Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

GUEST BLOG // Selected Security Content Provided By Sophos

Latest Content
Page 1 / 2   >   >>
3 Places to Enable 2-Factor Authentication Now
Security Insights  |  8/7/2014  | 
Two-factor authentication is a ubiquitous, mature technology. Whether or not you use it for your network, here are three external services for which you should immediately enable it.
Microsoft, No-IP, And The Need For Clarity
Security Insights  |  7/7/2014  | 
The Microsoft vs. No-IP case highlights the need for clear standards of abuse handling and transparency on which service providers measure up.
Back To Basics
Security Insights  |  6/4/2014  | 
By failing to execute on basic security, were making the attacker's job too easy.
Preying On A Predator
Security Insights  |  2/27/2014  | 
Mac OS X Snow Leopard is perfectly positioned to be the next target for cybercriminals.
When Websites Attack
Security Insights  |  12/31/2013  | 
Windows threats like Cryptolocker and ZeroAccess get all of the attention, but malware targeting (Linux) Web servers continues to evolve
The Dinosaur In The Room
Security Insights  |  12/5/2013  | 
Support for Windows XP ends in April 2014; the implications extend beyond the workstation
What You Need To Know About CryptoLocker
Security Insights  |  11/21/2013  | 
CryptoLocker ransomware is terrorizing home and business users alike. Here's how to protect yourself
With Shared Power Comes Shared Responsibility
Security Insights  |  10/17/2013  | 
Security does not rest entirely on your users' shoulders, so don't make them feel like it does
The New KISS Rule: Keep Information Security Simple
Security Insights  |  9/25/2013  | 
IT environments are becoming more complex; the solution may be simpler security
How To Train Your Users
Security Insights  |  9/10/2013  | 
Help users contribute to your organization's security by teaching them to protect The Four Cs: computers, credentials, connections, and content
The More Things Change
Security Insights  |  8/13/2013  | 
Today's malware is more complex than ever, yet it's still based on three basic hacks
Has Chrome Struck Security Gold?
Security Insights  |  7/31/2013  | 
Some criminals have all but given up on attacking Chrome users. Have exploit authors met their match in Mountain View, or is there more to the story?
Forget Standardization -- Embrace BYOD
Security Insights  |  7/17/2013  | 
The platform standardization ship has sailed, but mobile device management is your ticket to securing all of those handhelds
Exclusive: Pwnie Express Evolves The Role Of The Pen Tester
Security Insights  |  6/3/2013  | 
Pwnie Express recently released Citadel PX, which will expand the role of the pen tester. The new offering will enable greater marketability while improving quality of life
Security War Games
Security Insights  |  5/17/2013  | 
Information security keeps evolving, but our educational methods are not evolving rapidly enough to win the cold cyberwar
Hacker Conferences Come To Bloom In Chicago
Security Insights  |  4/29/2013  | 
Chicago was off the hook with two hacker conferences hosting Bruce Schneier, Josh Corman, Jericho, and many others, including a few first-time presenters
Your Privacy Doesn't Exist
Security Insights  |  4/16/2013  | 
Protecting your privacy never ends
Cool Tech's First Showing At RSA Conference 2013
Security Insights  |  3/1/2013  | 
Meet five unsung heroes that showcased their new solutions at the RSA Conference. You may find something you didn't know you needed
Microsoft Calling?
Security Insights  |  2/20/2013  | 
Microsoft appears proactive by calling its end users to ensure they are applying the latest security patches. Or could it be a social engineering scam?
Canada Joins The DNSSEC Party
Security Insights  |  2/4/2013  | 
Implementing DNSSEC will take some effort, but it plays an important role in securing the future Internet
Android Mobile Malware Found In The Wild
Security Insights  |  1/14/2013  | 
Finding it hard to believe that mobile malware really exists because you haven't seen it?
Another Zero-Day For Symantec PGP WDE
Security Insights  |  1/7/2013  | 
Symantec PGP Desktop is having a bumpy new year with a second zero-day vulnerability released in 13 days. Take action to protect your data
Advisory: As New Year Approaches, Android Malware Detection Growing
Security Insights  |  12/31/2012  | 
As 2012 comes to a close, cybercriminals are taking advantage of your Android app purchases with mobile malware. Be on high alert after you install new Android apps from third-party markets and Google's
BYOS: Data At Risk From Endpoint To Cloud And Back Again
Security Insights  |  12/17/2012  | 
Bring Your Own Software introduces data protection risks that BYOD attempts to account for. Enable your users with data protection encryption software on their own devices rather than playing IT whack-a-mole
Android Riskier Than PCs: Sophos Security Threat Report 2013
Security Insights  |  12/5/2012  | 
Acceleration of BYOD and cloud, challenges caused by ransomware, continued threats coming from Blackhole, and what to expect in 2013
DoD's Bold Initiative: Secure The User, Not The Device
Security Insights  |  11/14/2012  | 
Joint Information Environment effort under way to improve its ability to share information between the services, industry partners, and other government agencies
Is A Greater Risk Of Data Loss The Trade-Off For Convenience?
