Operations
News & Commentary
Hacker Or Military? Best Of Both In Cyber Security
John B. Dickson, CISSP,  Principal, Denim GroupCommentary
How radically different approaches play out across the security industry.
By John B. Dickson CISSP, Principal, Denim Group, 8/21/2014
Comment4 comments  |  Read  |  Post a Comment
Heartbleed Not Only Reason For Health Systems Breach
Sara Peters, Senior Editor at Dark ReadingNews
Community Health Systems' bad patching practices are nothing compared to its poor encryption, network monitoring, fraud detection, and data segmentation, experts say.
By Sara Peters Senior Editor at Dark Reading, 8/20/2014
Comment7 comments  |  Read  |  Post a Comment
Access Point Pinched From Black Hat Show WLAN
Kelly Jackson Higgins, Executive Editor at Dark ReadingCommentary
A few apparent pranks, practice DDoS attacks, and other mischievous activities were spotted on the Black Hat USA wireless network in Las Vegas this month.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/19/2014
Comment2 comments  |  Read  |  Post a Comment
Why Patching Makes My Heart Bleed
John Rostern, CRISC, QSA, VP Technology Audit & Advisory Services, CoalfireCommentary
Heartbleed was a simple mistake that was allowed to propagate through "business as usual" patching cycles and change management. It could easily happen again.
By John Rostern CRISC, QSA, VP Technology Audit & Advisory Services, Coalfire, 8/14/2014
Comment2 comments  |  Read  |  Post a Comment
Time To Broaden CompSci Curriculum Beyond STEM
Lysa Myers, Security Researcher, ESETCommentary
Having a visual arts background may not be the traditional path for a career in infosec, but itís a skill that makes me no less effective in analyzing malware patterns -- and often faster.
By Lysa Myers Security Researcher, ESET, 8/13/2014
Comment15 comments  |  Read  |  Post a Comment
6 Biometric Factors That Are Working Today
Marilyn Cohodas, Community Editor, Dark Reading
From fingerprints to wearable ECG monitors, there are real options in the market that may relegate the despised password to the dustbin of history.
By Marilyn Cohodas Community Editor, Dark Reading, 8/12/2014
Comment21 comments  |  Read  |  Post a Comment
Cyber Risk Dashboards: False Sense Of Control?
(ISC)2 Writers Bureau, Commentary
Federal programs promoting the use of risk dashboards can boost real-time visibility, but only if they are used correctly.
By (ISC)2 Writers Bureau , 8/12/2014
Comment2 comments  |  Read  |  Post a Comment
Closing The Skills Gap Between Hackers & Defenders: 4 Steps
W. Hord Tipton, Commentary
Improvements in security education, budgets, tools, and methods will help our industry avoid more costly and dangerous attacks and data breaches in the future.
By W. Hord Tipton , 8/11/2014
Comment17 comments  |  Read  |  Post a Comment
The Hyperconnected World Has Arrived
Michael Sutton, VP Security Research, ZscalerCommentary
Yes, the ever-expanding attack surface of the Internet of Things is overwhelming. But next-gen security leaders gathered at Black Hat are up to the challenge.
By Michael Sutton VP Security Research, Zscaler, 8/8/2014
Comment6 comments  |  Read  |  Post a Comment
The Illegitimate Millinerís Guide to Black Hat
Tal Klein, VP Strategy, AdallomCommentary
A less-than-honest "Abe" goes undercover to get a behind-the-scenes look at Black Hat and its infamous attendees.
By Tal Klein VP Strategy, Adallom, 8/6/2014
Comment9 comments  |  Read  |  Post a Comment
5 Steps To Supply Chain Security
Robert Lemos, Technology JournalistNews
The integrity of enterprise data is only as strong as your most vulnerable third-party supplier or business partner. It's time to shore up these connection points.
By Robert Lemos Technology Journalist, 8/6/2014
Comment5 comments  |  Read  |  Post a Comment
Is IT The New Boss Of Video Surveillance?
Fredrik Nilsson, General Manager, Axis Communications, North AmericaCommentary
ITís participation in the security of corporate video surveillance is growing, much to the chagrin of the physical security team. Hereís why corporate infosec needs to pay attention.
By Fredrik Nilsson General Manager, Axis Communications, North America, 8/4/2014
Comment4 comments  |  Read  |  Post a Comment
'Backoff' Malware: Time To Step Up Remote Access Security
Boatner Blankenstein, Senior Director, Solutions Engineering, BomgarCommentary
DHS issues advisory about remote desktop access tools associated with recent point-of-sale breaches.
