community Editor, Dark ReadingCommentary
If you can't physically be at Black Hat USA 2014, Dark Reading offers a virtual alternative where you can engage with presenters and attendees about hot show topics and trends.
By Marilyn Cohodas Community Editor, Dark Reading, 8/1/2014
Comment2 comments  |  Read  |  Post a Comment
Dark Reading Radio: Data Loss Prevention (DLP) Fail
Kelly Jackson Higgins, Executive Editor at Dark ReadingCommentary
Learn about newly found vulnerabilities in commercial and open-source DLP software in our latest episode of Dark Reading Radio with security researchers Zach Lanier and Kelly Lum.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/29/2014
Comment8 comments  |  Read  |  Post a Comment
Internet of Things: 4 Security Tips From The Military
Michael K. Daly, CTO, Cybersecurity & Special Missions, Raytheon Intelligence, Information & ServicesCommentary
The military has been connecting mobile command posts, unmanned vehicles, and wearable computers for decades. It’s time to take a page from their battle plan.
By Michael K. Daly CTO, Cybersecurity & Special Missions, Raytheon Intelligence, Information & Services, 7/25/2014
Comment13 comments  |  Read  |  Post a Comment
Infographic: With BYOD, Mobile Is The New Desktop
Adam Ely, COO, BlueboxCommentary
Security teams have no choice but to embrace the rapid proliferation of BYO devices, apps, and cloud services. To ignore it is to put your head in the sand.
By Adam Ely COO, Bluebox, 7/22/2014
Comment8 comments  |  Read  |  Post a Comment
Internet of Things: Security For A World Of Ubiquitous Computing
Candace Worley, SVP & GM, Endpoint Security, McAfeeCommentary
Endpoint security is hardly dead, and claiming that it is oversimplifies the challenges corporations face now and in the not-very-distant future.
By Candace Worley SVP & GM, Endpoint Security, McAfee, 7/21/2014
Comment5 comments  |  Read  |  Post a Comment
Why A Secured Network Is Like The Human Body
Dan Ross, CEO & President, PromisecCommentary
It’s time to throw away the analogies about building fortresses and perimeter defenses and start to approach InfoSec with the same standard of care we use for public health.
By Dan Ross CEO & President, Promisec, 6/26/2014
Comment11 comments  |  Read  |  Post a Comment
Content Widget Maker Taboola Is Hacked On Reuters
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
Syrian Electronic Army targets widget used by many publishers to surface content that the reader might like.
By Tim Wilson Editor in Chief, Dark Reading, 6/24/2014
Comment1 Comment  |  Read  |  Post a Comment
Experts: CrowdStrike China Hacker Report Raises Red Flags For Business
Tim Wilson, Editor in Chief, Dark ReadingNews
The second report on China’s hacking teams supports Department of Justice's accusations, offers insight on Chinese attackers.
By Tim Wilson Editor in Chief, Dark Reading, 6/11/2014
Comment1 Comment  |  Read  |  Post a Comment
If HTML5 Is The Future, What Happens To Access Control?
Garret Grajek, CTO & COO, SecureAuthCommentary
The solution for multi-device deployment is HTML5. The challenge, for the enterprise, is deploying it correctly. Here are seven tools you will need.
By Garret Grajek CTO & COO, SecureAuth, 6/5/2014
Comment1 Comment  |  Read  |  Post a Comment
How The Math Of Biometric Authentication Adds Up
Dave Kearns, Analyst, Kuppinger-ColeCommentary
Yes, it's true that if your authentication scheme only allows a single fingerprint you only have 10 choices. But there's no rule that says it has to be one, and only one.
By Dave Kearns Analyst, Kuppinger-Cole, 6/2/2014
Comment12 comments  |  Read  |  Post a Comment
SSL: Security's Best Friend Or Worst Enemy?
Ericka Chickowski, Contributing Writer, Dark ReadingNews
A new report shows that applications using SSL are on the rise in enterprises, putting them at greater risk of attacks that hide in plain sight or use vulnerabilities like Heartbleed.
By Ericka Chickowski Contributing Writer, Dark Reading, 6/2/2014
Comment0 comments  |  Read  |  Post a Comment
Tech Insight: Free Tools For Offensive Security
John H. Sawyer, Contributing Writer, Dark ReadingCommentary
A professional penetration tester offers a look at the latest free and open-source tools available for pen testing and offensive tactics.
By John H. Sawyer Contributing Writer, Dark Reading, 5/19/2014
Comment6 comments  |  Read  |  Post a Comment
Dispelling The Myths Of Cyber Security
Mark Goldstein & Arun Sood, Principal, SafeSecurePrivate / PhD, Founder & CEO, SCIT LabsCommentary
Perfect security that focuses on eliminating threats is too expensive and impossible to achieve. Better to think about consequence management.
By Mark Goldstein & Arun Sood Principal, SafeSecurePrivate / PhD, Founder & CEO, SCIT Labs, 5/14/2014
Comment3 comments  |  Read  |  Post a Comment
Report: Nearly 200 Million Records Compromised In Q1
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
More than 250 breaches were disclosed in Q1 2014, SafeNet report says.
By Tim Wilson Editor in Chief, Dark Reading, 5/1/2014
Comment4 comments  |  Read  |  Post a Comment
Report: Some Retail Firms Still Don't Recognize Cyber Security Risks
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
Nearly 10 percent of retail firms have not reported any cyber security exposure to the SEC since 2011, Willis Group says.
By Tim Wilson Editor in Chief, Dark Reading, 4/24/2014
Comment2 comments  |  Read  |  Post a Comment
How A Little Obscurity Can Bolster Security
Corey Nachreiner, Director, Security Strategy & Research, WatchGuard TechnologiesCommentary
Most security professionals deride the idea of "security by obscurity." Is it time to re-evaluate the conventional wisdom?
By Corey Nachreiner Director, Security Strategy & Research, WatchGuard Technologies, 4/17/2014
Comment22 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Security Insights
Back To Basics
Back To Basics
By failing to execute on basic security, we’re making the attacker's job too easy.
Comment2 comments
Read | Post a Comment
More Sophos Security Insights
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3345
Published: 2014-08-28
The web framework in Cisco Transport Gateway for Smart Call Home (aka TG-SCH or Transport Gateway Installation Software) 4.0 does not properly check authorization for administrative web pages, which allows remote attackers to modify the product via a crafted URL, aka Bug ID CSCuq31503.

CVE-2014-3347
Published: 2014-08-28
Cisco IOS 15.1(4)M2 on Cisco 1800 ISR devices, when the ISDN Basic Rate Interface is enabled, allows remote attackers to cause a denial of service (device hang) by leveraging knowledge of the ISDN phone number to trigger an interrupt timer collision during entropy collection, leading to an invalid s...

CVE-2014-4199
Published: 2014-08-28
vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, allows local users to write to arbitrary files via a symlink attack on a file in /tmp.

CVE-2014-4200
Published: 2014-08-28
vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, uses 0644 permissions for the vm-support archive, which allows local users to obtain sensitive information by extracting files from this archive.

CVE-2014-0761
Published: 2014-08-27
The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows remote attackers to cause a denial of service (infinite loop or process crash) via a crafted TCP packet.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
This episode of Dark Reading Radio looks at infosec security from the big enterprise POV with interviews featuring Ron Plesco, Cyber Investigations, Intelligence & Analytics at KPMG; and Chris Inglis & Chris Bell of Securonix.