Vulnerabilities / Threats
News & Commentary
How Next-Generation Security Is Redefining The Cloud
Bill Kleyman, National Director of Strategy & Innovation, MTM TechnologiesCommentary
Your cloud, datacenter, and infrastructure all contain flexible and agile components. Your security model should be the same.
By Bill Kleyman National Director of Strategy & Innovation, MTM Technologies, 7/14/2014
Comment0 comments  |  Read  |  Post a Comment
Government Security: Saying 'No' Doesn't Work
Steve Jones, Group Strategy Director, Big Data & Analytics, CapgeminiCommentary
It's time for government agencies to move beyond draconian security rules and adopt anomaly analytics.
By Steve Jones Group Strategy Director, Big Data & Analytics, Capgemini, 7/14/2014
Comment0 comments  |  Read  |  Post a Comment
Strategic Security: Begin With The End In Mind
Jason Sachowski, Sr. Manager, Security R&D, ScotiabankCommentary
The trouble with traditional infosec methodology is that it doesn’t show us how to implement a strategic security plan in the real world.
By Jason Sachowski Sr. Manager, Security R&D, Scotiabank, 7/11/2014
Comment4 comments  |  Read  |  Post a Comment
Global Law Enforcement, Security Firms Team Up, Take Down Shylock
Sara Peters, News
À la GOZeuS, an international, public-private collaboration seizes a banking Trojan's command and control servers.
By Sara Peters , 7/10/2014
Comment1 Comment  |  Read  |  Post a Comment
Cloud & The Fuzzy Math of Shadow IT
Krishna Narayanaswamy, Founder & Chief Scientist, NetskopeCommentary
Do you know how many cloud apps, on average, are running in your organization? The number is probably greater than you think.
By Krishna Narayanaswamy Founder & Chief Scientist, Netskope, 7/10/2014
Comment10 comments  |  Read  |  Post a Comment
In Fog Of Cyberwar, US Tech Is Caught In Crossfire
Julian Waits, President & CEO, ThreatTrack SecurityCommentary
Distrust of the US intelligence community is eroding consumer confidence and hampering US technology firms on the global stage at a time when the sector should be showing unprecedented growth.
By Julian Waits President & CEO, ThreatTrack Security, 7/9/2014
Comment6 comments  |  Read  |  Post a Comment
Retro Macro Viruses: They're Baaack
Kevin Casey, Commentary
Malicious Virtual Basic for Applications (VBA) macros are back, this time using social engineering to trick users into opening infected attachments, says Sophos.
By Kevin Casey , 7/9/2014
Comment2 comments  |  Read  |  Post a Comment
Electronic Frontier Foundation Sues NSA, Director of National Intelligence
Sara Peters, Quick Hits
EFF says that the agencies have failed to provide documents requested under the Freedom of Information Act.
By Sara Peters , 7/8/2014
Comment2 comments  |  Read  |  Post a Comment
6 Tips for Using Big Data to Hunt Cyberthreats
Timber Wolfe, Principal Security Engineer, TrainACECommentary
You need to be smart about harnessing big data to defend against today’s security threats, data breaches, and attacks.
By Timber Wolfe Principal Security Engineer, TrainACE, 7/8/2014
Comment3 comments  |  Read  |  Post a Comment
Dark Reading Radio: The Changing Role Of The CSO
Marilyn Cohodas, Community Editor, Dark ReadingCommentary
Why does the CSO report to the CIO? Join us for a panel discussion. Showtime is today, Wednesday, 1:00 p.m., New York, 10 a.m., San Francisco.
By Marilyn Cohodas Community Editor, Dark Reading, 7/8/2014
Comment7 comments  |  Read  |  Post a Comment
Black Hat USA 2014: Third-Party Vulns Spread Like Diseases
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Understanding the impact of vulnerabilities in libraries and other components
By Ericka Chickowski Contributing Writer, Dark Reading, 7/7/2014
Comment2 comments  |  Read  |  Post a Comment
Why Your Application Security Program May Backfire
Jeff Williams, CTO, Contrast SecurityCommentary
You have to consider the human factor when you’re designing security interventions, because the best intentions can have completely opposite consequences.
By Jeff Williams CTO, Contrast Security, 7/2/2014
Comment2 comments  |  Read  |  Post a Comment
Infamous Banking Malware Adds Email-Sending Feature