Security Insights  |  10/30/2012  | 
Ease of use aside, protecting customer data is never an afterthought
Finding Against Chinese Firms Has Lessons For Security Professionals Beyond Mere Avoidance
Security Insights  |  10/11/2012  | 
Sometimes the biggest threats to data security hide in plain sight
Whether You Call It Modern Or Metro, Here Are Eight Security Tips For Windows 8
Security Insights  |  9/25/2012  | 
Windows 8 a case of improved security, increased vigilance
'Warbiking' Experiment Exposes One In Four Hotspots Have Poor, Or No, Security
Security Insights  |  9/10/2012  | 
Excursion into central London streets finds obsolete WEP encryption standard still in use
Porous Network Perimeters Sometimes Caused By People
Security Insights  |  8/16/2012  | 
What a trespassing jet skier and the Citadel Trojan have in common
Latest Black Eye For Dropbox Shines Spotlight On Larger Problem
Security Insights  |  8/2/2012  | 
Handing off your unencrypted data to a cloud storage service doesn't suddenly make it the service's problem if the data is compromised or lost. Responsibility runs in both directions
Traveling Safe, Traveling Smart
Security Insights  |  7/5/2012  | 
Keep your guard up when traveling: Bad Actors never take vacations
Midyear Security Predictions: What You Should Know And Look Out For
Security Insights  |  6/19/2012  | 
Consumerization, APTs, and cloud computing will dominate discussions during next six months
What A Secure Top-Level Domain Can And Can't Do
Security Insights  |  5/24/2012  | 
Is the .secure domain a better mousetrap, or does it lead only to the same dead end?
Where In Hacking The Ends Justify The Means
Security Insights  |  5/8/2012  | 
Do some 'ethical hackers' really have your best interest at heart, or are they more interested in making your private information public?
Coming Soon to Your Smartphone: Mobile Ticketing That Keeps Your Transactions Safe
Security Insights  |  4/25/2012  | 
Just because smartphone rail ticketing is a first here in the states doesn't mean mobile malware writers aren't already paying attention
The Benefits Of Top-Down Security
Security Insights  |  4/18/2012  | 
While enterprise-level breaches often get the attention of C-level suite executives and the members of their IT staff, industry research shows it actually falls to rank-and-file employees to apply best practices and exercise sound judgment in order to properly contain them
Utah Medicaid Breach Exemplifies Value Of Encryption And Access Control
Security Insights  |  4/11/2012  | 
Proactively applying private- or public-key encryption coupled with access control won't eliminate data breaches. But it will make it harder for the bad guys to take advantage of you
SXSW's Social Experiment Tests Limits Of Secure Data Encryption And The Human Condition
Security Insights  |  3/26/2012  | 
Reducing your fellow, fallen-on-hard-times human beings to virtual access points discounts their humanity and may compromise your data's security
Lessons From Heartland Breach In Keeping Sensitive Data From Bad Guys
Security Insights  |  3/19/2012  | 
Substituting the notion of hacker-proof invincibility for inevitably empowers IT, changes outcomes, and gives rise to resilient infrastructures
Stuxnet, The Nation's Power Grid, And The Law Of Unintended Consequences
Security Insights  |  3/12/2012  | 
The debate persists: Should the feds supply security oversight for utilities to stop the next Stuxnet? Or can they really go it alone?
Nortel Networks: Wolf In The Henhouse, Guard Dog Fast Asleep
Security Insights  |  2/17/2012  | 
Keeping stock and patent price at premium trumps disclosure at Nortel Networks
We Make Widgets -- Let Someone Else Handle Security
Security Insights  |  1/20/2012  | 
If you're a customer-facing organization, then security can't take second place behind your services
Criminals Make Sure You're Never Really Alone, Even In Self-Checkout Lanes
Security Insights  |  12/15/2011  | 
Vigilance against card fraud is a 24/7 process, even at the grocery store
Unprotected SCADA Systems An Avoidable Risk
Security Insights  |  11/30/2011  | 
Disconnecting SCADA systems from the Internet prevents opportunistic hacking
Just Because Data Is Portable Doesn’t Make It Safer
Security Insights  |  11/3/2011  | 
Oracle survey finds most smartphone users believe their data is at risk
Microsoft Research Shows Malware Infections Mostly 'Your Fault'
Security Insights  |  10/27/2011  | 
User vigilance is key to securing data, digital identities
RIM's Biggest Network Disruption Over: Now What?
Security Insights  |  10/17/2011  | 
Service disruption becoming all too familiar outcome for BlackBerry users
iTunes Fraud Generates New Publicity, But Who Is Responsible For Online Fraud?
Security Insights  |  10/6/2011  | 
Consumers should take steps to proactively protect themselves against an attack
Page 1 / 2   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15208
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can ...
CVE-2020-15209
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one....
CVE-2020-15210
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and ...
CVE-2020-15211
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices f...
CVE-2020-15212
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to `segment_ids_data` can alter `output_index` and then write to outside of `outpu...