Operations
News & Commentary
The Truth About Ransomware: Youíre On Your Own
Andrew Hay, Sr. Security Research Lead & Evangelist, OpenDNSCommentary
What should enterprises do when faced with ransomware? The answer is, it depends.
By Andrew Hay Sr. Security Research Lead & Evangelist, OpenDNS, 9/22/2014
Comment1 Comment  |  Read  |  Post a Comment
Is Enterprise IT Security Ready For iOS 8?
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Apple bakes in more security features, but iOS 8 won't come without security ops headaches.
By Ericka Chickowski Contributing Writer, Dark Reading, 9/19/2014
Comment4 comments  |  Read  |  Post a Comment
7 Reasons To Love Passwords
Sara Peters, Senior Editor at Dark Reading
Passwords are often ridiculed, but there are some reasons they should be your nearest and dearest authentication factor.
By Sara Peters Senior Editor at Dark Reading, 9/17/2014
Comment7 comments  |  Read  |  Post a Comment
Data Privacy Etiquette: It's Not Just For Kids
Lysa Myers, Security Researcher, ESETCommentary
Children are the innocent victims of the worst effects of social media. Thatís why itís vital for adults to establish privacy values that are safe for them -- and the rest of us.
By Lysa Myers Security Researcher, ESET, 9/17/2014
Comment9 comments  |  Read  |  Post a Comment
In Defense Of Passwords
Corey Nachreiner, Director, Security Strategy & Research, WatchGuard TechnologiesCommentary
Long live the password (as long as you use it correctly along with something else).
By Corey Nachreiner Director, Security Strategy & Research, WatchGuard Technologies, 9/16/2014
Comment12 comments  |  Read  |  Post a Comment
5 Myths: Why We Are All Data Security Risks
Lance Cottrell, Chief Scientist, NtrepidCommentary
I am absolutely sure that I could be tricked by a well-crafted spear phishing attack, and I am equally sure I could do the same to you.
By Lance Cottrell Chief Scientist, Ntrepid, 9/15/2014
Comment12 comments  |  Read  |  Post a Comment
Why Email Is Worth Saving
Daniel Ingevaldson, CTO, Easy SolutionsCommentary
What if an Internet-scale, federated policy, authentication, and enforcement framework for trusted email delivery were available? It is.
By Daniel Ingevaldson CTO, Easy Solutions, 9/12/2014
Comment11 comments  |  Read  |  Post a Comment
Apple Pay: A Necessary Push To Transform Consumer Payments
Lucas Zaichkowsky, Enterprise Defense Architect, AccessDataCommentary
Apple Pay is a strategic move that will rival PayPal and other contenders in the mobile wallet marketplace. The big question is whether consumers and businesses are ready to ditch the plastic.
By Lucas Zaichkowsky Enterprise Defense Architect, AccessData, 9/11/2014
Comment16 comments  |  Read  |  Post a Comment
Security Growing Pangs Loom For 100K+ Sites With Newly Untrusted Certificates
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Mozilla revokes 1024-bit root certificates in bid to improve Firefox security and similar changes to come for Chrome as Google plans to dump SHA-1 certificates.
By Ericka Chickowski Contributing Writer, Dark Reading, 9/10/2014
Comment0 comments  |  Read  |  Post a Comment
InfoSec Book Club: Whatís On Your Fall Reading List?
Marilyn Cohodas, Community Editor, Dark Reading
Dark Reading community members share the books that inform and inspire their decisions and interactions as security professionals.
By Marilyn Cohodas Community Editor, Dark Reading, 9/9/2014
Comment6 comments  |  Read  |  Post a Comment
Black Hat & DEF CON: 3 Lessons From A Newbie
Kerstyn Clover, Attack & Defense Team ConsultantCommentary
Security conferences are a lot like metal concerts: Your parents are terrified you're going to die because everyone looks scary, but 98 percent of attendees are really nice people who want to help you learn.
By Kerstyn Clover Attack & Defense Team Consultant, 9/9/2014
Comment7 comments  |  Read  |  Post a Comment
Dark Reading Radio: CISO James Christiansen Shares Experiences
Tim Wilson, Editor in Chief, Dark ReadingCommentary
Former CISO at GM, Visa, and Experian answers questions about building security programs in large enterprises.
By Tim Wilson Editor in Chief, Dark Reading, 9/9/2014
