Database Security
Authentication
Privacy
Compliance
Careers & People
Identity & Access Management
Threat Intelligence
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Risk
News & Commentary
6 Tips for Using Big Data to Hunt Cyberthreats
Timber Wolfe, Principal Security Engineer, TrainACECommentary
You need to be smart about harnessing big data to defend against today’s security threats, data breaches, and attacks.
By Timber Wolfe Principal Security Engineer, TrainACE, 7/8/2014
Comment1 Comment  |  Read  |  Post a Comment
Dark Reading Radio: The Changing Role Of The CSO
Marilyn Cohodas, Community Editor, Dark ReadingCommentary
Why does the CSO report to the CIO? Join us for a panel discussion. Showtime is today, Wednesday, 1:00 p.m., New York, 10 a.m., San Francisco.
By Marilyn Cohodas Community Editor, Dark Reading, 7/8/2014
Comment3 comments  |  Read  |  Post a Comment
Florida Law Aims To Tighten Data Security
Alison Diana, Senior EditorCommentary
Florida's new data privacy law increases security accountability for all enterprises; healthcare providers could face greater burden to protect patients' personal information.
By Alison Diana Senior Editor, 7/7/2014
Comment10 comments  |  Read  |  Post a Comment
Why Your Application Security Program May Backfire
Jeff Williams, CTO, Contrast SecurityCommentary
You have to consider the human factor when you’re designing security interventions, because the best intentions can have completely opposite consequences.
By Jeff Williams CTO, Contrast Security, 7/2/2014
Comment1 Comment  |  Read  |  Post a Comment
Internet Of Things: Current Privacy Policies Don't Work
Marc Loewenthal, Director, Promontory Financial GroupCommentary
Traditional ways to deliver privacy guidelines, such as online postings or click-through mechanisms, don't work with the Internet of Things.
By Marc Loewenthal Director, Promontory Financial Group, 6/30/2014
Comment4 comments  |  Read  |  Post a Comment
Sensitive Data Protection Bedevils IT Security Pros
William Welsh, Contributing WriterCommentary
Most organizations don't know where their sensitive structured or unstructured data resides, says new Ponemon study.
By William Welsh Contributing Writer, 6/24/2014
Comment3 comments  |  Read  |  Post a Comment
Crowdsourcing & Cyber Security: Who Do You Trust?
Robert R. Ackerman Jr., Founder & Managing Director, Allegis CapitalCommentary
A collective security defense can definitely tip the balance in favor of the good guys. But challenges remain.
By Robert R. Ackerman Jr. Founder & Managing Director, Allegis Capital, 6/24/2014
Comment3 comments  |  Read  |  Post a Comment
P.F. Chang's Breach Went Undetected For Months
Lucas Zaichkowsky, Enterprise Defense Architect, AccessDataCommentary
Early reports indicate that the compromise involved a large number of restaurant locations and dates as far back as September 2013.
By Lucas Zaichkowsky Enterprise Defense Architect, AccessData, 6/23/2014
Comment3 comments  |  Read  |  Post a Comment
Data Security Decisions In A World Without TrueCrypt
Cam Roberson, Director Reseller Channel, Beachhead SolutionsCommentary
The last days of TrueCrypt left many unanswered questions. But one thing is certain: When encryption freeware ends its life abruptly, being a freeloader can get you into a load of trouble.
By Cam Roberson Director Reseller Channel, Beachhead Solutions, 6/18/2014
Comment16 comments  |  Read  |  Post a Comment
The Problem With Cyber Insurance
Ira Scharf, Chief Strategy Officer, BitSight TechnologiesCommentary
Insurers have yet to develop an evidence-based method to assess a company's cyber risk profile. This can result in high premiums, low coverage, and broad exclusions.
By Ira Scharf Chief Strategy Officer, BitSight Technologies, 6/17/2014
Comment9 comments  |  Read  |  Post a Comment
A Roadmap for CIOs & CSOs After the Year of the Mega Breach
Sheila B. Jordan, SVP & CIO, SymantecCommentary
The journey starts with three steps: Engage the C-suite, think like a hacker, and look at the big picture.
By Sheila B. Jordan SVP & CIO, Symantec, 6/16/2014
Comment16 comments  |  Read  |  Post a Comment
NIST Security Guidance Revision: Prepare Now
Vincent Berk, Commentary
NIST 800-53 Revision 5 will likely put more emphasis on continuous monitoring. Don't wait until it arrives to close your security gaps.
By Vincent Berk , 6/16/2014
Comment4 comments  |  Read  |  Post a Comment
Heartbleed & The Long Tail Of Vulnerabilities
Martin McKeay, Senior Security Advocate, AkamaiCommentary
To this day there are still unpatched systems, still hackers scanning for vulnerable systems, and still cyber criminals using Heartbleed every day to break into companies.
