Best Of Web
Best Of The Web
INFOSECURITY MAGAZINE
CS-CERT Reports Two Hacks On Building Management Systems
ICS-CERT Monitor reports two similar hacks last year where attackers used a weak credentials vulnerability to gain access to buildings' energy management system (EMS), Tridium Niagara.
IDIGITAL TIMES
South Korea Fears Cyber Attack On Its Nuclear Power Plants
The South Korean government has disconnected all of its nuclear power plants from the Internet to prevent attacks from North Korea
SECURITY LEDGER
DARPA Cyber Chief Peiter 'Mudge' Zatko Heads To Google
Peiter "Mudge" Zatko, a project manager for cybersecurity research at DARPA for the past three years, is going to Google
SECURITY WEEK
Guantanamo Trials Delayed Amid Charges Of Government Intrusion
The Guantanamo war crimes tribunals have been delayed after case files went missing from the defense team's systems, and hundreds of thousands of documents, including attorney-client communications, were discovered on the systems of prosecutors
THREAT POST
Convicted TJX Hacker Regrets Taking 'Easy Way Out' With Plea Deal
Stephen Watt, who wrote the sniffer used by some of his friends to steal millions of credit card numbers from TJX and Dave & Buster’s, say he regrets taking the plea bargain rather than fighting the charges
PC MAGAZINE
WordPress, Joomla Sites Under Brute-Force Password Attack
Thousands of WordPress and Joomla sites are currently under attack by a botnet that's brute-forcing passwords
NETWORK WORLD
John Kerry: Cyberdefense A Major Part Of Asian Security
The U.S. Secretary of State said the U.S. has established cyberworking groups with Japan and China
NETWORK WORLD
Twitter OAuth Feature Can Be Abused To Hijack Accounts, Researcher Says
A feature in the Twitter API can be abused by attackers to launch social engineering attacks that would give them a high chance of hijacking user accounts, a researcher said at the Hack in the Box security conference in Amsterdam
THREAT POST
Microsoft: Uninstall Faulty Patch Tuesday Security Update
Microsoft stopped pushing a security update originally released on Patch Tuesday because the fix is causing some PCs to render a blue screen
ARS TECHNICA
A Beginner's Guide To Building Botnets -- With Little Assembly Required
You can get tools and around-the-clock support for a few hundred dollars
THE ATLANTIC WIRE
No, That German Hacker Probably Can't Hijack An Airplane With Software
The FAA, the European Aviation Safety Administration (EASA), and Honeywell, the manufacturer of the cockpit software that a researcher says he can use to commandeer a plane, all say the method would not work using real flight systems
THREAT POST
Study Shows Google Better Than Bing At Filtering Malicious Websites
Bing delivered five times the malware as Google
DEFENSE SYSTEMS
DOD Plans Major Reorganization Of Cyber Forces
The Defense Department will move military and civilian employees from other areas to boost its cyber workforce, according to a DOD budget strategy report for fiscal 2014
COMPUTERWORLD
White House Signals It Won't Support CISPA In Present Form
The White House supports the Cyber Intelligence Sharing and Protection Act (CISPA)'s broad goals, but wants privacy controls built into the bill
RADIO AUSTRALIA
Malaysian Government Behind Media Cyber Attacks: Sarawak Report
Malaysia's election campaign has been marred by cyberattacks against independent media outlets -- and one radio station owner is blaming the Malaysian government for the attacks
ZDNET
France Gets Crack Team Of Civilian Cyberdefenders (Who Won't Get To Do Much)
The French ministry of defense says a network of cyberdefense reservists will help raise awareness and organize events to foster cyberdefense as a national strategy
CLOUD PRO
Analysts Sound Data Security Alarm Over Cloud And BYOD
Companies need to rethink their security strategies to keep sensitive data safe, experts say
GOVERNMENT INFO SECURITY
Will Retirements Put Federal IT At Risk?