Comment1 Comment  |  Read  |  Post a Comment
No End In Sight For Ransomware
Brian Foster, CTO, DamballaCommentary
The screenlocker Kovter, in particular, has shown sharp growth this year. It masquerades as a law enforcement authority and threatens police action if users donít pay up.
By Brian Foster CTO, Damballa, 9/8/2014
Comment0 comments  |  Read  |  Post a Comment
Cyber Security Education: Remove The Limits
W. Hord Tipton, Commentary
Highly technical and high-level strategic education must come together to achieve cyber security goals.
By W. Hord Tipton , 9/4/2014
Comment6 comments  |  Read  |  Post a Comment
Home Depot, Other Retailers Get Social Engineered
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Famed annual contest reveals how many retailers lack sufficient defenses against social engineering.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/3/2014
Comment11 comments  |  Read  |  Post a Comment
Celeb Hack: Is Apple Telling All It Knows?
Dave Kearns, Analyst, Kuppinger-ColeCommentary
Did Apple have a system-wide data breach? No. Was it complicit through an appalling security lapse by not defending against brute force attacks? Youíre darn tootin'!
By Dave Kearns Analyst, Kuppinger-Cole, 9/3/2014
Comment14 comments  |  Read  |  Post a Comment
Secure The Core: Advice For Agencies Under Attack
Vijay Basani, CEO, EiQ NetworksCommentary
When facing state-sponsored attacks, perimeter security is never enough.
By Vijay Basani CEO, EiQ Networks, 9/3/2014
Comment2 comments  |  Read  |  Post a Comment
Wanted By DHS: Breakout Ideas On Domestic Cybersecurity
William Welsh, Contributing WriterCommentary
Department of Homeland Security plans to fund cyber defense research efforts to develop pragmatic tools that can be deployed quickly, says Forrester.
By William Welsh Contributing Writer, 9/2/2014
Comment1 Comment  |  Read  |  Post a Comment
How I Hacked My Home, IoT Style
David Jacoby, Sr. Security Researcher, Kaspersky LabCommentary
It didnít take long to find a score of vulnerabilities in my home entertainment, gaming, and network storage systems.
By David Jacoby Sr. Security Researcher, Kaspersky Lab, 8/27/2014
Comment16 comments  |  Read  |  Post a Comment
Healthcare Industry, Feds Talk Information Sharing
Brian Prince, Contributing Writer, Dark ReadingNews
Representatives from the healthcare industry as well as government discuss importance of threat intelligence-sharing in light of the Community Health Systems breach.
By Brian Prince Contributing Writer, Dark Reading, 8/22/2014
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Security Insights
3 Places to Enable 2-Factor Authentication Now
3 Places to Enable 2-Factor Authentication Now
Two-factor authentication is a ubiquitous, mature technology. Whether or not you use it for your network, here are three external services for which you should immediately enable it.
Comment1 comments
Read | Post a Comment
More Sophos Security Insights
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2942
Published: 2014-09-22
Cobham Aviator 700D and 700E satellite terminals use an improper algorithm for PIN codes, which makes it easier for attackers to obtain a privileged terminal session by calculating the superuser code, and then leveraging physical access or terminal access to enter this code.

CVE-2014-5522
Published: 2014-09-22
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6025. Reason: This candidate is a reservation duplicate of CVE-2014-6025. Notes: All CVE users should reference CVE-2014-6025 instead of this candidate. All references and descriptions in this candidate have been removed to pre...

CVE-2014-5523
Published: 2014-09-22
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-5524. Reason: This candidate is a duplicate of CVE-2014-5524. Notes: All CVE users should reference CVE-2014-5524 instead of this candidate. All references and descriptions in this candidate have been removed to prevent acciden...

CVE-2014-5575
Published: 2014-09-22
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

CVE-2014-5665
Published: 2014-09-22
The Mzone Login (aka com.mr384.MzoneLogin) application 1.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Best of the Web
Dark Reading Radio