Database Security
Authentication
Privacy
Compliance
Careers & People
Identity & Access Management
Threat Intelligence
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Risk
News & Commentary
Federal IT Security Policies Must Be User Friendly
James Bindseil, Commentary
Federal agencies should choose security tools and policies that suit the productivity needs of their employees.
By James Bindseil , 4/16/2014
Comment1 Comment  |  Read  |  Post a Comment
White House Details Zero-Day Bug Policy
Mathew J. Schwartz, News
NSA denies prior knowledge of the Heartbleed vulnerability, but the White House reserves the right to withhold zero-day exploit information in some cases involving security or law enforcement.
By Mathew J. Schwartz , 4/15/2014
Comment3 comments  |  Read  |  Post a Comment
'Baby Teeth' In Infrastructure Cyber Security Framework
Dave Frymier, Chief Information Security Officer, UnisysCommentary
NIST’s modest effort to improve lax security around IT infrastructure in airports, utilities, and other critical areas now heads to Congress. Don't hold your breath.
By Dave Frymier Chief Information Security Officer, Unisys, 4/14/2014
Comment6 comments  |  Read  |  Post a Comment
Feds Address Antitrust Concerns On Cyberthreat Sharing
William Jackson, Technology WriterCommentary
Justice Dept. and FTC confirm that sharing cybersecurity threat information is not an antitrust law violation.
By William Jackson Technology Writer, 4/11/2014
Comment3 comments  |  Read  |  Post a Comment
Flash Poll: Broken Heartbeat
Marilyn Cohodas, Community Editor, Dark ReadingCommentary
What steps do you plan to take in response to the Heartbleed bug? Take our poll and share your reasons in the comments.
By Marilyn Cohodas Community Editor, Dark Reading, 4/10/2014
Comment0 comments  |  Read  |  Post a Comment
Heartbleed: Examining The Impact
Tim Sapio, Security Analyst, Bishop FoxCommentary
With Heartbleed, there’s little hope of knowing if an asset was breached, if a breach can be identified, or what, if any, data was leaked. Here’s how to defend against future attacks.
By Tim Sapio Security Analyst, Bishop Fox, 4/10/2014
Comment5 comments  |  Read  |  Post a Comment
CIO Vs. CSO: Allies Or Enemies?
Eric Cole, Founder & Chief Scientist, Secure Anchor ConsultingCommentary
In the wake of the Target breach it's clear that the CIO and CSO must have clear boundaries of responsibility and equal representation in the board room.
By Eric Cole Founder & Chief Scientist, Secure Anchor Consulting, 4/10/2014
Comment10 comments  |  Read  |  Post a Comment
Paul Allen Invests In Online Voting Firm
Elena Malykhina, Technology JournalistCommentary
E-voting firm Scytl receives $40 million from Paul Allen's Vulcan Capital to continue election modernization efforts. Defense Department among its customers.
By Elena Malykhina Technology Journalist, 4/9/2014
Comment5 comments  |  Read  |  Post a Comment
What’s Worse: Credit Card Or Identity Theft?
Kerstyn Clover, Attack & Defense Team ConsultantCommentary
When it comes to data loss, it’s time for the conversation to shift from credit cards to personal information like Social Security numbers, home addresses, and your favorite flavor of ice cream.
By Kerstyn Clover Attack & Defense Team Consultant, 4/9/2014
Comment17 comments  |  Read  |  Post a Comment
One Year Later: The APT1 Report
Nick Selby, CEO, StreetCred Software, IncCommentary
One of the most positive impacts of APT1 is the undeniable rise in the stature of the threat intelligence industry. "Threat Intelligence" is the SIEM, the NAC of 2014.
By Nick Selby CEO, StreetCred Software, Inc, 4/8/2014
Comment2 comments  |  Read  |  Post a Comment
If Mother Nature Were A CISO
TK Keanini, CTO, LancopeCommentary
There are many defensive patterns in nature that also apply to information security. Here's how to defeat your predators in the high-stakes game of corporate survival and resiliency.
By TK Keanini CTO, Lancope, 4/7/2014
Comment2 comments  |  Read  |  Post a Comment
Colleagues In Cuffs: When Employees Steal Patient Records
Alison Diana, Senior EditorCommentary
The Queens County DA recently arrested two Jamaica Hospital employees for stealing patient data, a lucrative crime occurring at hospitals across the nation.
By Alison Diana Senior Editor, 4/7/2014
Comment12 comments  |  Read  |  Post a Comment
We Are the Perimeter
Malcolm Harkins, Vice President and Chief Security and Privacy Officer, Intel CorporationCommentary