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
Cridex -- a.k.a. Feodo and Bugat -- now has a more streamlined and automated way of infecting victims and stealing their information.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 7/1/2014
Comment0 comments  |  Read  |  Post a Comment
Microsoft Sues To Seize Domains Responsible For Millions Of Infections
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Free Dynamic DNS provider No-IP fingered as major culprit in spread of Jenxcus and Bladabindi.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/1/2014
Comment7 comments  |  Read  |  Post a Comment
Hacker Movies We Love & Hate
Marilyn Cohodas, Community Editor, Dark Reading
Check out Dark Reading community members' favorite hacker movie hits and misses. Then add your picks in the comments section.
By Marilyn Cohodas Community Editor, Dark Reading, 7/1/2014
Comment3 comments  |  Read  |  Post a Comment
4 Facebook Privacy Intrusion Fixes
Kristin Burnham, Senior Editor, InformationWeek.comCommentary
Facebook may control most of your data, but you can take protective steps. Here's what you need to know.
By Kristin Burnham Senior Editor, InformationWeek.com, 6/30/2014
Comment12 comments  |  Read  |  Post a Comment
How Microsoft Cracks The BYOD Code: 3 Tips
Bret Arsenault, CISO, MicrosoftCommentary
Microsoft’s CISO shares best-practices for balancing employee autonomy and security in today’s bring-your-own world.
By Bret Arsenault CISO, Microsoft, 6/30/2014
Comment5 comments  |  Read  |  Post a Comment
3 Mobile Security Tips For SMBs
Vijay Basani, Co-Founder, President & CEO, EIQ NetworksCommentary
Everyone in an organization has to work together to combat intrusions and data loss, but this is especially true for small businesses.
By Vijay Basani Co-Founder, President & CEO, EIQ Networks, 6/27/2014
Comment5 comments  |  Read  |  Post a Comment
Dell Focuses On Security
Michael Endler, Associate Editor, InformationWeek.comCommentary
Dell made a flurry of security-minded announcements this week, highlighted by improvements to its Dropbox for Business integration.
By Michael Endler Associate Editor, InformationWeek.com, 6/26/2014
Comment5 comments  |  Read  |  Post a Comment
Cloud Security: Think Today’s Reality, Not Yesterday’s Policy
Tal Klein, VP Strategy, AdallomCommentary
SaaS, BYOD, and mobility are inseparable, yet time and time again companies attempt to compartmentalize the three when they make a move to the cloud. That's a big mistake.
By Tal Klein VP Strategy, Adallom, 6/25/2014
Comment12 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Security Insights
Back To Basics
Back To Basics
By failing to execute on basic security, we’re making the attacker's job too easy.
Comment2 comments
Read | Post a Comment
More Sophos Security Insights
PR Newswire
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-4013
Published: 2014-07-14
SQL injection vulnerability in the Policy Manager in Aruba Networks ClearPass 5.x, 6.0.x, 6.1.x through 6.1.4.61696, 6.2.x through 6.2.6.62196, and 6.3.x before 6.3.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

CVE-2014-4944
Published: 2014-07-14
Multiple SQL injection vulnerabilities in inc/bsk-pdf-dashboard.php in the BSK PDF Manager plugin 1.3.2 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) categoryid or (2) pdfid parameter to wp-admin/admin.php.

CVE-2014-4945
Published: 2014-07-14
Multiple cross-site scripting (XSS) vulnerabilities in Horde Internet Mail Program (IMP) before 6.1.8, as used in Horde Groupware Webmail Edition before 5.1.5, allow remote attackers to inject arbitrary web script or HTML via an unspecified flag in the basic (1) mailbox or (2) message view.

CVE-2014-4946
Published: 2014-07-14
Multiple cross-site scripting (XSS) vulnerabilities in Horde Internet Mail Program (IMP) before 6.1.8, as used in Horde Groupware Webmail Edition before 5.1.5, allow remote attackers to inject arbitrary web script or HTML via (1) unspecified flags or (2) a mailbox name in the dynamic mailbox view.

CVE-2013-6117
Published: 2014-07-11
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Marilyn Cohodas and her guests look at the evolving nature of the relationship between CIO and CSO.