Operations
News & Commentary
How I Hacked My Home, IoT Style
David Jacoby, Sr. Security Researcher, Kaspersky LabCommentary
It didn’t take long to find a score of vulnerabilities in my home entertainment, gaming, and network storage systems.
By David Jacoby Sr. Security Researcher, Kaspersky Lab, 8/27/2014
Comment11 comments  |  Read  |  Post a Comment
Healthcare Industry, Feds Talk Information Sharing
Brian Prince, Contributing Writer, Dark ReadingNews
Representatives from the healthcare industry as well as government discuss importance of threat intelligence-sharing in light of the Community Health Systems breach.
By Brian Prince Contributing Writer, Dark Reading, 8/22/2014
Comment0 comments  |  Read  |  Post a Comment
Flash Poll: CSOs Need A New Boss
Marilyn Cohodas, Community Editor, Dark ReadingCommentary
Only one out of four respondents to our flash poll think the CSO should report to the CIO.
By Marilyn Cohodas Community Editor, Dark Reading, 8/22/2014
Comment4 comments  |  Read  |  Post a Comment
Hacker Or Military? Best Of Both In Cyber Security
John B. Dickson, CISSP,  Principal, Denim GroupCommentary
How radically different approaches play out across the security industry.
By John B. Dickson CISSP, Principal, Denim Group, 8/21/2014
Comment6 comments  |  Read  |  Post a Comment
Heartbleed Not Only Reason For Health Systems Breach
Sara Peters, Senior Editor at Dark ReadingNews
Community Health Systems' bad patching practices are nothing compared to its poor encryption, network monitoring, fraud detection, and data segmentation, experts say.
By Sara Peters Senior Editor at Dark Reading, 8/20/2014
Comment12 comments  |  Read  |  Post a Comment
Access Point Pinched From Black Hat Show WLAN
Kelly Jackson Higgins, Executive Editor at Dark ReadingCommentary
A few apparent pranks, practice DDoS attacks, and other mischievous activities were spotted on the Black Hat USA wireless network in Las Vegas this month.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/19/2014
Comment4 comments  |  Read  |  Post a Comment
Why Patching Makes My Heart Bleed
John Rostern, CRISC, QSA, VP Technology Audit & Advisory Services, CoalfireCommentary
Heartbleed was a simple mistake that was allowed to propagate through "business as usual" patching cycles and change management. It could easily happen again.
By John Rostern CRISC, QSA, VP Technology Audit & Advisory Services, Coalfire, 8/14/2014
Comment2 comments  |  Read  |  Post a Comment
Time To Broaden CompSci Curriculum Beyond STEM
Lysa Myers, Security Researcher, ESETCommentary
Having a visual arts background may not be the traditional path for a career in infosec, but it’s a skill that makes me no less effective in analyzing malware patterns -- and often faster.
By Lysa Myers Security Researcher, ESET, 8/13/2014
Comment15 comments  |  Read  |  Post a Comment
6 Biometric Factors That Are Working Today
Marilyn Cohodas, Community Editor, Dark Reading
From fingerprints to wearable ECG monitors, there are real options in the market that may relegate the despised password to the dustbin of history.
By Marilyn Cohodas Community Editor, Dark Reading, 8/12/2014
Comment23 comments  |  Read  |  Post a Comment
Cyber Risk Dashboards: False Sense Of Control?
(ISC)2 Writers Bureau, Commentary
Federal programs promoting the use of risk dashboards can boost real-time visibility, but only if they are used correctly.
By (ISC)2 Writers Bureau , 8/12/2014
Comment2 comments  |  Read  |  Post a Comment
Closing The Skills Gap Between Hackers & Defenders: 4 Steps
W. Hord Tipton, Commentary
Improvements in security education, budgets, tools, and methods will help our industry avoid more costly and dangerous attacks and data breaches in the future.
By W. Hord Tipton , 8/11/2014
Comment17 comments  |  Read  |  Post a Comment
The Hyperconnected World Has Arrived
Michael Sutton, VP Security Research, ZscalerCommentary
Yes, the ever-expanding attack surface of the Internet of Things is overwhelming. But next-gen security leaders gathered at Black Hat are up to the challenge.
By Michael Sutton VP Security Research, Zscaler, 8/8/2014
Comment6 comments  |  Read  |  Post a Comment
The Illegitimate Milliner’s Guide to Black Hat
Tal Klein, VP Strategy, AdallomCommentary
A less-than-honest "Abe" goes undercover to get a behind-the-scenes look at Black Hat and its infamous attendees.
By Tal Klein VP Strategy, Adallom, 8/6/2014
Comment9 comments  |  Read  |  Post a Comment
5 Steps To Supply Chain Security
Robert Lemos, Technology JournalistNews