End users, not technology, define the boundaries of the enterprise. Security strategies must protect this new perimeter.
By Malcolm Harkins Vice President and Chief Security and Privacy Officer, Intel Corporation, 4/7/2014
Comment1 Comment  |  Read  |  Post a Comment
Nominum: 24 Million Home Routers Exposing ISPs to DDoS Attacks
Brian Prince, Contributing Writer, Dark ReadingNews
Even Internet service providers that go to great lengths to protect their networks are vulnerable.
By Brian Prince Contributing Writer, Dark Reading, 4/4/2014
Comment7 comments  |  Read  |  Post a Comment
NSA’s Big Surprise: Gov’t Agency Is Actually Doing Its Job
Ira Winkler, Commentary
When people claimed after 9/11 that the NSA was ill equipped to deal with a changing world, I wonder what they expected to happen.
By Ira Winkler , 4/4/2014
Comment14 comments  |  Read  |  Post a Comment
Study: Security Fears Continue To Block Cloud Deployment
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
'Fear of the unknown' still haunts cloud adoption.
By Tim Wilson Editor in Chief, Dark Reading, 4/3/2014
Comment16 comments  |  Read  |  Post a Comment
The Right Stuff: Staffing Your Corporate SOC
Rick Howard, CSO, Palo Alto NetworksCommentary
What makes a top-notch security analyst? Passion, experience, and communication skills trump certifications and degrees. But you get what you pay for.
By Rick Howard CSO, Palo Alto Networks, 4/2/2014
Comment10 comments  |  Read  |  Post a Comment
Be Careful Beating Up Target
Craig Carpenter, Chief Cybersecurity Strategist, AccessDataCommentary
Target was actually better prepared than most retailers. The real problem lies with the current state of industry threat intelligence and IR practices.
By Craig Carpenter Chief Cybersecurity Strategist, AccessData, 4/1/2014
Comment13 comments  |  Read  |  Post a Comment
Bit Errors & the Internet of Things
Jaeson Schultz, Threat Research Engineer, Cisco TRAC TeamCommentary
Internet traffic, misdirected to malicious bitsquatted domains, has plagued computer security for years. The consequences will be even worse for the IoT.
By Jaeson Schultz Threat Research Engineer, Cisco TRAC Team, 3/31/2014
Comment7 comments  |  Read  |  Post a Comment
Don't Put Too Much Faith in Cyberinsurance
Sara Peters, Commentary
Cyberinsurance is great for covering discrete costs like breach notifications and legal fees, but don't rely heavily on it for much else.
By Sara Peters , 3/26/2014
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Security Insights
Preying On A Predator
Preying On A Predator
Mac OS X Snow Leopard is perfectly positioned to be the next target for cybercriminals.
Comment0 comments
Read | Post a Comment
More Sophos Security Insights
Products & Releases
New Osterman Research Report: Only 13% Happy With Compliance Methods
BlackBerry Advances Security of its Multi-Platform Mobility Portfolio with New Cryptography Certification
Liberty International Underwriters to Provide Network Activity Monitoring through BitSight Technologies for LIU Data Insure Policyholders
Alert Logic Adds Capabilities To Enhance Hybrid IT Security
Synopsys Completes Coverity Acquisition
Parallels Survey Of IT Professionals Finds Macs Moving Beyond BYOD Phenomenon, Now Considered For Broader Corporate Deployment
NetIQ Unveils NetIQ MobileAccess
Adblock Plus Expands Anti-Tracking Privacy Tool
More Products & Releases
PR Newswire
Register for Dark Reading Newsletters
White Papers
Current Issue
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2011-0460
Published: 2014-04-16
The init script in kbd, possibly 1.14.1 and earlier, allows local users to overwrite arbitrary files via a symlink attack on /dev/shm/defkeymap.map.

CVE-2011-0993
Published: 2014-04-16
SUSE Lifecycle Management Server before 1.1 uses world readable postgres credentials, which allows local users to obtain sensitive information via unspecified vectors.

CVE-2011-3180
Published: 2014-04-16
kiwi before 4.98.08, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands via shell metacharacters in the path of an overlay file, related to chown.

CVE-2011-4089
Published: 2014-04-16
The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory.

CVE-2011-4192
Published: 2014-04-16
kiwi before 4.85.1, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands as demonstrated by "double quotes in kiwi_oemtitle of .profile."

Best of the Web