Operations
News & Commentary
In Defense Of Passwords
Corey Nachreiner, Director, Security Strategy & Research, WatchGuard TechnologiesCommentary
Long live the password (as long as you use it correctly along with something else).
By Corey Nachreiner Director, Security Strategy & Research, WatchGuard Technologies, 9/16/2014
Comment1 Comment  |  Read  |  Post a Comment
5 Myths: Why We Are All Data Security Risks
Lance Cottrell, Chief Scientist, NtrepidCommentary
I am absolutely sure that I could be tricked by a well-crafted spear phishing attack, and I am equally sure I could do the same to you.
By Lance Cottrell Chief Scientist, Ntrepid, 9/15/2014
Comment5 comments  |  Read  |  Post a Comment
Why Email Is Worth Saving
Daniel Ingevaldson, CTO, Easy SolutionsCommentary
What if an Internet-scale, federated policy, authentication, and enforcement framework for trusted email delivery were available? It is.
By Daniel Ingevaldson CTO, Easy Solutions, 9/12/2014
Comment11 comments  |  Read  |  Post a Comment
Apple Pay: A Necessary Push To Transform Consumer Payments
Lucas Zaichkowsky, Enterprise Defense Architect, AccessDataCommentary
Apple Pay is a strategic move that will rival PayPal and other contenders in the mobile wallet marketplace. The big question is whether consumers and businesses are ready to ditch the plastic.
By Lucas Zaichkowsky Enterprise Defense Architect, AccessData, 9/11/2014
Comment16 comments  |  Read  |  Post a Comment
Security Growing Pangs Loom For 100K+ Sites With Newly Untrusted Certificates
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Mozilla revokes 1024-bit root certificates in bid to improve Firefox security and similar changes to come for Chrome as Google plans to dump SHA-1 certificates.
By Ericka Chickowski Contributing Writer, Dark Reading, 9/10/2014
Comment0 comments  |  Read  |  Post a Comment
InfoSec Book Club: What’s On Your Fall Reading List?
Marilyn Cohodas, Community Editor, Dark Reading
Dark Reading community members share the books that inform and inspire their decisions and interactions as security professionals.
By Marilyn Cohodas Community Editor, Dark Reading, 9/9/2014
Comment6 comments  |  Read  |  Post a Comment
Black Hat & DEF CON: 3 Lessons From A Newbie
Kerstyn Clover, Attack & Defense Team ConsultantCommentary
Security conferences are a lot like metal concerts: Your parents are terrified you're going to die because everyone looks scary, but 98 percent of attendees are really nice people who want to help you learn.
By Kerstyn Clover Attack & Defense Team Consultant, 9/9/2014
Comment7 comments  |  Read  |  Post a Comment
Dark Reading Radio: CISO James Christiansen Shares Experiences
Tim Wilson, Editor in Chief, Dark ReadingCommentary
Former CISO at GM, Visa, and Experian answers questions about building security programs in large enterprises.
By Tim Wilson Editor in Chief, Dark Reading, 9/9/2014
Comment1 Comment  |  Read  |  Post a Comment
No End In Sight For Ransomware
Brian Foster, CTO, DamballaCommentary
The screenlocker Kovter, in particular, has shown sharp growth this year. It masquerades as a law enforcement authority and threatens police action if users don’t pay up.
By Brian Foster CTO, Damballa, 9/8/2014
Comment0 comments  |  Read  |  Post a Comment
Cyber Security Education: Remove The Limits
W. Hord Tipton, Commentary
Highly technical and high-level strategic education must come together to achieve cyber security goals.
By W. Hord Tipton , 9/4/2014
Comment6 comments  |  Read  |  Post a Comment
Home Depot, Other Retailers Get Social Engineered
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Famed annual contest reveals how many retailers lack sufficient defenses against social engineering.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/3/2014
Comment11 comments  |  Read  |  Post a Comment
Celeb Hack: Is Apple Telling All It Knows?
Dave Kearns, Analyst, Kuppinger-ColeCommentary
Did Apple have a system-wide data breach? No. Was it complicit through an appalling security lapse by not defending against brute force attacks? You’re darn tootin'!
By Dave Kearns Analyst, Kuppinger-Cole, 9/3/2014
Comment14 comments  |  Read  |  Post a Comment