By Boatner Blankenstein Senior Director, Solutions Engineering, Bomgar, 8/1/2014
Comment9 comments  |  Read  |  Post a Comment
InfoSecís Holy Grail: Data Sharing & Collaboration
Levi Gundert, Technical Lead, Cisco Threat Research, Analysis, and Communications (TRAC)Commentary
Despite all the best intentions, cooperation around Internet security is still a work in progress. Case in point: Microsoftís unilateral action against No-IP.
By Levi Gundert Technical Lead, Cisco Threat Research, Analysis, and Communications (TRAC), 7/31/2014
Comment0 comments  |  Read  |  Post a Comment
Phishing: What Once Was Old Is New Again
Dave Kearns, Analyst, Kuppinger-ColeCommentary
I used to think the heyday of phishing had passed. But as Symantec notes in its 2014 Internet Security Threat Report, I was wrong!
By Dave Kearns Analyst, Kuppinger-Cole, 7/30/2014
Comment12 comments  |  Read  |  Post a Comment
The Perfect InfoSec Mindset: Paranoia + Skepticism
Corey Nachreiner, Director, Security Strategy & Research, WatchGuard TechnologiesCommentary
A little skeptical paranoia will ensure that you have the impulse to react quickly to new threats while retaining the logic to separate fact from fiction.
By Corey Nachreiner Director, Security Strategy & Research, WatchGuard Technologies, 7/29/2014
Comment11 comments  |  Read  |  Post a Comment
Weak Password Advice From Microsoft
Andrey Dulkin, Senior Director, Cyber Innovation, CyberArkCommentary
Tempting as it may seem to do away with strong passwords for low-risk websites, password reuse is still a significant threat to both users and business.
By Andrey Dulkin Senior Director, Cyber Innovation, CyberArk, 7/28/2014
Comment15 comments  |  Read  |  Post a Comment
How To Build A Federal Information Security Team
(ISC)2 Writers Bureau, Commentary
Federal security officers face many challenges building and maintaining an information security team. Here are some tips for putting together a group of employees that will protect your systems and data.
By (ISC)2 Writers Bureau , 7/28/2014
Comment2 comments  |  Read  |  Post a Comment
Passwords Be Gone! Removing 4 Barriers To Strong Authentication
Phillip M. Dunkelberger, President & CEO, Nok Nok LabsCommentary
As biometric factors become more prevalent on mobile devices, FIDO Alliance standards will gain traction as an industry-wide authentication solution.
By Phillip M. Dunkelberger President & CEO, Nok Nok Labs, 7/24/2014
Comment10 comments  |  Read  |  Post a Comment
CEO Report Card: Low Grades for Risk Management
Marilyn Cohodas, Community Editor, Dark ReadingCommentary
Dark Reading's latest community poll shows a stunning lack of confidence in chief execs' commitment to cyber security.
By Marilyn Cohodas Community Editor, Dark Reading, 7/18/2014
Comment12 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Security Insights
3 Places to Enable 2-Factor Authentication Now
3 Places to Enable 2-Factor Authentication Now
Two-factor authentication is a ubiquitous, mature technology. Whether or not you use it for your network, here are three external services for which you should immediately enable it.
Comment1 comments
Read | Post a Comment
More Sophos Security Insights
PR Newswire
Register for Dark Reading Newsletters
White Papers
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3562
Published: 2014-08-21
Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attackers to obtain sensitive replicated metadata by searching the directory.

CVE-2014-3577
Published: 2014-08-21
org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-...

CVE-2014-5158
Published: 2014-08-21
The (1) av-centerd SOAP service and (2) backup command in the ossim-framework service in AlienVault OSSIM before 4.6.0 allows remote attackers to execute arbitrary commands via unspecified vectors.

CVE-2014-5159
Published: 2014-08-21
SQL injection vulnerability in the ossim-framework service in AlienVault OSSIM before 4.6.0 allows remote attackers to execute arbitrary SQL commands via the ws_data parameter.

CVE-2014-5210
Published: 2014-08-21
The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) remote_task or (2) get_license request, a different vulnerability than CVE-2014-3804 and CVE-2014-3805.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Three interviews on critical embedded systems and security, recorded at Black Hat 2014 in Las Vegas.