Perimeter
News & Commentary
Why A Secured Network Is Like The Human Body
Dan Ross, CEO & President, PromisecCommentary
It’s time to throw away the analogies about building fortresses and perimeter defenses and start to approach InfoSec with the same standard of care we use for public health.
By Dan Ross CEO & President, Promisec, 6/26/2014
Comment11 comments  |  Read  |  Post a Comment
Content Widget Maker Taboola Is Hacked On Reuters
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
Syrian Electronic Army targets widget used by many publishers to surface content that the reader might like.
By Tim Wilson Editor in Chief, Dark Reading, 6/24/2014
Comment1 Comment  |  Read  |  Post a Comment
Experts: CrowdStrike China Hacker Report Raises Red Flags For Business
Tim Wilson, Editor in Chief, Dark ReadingNews
The second report on China’s hacking teams supports Department of Justice's accusations, offers insight on Chinese attackers.
By Tim Wilson Editor in Chief, Dark Reading, 6/11/2014
Comment1 Comment  |  Read  |  Post a Comment
If HTML5 Is The Future, What Happens To Access Control?
Garret Grajek, CTO & COO, SecureAuthCommentary
The solution for multi-device deployment is HTML5. The challenge, for the enterprise, is deploying it correctly. Here are seven tools you will need.
By Garret Grajek CTO & COO, SecureAuth, 6/5/2014
Comment1 Comment  |  Read  |  Post a Comment
How The Math Of Biometric Authentication Adds Up
Dave Kearns, Analyst, Kuppinger-ColeCommentary
Yes, it's true that if your authentication scheme only allows a single fingerprint you only have 10 choices. But there's no rule that says it has to be one, and only one.
By Dave Kearns Analyst, Kuppinger-Cole, 6/2/2014
Comment12 comments  |  Read  |  Post a Comment
SSL: Security's Best Friend Or Worst Enemy?
Ericka Chickowski, Contributing Writer, Dark ReadingNews
A new report shows that applications using SSL are on the rise in enterprises, putting them at greater risk of attacks that hide in plain sight or use vulnerabilities like Heartbleed.
By Ericka Chickowski Contributing Writer, Dark Reading, 6/2/2014
Comment0 comments  |  Read  |  Post a Comment
Tech Insight: Free Tools For Offensive Security
John H. Sawyer, Contributing Writer, Dark ReadingCommentary
A professional penetration tester offers a look at the latest free and open-source tools available for pen testing and offensive tactics.
By John H. Sawyer Contributing Writer, Dark Reading, 5/19/2014
Comment6 comments  |  Read  |  Post a Comment
Dispelling The Myths Of Cyber Security
Mark Goldstein & Arun Sood, Principal, SafeSecurePrivate / PhD, Founder & CEO, SCIT LabsCommentary
Perfect security that focuses on eliminating threats is too expensive and impossible to achieve. Better to think about consequence management.
By Mark Goldstein & Arun Sood Principal, SafeSecurePrivate / PhD, Founder & CEO, SCIT Labs, 5/14/2014
Comment3 comments  |  Read  |  Post a Comment
Report: Nearly 200 Million Records Compromised In Q1
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
More than 250 breaches were disclosed in Q1 2014, SafeNet report says.
By Tim Wilson Editor in Chief, Dark Reading, 5/1/2014
Comment4 comments  |  Read  |  Post a Comment
Report: Some Retail Firms Still Don't Recognize Cyber Security Risks
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
Nearly 10 percent of retail firms have not reported any cyber security exposure to the SEC since 2011, Willis Group says.
By Tim Wilson Editor in Chief, Dark Reading, 4/24/2014
Comment2 comments  |  Read  |  Post a Comment
How A Little Obscurity Can Bolster Security
Corey Nachreiner, Director, Security Strategy & Research, WatchGuard TechnologiesCommentary
Most security professionals deride the idea of "security by obscurity." Is it time to re-evaluate the conventional wisdom?
By Corey Nachreiner Director, Security Strategy & Research, WatchGuard Technologies, 4/17/2014
Comment21 comments  |  Read  |  Post a Comment
Mobility: Who Bears The Brunt Of Data Security & Privacy
Grayson Milbourne, Director, Security Intelligence, WebrootCommentary