By Martin McKeay Senior Security Advocate, Akamai, 6/13/2014
Comment5 comments  |  Read  |  Post a Comment
Information Risk Maturity Index Says We're Aware But Not Ready
Sara Peters, News
A new study from PwC and Iron Mountain shows that businesses are having trouble balancing the need for data insight and the need for data security.
By Sara Peters , 6/12/2014
Comment5 comments  |  Read  |  Post a Comment
Monitor DNS Traffic & You Just Might Catch A RAT
Dave Piscitello, VP Security, ICANNCommentary
Criminals will exploit any Internet service or protocol when given the opportunity. Here are six signs of suspicious activity to watch for in the DNS.
By Dave Piscitello VP Security, ICANN, 6/12/2014
Comment3 comments  |  Read  |  Post a Comment
Don’t Let Lousy Teachers Sink Security Awareness
Corey Nachreiner, Director, Security Strategy & Research, WatchGuard TechnologiesCommentary
You can't fix a human problem with a technology solution. Here are three reasons why user education can work and six tips on how to develop a corporate culture of security.
By Corey Nachreiner Director, Security Strategy & Research, WatchGuard Technologies, 6/11/2014
Comment11 comments  |  Read  |  Post a Comment
Putter Panda: Tip Of The Iceberg
George Kurtz, President & CEO, CrowdStrikeCommentary
What CrowdStrike's outing of Putter Panda -- the second hacking group linked to China's spying on US defense and European satellite and aerospace industries -- means for the security industry.
By George Kurtz President & CEO, CrowdStrike, 6/10/2014
Comment3 comments  |  Read  |  Post a Comment
BYOD: Build A Policy That Works
Ericka Chickowski, Contributing Writer, Dark ReadingCommentary
To secure employee-owned smartphones and tablets, it takes a practical, enforceable set of guidelines.
By Ericka Chickowski Contributing Writer, Dark Reading, 6/9/2014
Comment1 Comment  |  Read  |  Post a Comment
Government Advances Continuous Security Monitoring
Henry Kenyon, Commentary
DOD, DHS expect smart technologies will defend networks against common attacks, free IT personnel to deal with more dangerous threats.
By Henry Kenyon , 6/6/2014
Comment3 comments  |  Read  |  Post a Comment
Compliance: The Surprising Gift Of Windows XP
Glenn S. Phillips, Commentary
The end of Windows XP will force organizations to properly reinvest in a modern and compliant desktop infrastructure that will be easier to maintain and secure.
By Glenn S. Phillips , 6/3/2014
Comment3 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Security Insights
Back To Basics
Back To Basics
By failing to execute on basic security, we’re making the attacker's job too easy.
Comment2 comments
Read | Post a Comment
More Sophos Security Insights
Products & Releases
KnowBe4 Acts on Security Threat Concerns with Ransomware Warranty
Agiliance NIST Cybersecurity Content Pack Lowers Breach Risk
First Data and Trustwave Bring New Level of Data Security to Small and Mid-Sized Businesses
Survey Reveals Many Organizations Fail to Implement Effective Password Security Practices
LynuxWorks Changes Company Name to Lynx Software Technologies
Global Velocity Announces its New Approach to Cyber Security Today
Security Startup Vorstack Announces $5.2 Million Funding Round
Imperva Advances Protection Against Data Breaches
More Products & Releases
PR Newswire
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2963
Published: 2014-07-10
Multiple cross-site scripting (XSS) vulnerabilities in group/control_panel/manage in Liferay Portal 6.1.2 CE GA3, 6.1.X EE, and 6.2.X EE allow remote attackers to inject arbitrary web script or HTML via the (1) _2_firstName, (2) _2_lastName, or (3) _2_middleName parameter.

CVE-2014-3310
Published: 2014-07-10
The File Transfer feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center does not verify that a requested file was an offered file, which allows remote attackers to read arbitrary files via a modified request, aka Bug IDs CSCup62442 and CSCup58463.

CVE-2014-3311
Published: 2014-07-10
Heap-based buffer overflow in the file-sharing feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center allows remote attackers to execute arbitrary code via crafted data, aka Bug IDs CSCup62463 and CSCup58467.

CVE-2014-3315
Published: 2014-07-10
Cross-site scripting (XSS) vulnerability in viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCup76308.

CVE-2014-3316
Published: 2014-07-10
The Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to bypass intended upload restrictions via a crafted parameter, aka Bug ID CSCup76297.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Marilyn Cohodas and her guests look at the evolving nature of the relationship between CIO and CSO.