The integrity of enterprise data is only as strong as your most vulnerable third-party supplier or business partner. It's time to shore up these connection points.
By Robert Lemos Technology Journalist, 8/6/2014
Comment5 comments  |  Read  |  Post a Comment
Is IT The New Boss Of Video Surveillance?
Fredrik Nilsson, General Manager, Axis Communications, North AmericaCommentary
IT’s participation in the security of corporate video surveillance is growing, much to the chagrin of the physical security team. Here’s why corporate infosec needs to pay attention.
By Fredrik Nilsson General Manager, Axis Communications, North America, 8/4/2014
Comment4 comments  |  Read  |  Post a Comment
'Backoff' Malware: Time To Step Up Remote Access Security
Boatner Blankenstein, Senior Director, Solutions Engineering, BomgarCommentary
DHS issues advisory about remote desktop access tools associated with recent point-of-sale breaches.
By Boatner Blankenstein Senior Director, Solutions Engineering, Bomgar, 8/1/2014
Comment9 comments  |  Read  |  Post a Comment
InfoSec’s Holy Grail: Data Sharing & Collaboration
Levi Gundert, Technical Lead, Cisco Threat Research, Analysis, and Communications (TRAC)Commentary
Despite all the best intentions, cooperation around Internet security is still a work in progress. Case in point: Microsoft’s unilateral action against No-IP.
By Levi Gundert Technical Lead, Cisco Threat Research, Analysis, and Communications (TRAC), 7/31/2014
Comment0 comments  |  Read  |  Post a Comment
Phishing: What Once Was Old Is New Again
Dave Kearns, Analyst, Kuppinger-ColeCommentary
I used to think the heyday of phishing had passed. But as Symantec notes in its 2014 Internet Security Threat Report, I was wrong!
By Dave Kearns Analyst, Kuppinger-Cole, 7/30/2014
Comment12 comments  |  Read  |  Post a Comment
The Perfect InfoSec Mindset: Paranoia + Skepticism
Corey Nachreiner, Director, Security Strategy & Research, WatchGuard TechnologiesCommentary
A little skeptical paranoia will ensure that you have the impulse to react quickly to new threats while retaining the logic to separate fact from fiction.
By Corey Nachreiner Director, Security Strategy & Research, WatchGuard Technologies, 7/29/2014
Comment11 comments  |  Read  |  Post a Comment
Weak Password Advice From Microsoft
Andrey Dulkin, Senior Director, Cyber Innovation, CyberArkCommentary
Tempting as it may seem to do away with strong passwords for low-risk websites, password reuse is still a significant threat to both users and business.
By Andrey Dulkin Senior Director, Cyber Innovation, CyberArk, 7/28/2014
Comment15 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Security Insights
3 Places to Enable 2-Factor Authentication Now
3 Places to Enable 2-Factor Authentication Now
Two-factor authentication is a ubiquitous, mature technology. Whether or not you use it for your network, here are three external services for which you should immediately enable it.
Comment1 comments
Read | Post a Comment
More Sophos Security Insights
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3345
Published: 2014-08-28
The web framework in Cisco Transport Gateway for Smart Call Home (aka TG-SCH or Transport Gateway Installation Software) 4.0 does not properly check authorization for administrative web pages, which allows remote attackers to modify the product via a crafted URL, aka Bug ID CSCuq31503.

CVE-2014-3347
Published: 2014-08-28
Cisco IOS 15.1(4)M2 on Cisco 1800 ISR devices, when the ISDN Basic Rate Interface is enabled, allows remote attackers to cause a denial of service (device hang) by leveraging knowledge of the ISDN phone number to trigger an interrupt timer collision during entropy collection, leading to an invalid s...

CVE-2014-4199
Published: 2014-08-28
vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, allows local users to write to arbitrary files via a symlink attack on a file in /tmp.

CVE-2014-4200
Published: 2014-08-28
vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, uses 0644 permissions for the vm-support archive, which allows local users to obtain sensitive information by extracting files from this archive.

CVE-2014-0761
Published: 2014-08-27
The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows remote attackers to cause a denial of service (infinite loop or process crash) via a crafted TCP packet.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
This episode of Dark Reading Radio looks at infosec security from the big enterprise POV with interviews featuring Ron Plesco, Cyber Investigations, Intelligence & Analytics at KPMG; and Chris Inglis & Chris Bell of Securonix.