OS manufacturers, app developers, and consumers all have a role to play in smartphone data security. But not everyone is equally responsible.
By Grayson Milbourne Director, Security Intelligence, Webroot, 4/16/2014
Comment3 comments  |  Read  |  Post a Comment
Nominum: 24 Million Home Routers Exposing ISPs to DDoS Attacks
Brian Prince, Contributing Writer, Dark ReadingNews
Even Internet service providers that go to great lengths to protect their networks are vulnerable.
By Brian Prince Contributing Writer, Dark Reading, 4/4/2014
Comment7 comments  |  Read  |  Post a Comment
MACH37 Funds Six New Security Startups
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
The cyberaccelerator MACH37 begins work with six emerging cybersecurity firms.
By Tim Wilson Editor in Chief, Dark Reading, 3/27/2014
Comment1 Comment  |  Read  |  Post a Comment
Is The Hypervisor Security's Goldilocks Zone?
Ericka Chickowski, Contributing Writer, Dark ReadingNews
RSA presentation to put virtualization forward as a tool to fix security's architectural problems
By Ericka Chickowski Contributing Writer, Dark Reading, 2/21/2014
Comment1 Comment  |  Read  |  Post a Comment
Target Compromised Via Its HVAC Contractor's Network Credentials
Brian Prince, Contributing Writer, Dark ReadingNews
Attackers compromised credentials for a third party and were off to the races -- leaving a key concept of network security in the dust
By Brian Prince Contributing Writer, Dark Reading, 2/7/2014
Comment4 comments  |  Read  |  Post a Comment
Corero Unveils New Threat Defense System For Service Providers
Dark Reading, News
Corero SmartWall TDS family of network security appliances protects again DDoS attacks and cyberthreats
By Dark Reading , 2/3/2014
Comment0 comments  |  Read  |  Post a Comment
Slide Show: 20 Security Startups To Watch
Ericka Chickowski, Contributing Writer, Dark Reading
Cloud security, mobile security, advanced behavioral detection, and a few other surprises mark this latest crop of newcomers
By Ericka Chickowski Contributing Writer, Dark Reading, 1/31/2014
Comment2 comments  |  Read  |  Post a Comment
Startup Confer Launches Cyberthreat Prevention Network
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
New company Confer takes on endpoint security problem with sensors that feed into threat intelligence network
By Tim Wilson Editor in Chief, Dark Reading, 1/30/2014
Comment0 comments  |  Read  |  Post a Comment
The IPS Makeover
John H. Sawyer, Contributing Writer, Dark ReadingNews
Next-gen intrusion-prevention systems have fuller visibility into applications and data. But do newer firewalls make IPS redundant?
By John H. Sawyer Contributing Writer, Dark Reading, 1/28/2014
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Security Insights
Back To Basics
Back To Basics
By failing to execute on basic security, we’re making the attacker's job too easy.
Comment2 comments
Read | Post a Comment
More Sophos Security Insights
PR Newswire
Register for Dark Reading Newsletters
White Papers
Current Issue
Cartoon
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-4988
Published: 2014-07-09
Heap-based buffer overflow in the xjpegls.dll (aka JLS, JPEG-LS, or JPEG lossless) format plugin in XnView 1.99 and 1.99.1 allows remote attackers to execute arbitrary code via a crafted JLS image file.

CVE-2014-0207
Published: 2014-07-09
The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file.

CVE-2014-0537
Published: 2014-07-09
Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 allow attackers to bypass intended access restrictions via uns...

CVE-2014-0539
Published: 2014-07-09
Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 allow attackers to bypass intended access restrictions via uns...

CVE-2014-3309
Published: 2014-07-09
The NTP implementation in Cisco IOS and IOS XE does not properly support use of the access-group command for a "deny all" configuration, which allows remote attackers to bypass intended restrictions on time synchronization via a standard query, aka Bug ID CSCuj66318.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Marilyn Cohodas and her guests look at the evolving nature of the relationship between CIO and CSO.