Twenty percent of IT security workforce could retires in three years, survey says
HACKER NEWS
Social Engineering Skype Support Team To Hack Any Account Instantly
Simple scam enables attackers to get access to any Skype account
AVG INSIGHT
Ninety Percent Of Game Hacks Are Infected With Malware
Downloading hacks or pirated copies of games can lead to infection, security company says
BLOOMBERG BUSINESSWEEK
Obama Boosts Pentagon Cyber Budget Amid Rising Attacks
White House plans to boost U.S. spending on cybersecurity following reports of electronic theft of secrets linked to China
FORBES
Researcher Says He's Found Hackable Flaw In Airplanes' Navigation Systems
FAA disagrees with researcher's findings
MASHUP
Why You Should Care Cybersecurity Lobbying Doubled Last Year
Vendors, service providers flex their muscle over users and consumers, report says
C/NET
IRS Claims It Can Read Your Email Without A Warrant
Americans enjoy "generally no privacy" in their email, Facebook chats, or other electronic communications, according to internal documents
FSECURE BLOG
Android Malware: Breaking New Ground And Old Taboos
Android malware being distributed by a mass-market crimeware gang could be a game changer
TECHWEEK EUROPE
Patch Tuesday Lands With Critical Internet Explorer Fix
Two of the patches rated critical, the other seven as important
COMPUTERWORLD
Mobile Phone Apps View Private Data More Than Necessary, Says French Study
Mobile phone users lack control over apps' access to private data, government agencies say
BANK INFOSECURITY
New Wave Of Call Center Fraud
First State Bank of Blakely, Ga., a $330 million institution, was hit with a series of Skype calls from fraudsters posing as customers
HEALTH IT SECURITY
Blue Cross Blue Shield Patient Data Breach Details Emerge
Thousands of Blue Cross Blue Shield patients were affected by patient data stolen from a network server; PHIPrivacy.net reports that the source of the breach was solutions provider Connextions, which Blue Cross Blue Shield uses for call-center services
NBC NEWS
Six U.S. Air Force Cyber Tools Designated As 'Weapons'
These new designations would help normalize military cyber operations as the U.S. military works to keep up with rapidly changing threats
WIRED
Secrets Of FBI Smartphone Surveillance Tool Revealed In Court Fight
Verizon Wireless aided federal agents in using it to track a suspect, remotely reprogramming an air card he was using
THREAT POST
Pwn2Own IE Vulnerabilities Missing From Microsoft Patch Tuesday Updates
Microsoft�s monthly Patch Tuesday security updates released today did not include patches for Internet Explorer vulnerabilities used during the recent Pwn2Own contest
THE GUARDIAN
Lulzsec Hacktivists Plead Guilty To Cyber-Attacks On NHS, Sony And NI
Alleged LulzSec hackers Jake Davis, a.k.a. 'Topiary,' Ryan Ackroyd, and Mustafa al-Bassam, have all pled guilty and will be sentenced on May 14
TECH WORLD
Cyber-Insurance Market Needs Government Kickstart, Claims New Analysis
NSS Labs' analyst brief says the current U.S. market is made up of only a few dozen providers compared to the 5,000 that offer other types of business insurance
WIRED
Now Your iPhone Can Read Fingerprints, Scan Irises And ID Your Face
AOptix rolled out a new hardware and app package that transforms an iPhone into a mobile biometric reader
THREAT POST
Adobe Ships Fixes For Flash, Coldfusion And Shockwave In April Patch Release
Adobe published its monthly security bulletins today, pushing out updates that address issues in the company's ColdFusion platform as well as its Flash and Shockwave Players
SECURITY WEEK
McAfee: Point Of Sale Systems Putting Retailers At Risk
New report highlights growing risks of mix of legacy and newer POS systems, in addition to secondary market hardware
NAKED SECURITY BLOG
WordPress.com Boosts Security For Bloggers With Two-Factor Authentication
Automattic, the company behind the wildly popular blog hosting platform WordPress.com, has announced the immediate availability of 2FA for WordPress.com account holders
ABC NEWS
Hackers Target Israeli Websites, Fail to Disrupt
Anonymous' efforts to DDoS key Israeli websites yesterday failed to cause serious disruptions Israeli officials said
ABC NEWS
Hackers Target Israeli Websites, Fail to Disrupt
Anonymous' efforts to DDoS key Israeli websites yesterday failed to cause serious disruptions Israeli officials said
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
- Remote Data Replication: Combat Disasters And Optimize Business Operations
- Riverbed vs Silver Peak: WAN Optimization Vendors Put to the Test
- Storage Infrastructure as a Service The Best of Cloud and On-premises Storage
- Putting Metaswitch's SBC Software to the Test
- When It Makes Sense to Move to Desktop Virtualization: Seven Key Indicators
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- Endpoint Security: End user security requires layers of tools and training as employees use more devices and apps.
- Security Isn't A Piece Of Cake: It's time we rethink the conventional wisdom about security layering.
- BYOD Is Here To Stay: Trying to keep employees' devices off the network is futile.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-4612 (redcap)
Multiple cross-site scripting (XSS) vulnerabilities in REDCap before 5.1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving different modules.
CVE-2013-4611 (redcap)
Multiple unspecified vulnerabilities in REDCap before 5.1.1 allow remote attackers to have an unknown impact via vectors involving (1) the Online Designer page or (2) the Manage Survey Participants page.
CVE-2013-4610 (redcap)
Unspecified vulnerability in the Data Search utility in data-entry forms in REDCap before 5.0.3 and 5.1.x before 5.1.2 has unknown impact and remote attack vectors.
CVE-2013-4609 (redcap)
REDCap before 5.0.4 and 5.1.x before 5.1.3 does not reject certain undocumented syntax within branching logic and calculations, which allows remote authenticated users to bypass intended access restrictions via (1) the Online Designer or (2) the Data Dictionary upload, as demonstrated by an eval call.
CVE-2013-4608 (redcap)
Cross-site scripting (XSS) vulnerability in REDCap before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via vectors involving the Graphical Data View & Descriptive Stats page.