Secure The Core: Advice For Agencies Under Attack
Vijay Basani, CEO, EiQ NetworksCommentary
When facing state-sponsored attacks, perimeter security is never enough.
By Vijay Basani CEO, EiQ Networks, 9/3/2014
Comment2 comments  |  Read  |  Post a Comment
Wanted By DHS: Breakout Ideas On Domestic Cybersecurity
William Welsh, Contributing WriterCommentary
Department of Homeland Security plans to fund cyber defense research efforts to develop pragmatic tools that can be deployed quickly, says Forrester.
By William Welsh Contributing Writer, 9/2/2014
Comment1 Comment  |  Read  |  Post a Comment
How I Hacked My Home, IoT Style
David Jacoby, Sr. Security Researcher, Kaspersky LabCommentary
It didn’t take long to find a score of vulnerabilities in my home entertainment, gaming, and network storage systems.
By David Jacoby Sr. Security Researcher, Kaspersky Lab, 8/27/2014
Comment16 comments  |  Read  |  Post a Comment
Healthcare Industry, Feds Talk Information Sharing
Brian Prince, Contributing Writer, Dark ReadingNews
Representatives from the healthcare industry as well as government discuss importance of threat intelligence-sharing in light of the Community Health Systems breach.
By Brian Prince Contributing Writer, Dark Reading, 8/22/2014
Comment0 comments  |  Read  |  Post a Comment
Flash Poll: CSOs Need A New Boss
Marilyn Cohodas, Community Editor, Dark ReadingCommentary
Only one out of four respondents to our flash poll think the CSO should report to the CIO.
By Marilyn Cohodas Community Editor, Dark Reading, 8/22/2014
Comment4 comments  |  Read  |  Post a Comment
Hacker Or Military? Best Of Both In Cyber Security
John B. Dickson, CISSP,  Principal, Denim GroupCommentary
How radically different approaches play out across the security industry.
By John B. Dickson CISSP, Principal, Denim Group, 8/21/2014
Comment6 comments  |  Read  |  Post a Comment
Heartbleed Not Only Reason For Health Systems Breach
Sara Peters, Senior Editor at Dark ReadingNews
Community Health Systems' bad patching practices are nothing compared to its poor encryption, network monitoring, fraud detection, and data segmentation, experts say.
By Sara Peters Senior Editor at Dark Reading, 8/20/2014
Comment14 comments  |  Read  |  Post a Comment
Access Point Pinched From Black Hat Show WLAN
Kelly Jackson Higgins, Executive Editor at Dark ReadingCommentary
A few apparent pranks, practice DDoS attacks, and other mischievous activities were spotted on the Black Hat USA wireless network in Las Vegas this month.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/19/2014
Comment4 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Security Insights
3 Places to Enable 2-Factor Authentication Now
3 Places to Enable 2-Factor Authentication Now
Two-factor authentication is a ubiquitous, mature technology. Whether or not you use it for your network, here are three external services for which you should immediately enable it.
Comment1 comments
Read | Post a Comment
More Sophos Security Insights
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0993
Published: 2014-09-15
Buffer overflow in the Vcl.Graphics.TPicture.Bitmap implementation in the Visual Component Library (VCL) in Embarcadero Delphi XE6 20.0.15596.9843 and C++ Builder XE6 20.0.15596.9843 allows remote attackers to execute arbitrary code via a crafted BMP file.

CVE-2014-2375
Published: 2014-09-15
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read or write to arbitrary files, and obtain sensitive information or cause a denial of service (disk consumption), via the CSV export feature.

CVE-2014-2376
Published: 2014-09-15
SQL injection vulnerability in Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2014-2377
Published: 2014-09-15
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag.

CVE-2014-3077
Published: 2014-09-15
IBM SONAS and System Storage Storwize V7000 Unified (aka V7000U) 1.3.x and 1.4.x before 1.4.3.4 store the chkauth password in the audit log, which allows local users to obtain sensitive information by reading this log file.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
CISO Insider: An Interview with James Christiansen, Vice President, Information Risk Management, Office of the CISO, Accuvant