Best Of Web
Best Of The Web
FORBES
Hacker Charged With Using 3,000 Nude Photos To Victimize 350 Women
Man hacked into online accounts, changed victims' passwords, and then searched e-mails or other files for naked or semi-naked pictures of the victims, as well as other information, such as passwords
SMART DATA COLLECTIVE
HIPAA Violation Penalties Rise In Response To Data Breaches
Repeat HIPAA violations within the same year can hold a fine of $1.5 million across all HIPAA violation categories, up from what was once a $250,000 minimum
THREAT POST
New Ransomware Encrypts Victim Data
An odd ransomware variant actually does what it says it will do, and encrypts data on infected machines so victims can't access it
BBC
Apple Users Launch Privacy Campaign Against Google
Safari users claim Google bypassed their security settings to install cookies
NBC NEWS
Google Pledges Fight Over Government Access To Users' Email
Search engine giant will lobby Washington to make it harder for law enforcement to gain access
SOFTPEDIA
27 Government Sites Belonging To Brazil's State Of Maranhao Hacked
Hackers of Ashiyane Digital Security Team breach government sites in Brazilian state
FINEXTRA
Hacktivists Suspend Bank DDoS Campaign
Hacktivist group says it has suspended DDoS after controversial film disappears from YouTube
TOOLBOX.COM
ACH Fraud Hurts Bank Reputations
Small and midsize businesses growing increasingly restive over account takeovers from ACH fraud
THE HILL
Blood Bank Settles FTC Charges For Failing To Protect Personal Information
Weak security practices led to exposure of some 300,000 customers' personal data, commission says
BLOOMBERG
Israeli Troops Swap Guns For Computers
Israel builds up cyberdefense force
SOFTPEDIA
Team GhostShell Targets African Organizations, Leaks 700,000 Records
Hacktivists initiate Project Sunrise, targeting organizations in South Africa and other countries
HELP NET SECURITY
Trojan Uses Anti-Spam System To Keep In Touch With C&C Servers
Symantec discovered a Trojan that uses the Sender Policy Framework (SPF) to retain the connection between malware and C&C servers
THE WASHINGTON POST
FBI Is Increasing Pressure On Suspects In Stuxnet Inquiry
Federal investigators looking into leaks of classified information about Stuxnet have increased pressure on current and former senior government officials suspected of involvement, according to people familiar with the investigation
SECURITY WEEK
Anonymous Downs U.S Government Site
Anonymous says it disabled the U.S. Sentencing Commission's website this weekend in retaliation for the death of Aaron Swartz and says it will leak government data it obtained
FORBES
More Than A Dozen Brands Of Security Camera Systems Vulnerable To Hacker Hijacking
Some 18 brands of security camera digital video recorders (DVRs) can be exploited such that an attacker could remotely gain control of the devices to watch, copy, delete, or alter video streams and also use the machines as a stepping-stone to access other computers behind a company's firewall
NPR
Google Explains How It Handles Police Requests For Users' Data
Google says police need a search warrant before accessing some customer information from the search giant
GOV INFOSECURITY
Defending DHS As Cybersecurity Leader
DHS official Mark Weatherford defended the agency's role in protecting civilian agencies amid criticism by Congress
THE ECONOMIST
Atavistic Androids
Around three-fifths of Androids today run older versions of the mobile operating system, prior to 4.0, mostly because the devices don't make it easy or possible in some cases to update
RT.COM
President Putin Orders FSB To Protect Media Sites From Cyber Attack
Russian President Vladamir Putin has ordered the nation's federal security service to set up a system that would detect, counter, and prevent computer attacks on state information resources
FOREIGN POLICY.COM
John Kerry Acknowledges Cyber As One Of The World's Greatest Threats
Sen. John Kerry during his confirmation for Secretary of State said he’d call cyber the '21st-century nuclear weapons equivalent' and it's a space that will require cyberdiplomacy and negotiation
SOFTPEDIA
GitHub Forced To Disable Search After Exposing Private SSH Keys
GitHub's enhancements to its code search engine inadvertently exposed the private Secure Shell (SSH) keys of some repositories
HUFFINGTON POST
Demystifying Rocra
Targeted attacks such as Red October may seem irrelevant to most people, but expect the number of such targeted attacks to grow in 2013 and beyond
COMPUTERWORLD
Former Anonymous Members Jailed In U.K. For PayPal, Visa DDoS Attacks
Three men were sentenced Thursday in the U.K. for their roles in a series of distributed denial-of-service (DDoS) attacks launched against financial and music industry organizations in 2010 -- Christopher Weatherhead, 22, Ashley Rhodes, 28, and Peter Gibson, 24
THREAT POST
Senate Introduces Cybersecurity Bill That Prioritizes Information Sharing
Senators John D. Rockefeller IV (D-WV), Chairman of the Senate Commerce, Science, and Transportation Committee, Tom Carper (D-DE), Chairman of the Senate Homeland Security and Governmental Affairs Committee, and Dianne Feinstein (D-CA), Chairman of the Senate Select Committee on Intelligence, introduced The Cybersecurity and American Cyber Competitiveness Act of 2013
WIRED
Feds Pile On More Charges Against Anonymous Agitator Barrett Brown
Barrett Brown, who has claimed to be a spokesman for Anonymous, faces new charges by authorities in Texas for concealing evidence
SECURITY WEEK
DARPA To Study Network Traffic To Stay Ahead Of Attackers
The Defense Advanced Research Projects Agency (DARPA) has launched a project to turn the massive amounts of network data collected into useful intelligence to stay ahead of attackers
POPULAR MECHANICS
How To Keep Your Webcam Secure
Create a strong password and register the camera with the vendor to ensure updates
WIRED
Google Declares War On The Password
Research paper outlines alternative means of authentication
SC MAGAZINE
The Tactics Behind A Spear Phishing Attack
Attackers now target individual customers, expert says
BLOOMBERG
One Third Of Cyber Attack Traffic Originates In China, Akamai Says
China's percentage doubles over previous quarter, study says
HUFFINGTON POST
Anonymous Hackers Jailed: Hacktivists Sentenced For Attacks On Visa, MasterCard, And PayPal
Christopher Weatherhead gets 18-month sentence in London after being found guilty
NETWORK WORLD
White House Announces "National Day Of Civic Hacking"
U.S. government asks citizens to roll up their sleeves in June and help with hacking challenges
ARS TECHNICA
How The Feds Put A Bullet In A 'Bulletproof' Web Host
A look at how authorities took down the Gozi Virus and its distributor
COMPLIANCE EX
Cyber Crime Ring Targeted U.S. Bank Accounts, Feds Say
Three foreign nationals charged with creating and distributing virus that affected 40,000
COMPUTER WEEKLY
UK Office Workers Swamped With Phishing Emails, Study Finds
Nearly 60 percent of U.K. office workers say they receive phishing emails every day
THE NEW YORK POST
Tribeca Waiter Busted For Swiping Credit Card Info
A waiter was arrested after allegedly using a skimming device to steal debit and credit card numbers from more than 120 patrons in the Kutsher’s Tribeca Restaurant in New York City
WIRED
Student Expelled For Hacking After Investigating Security Hole
A college student at Dawson College in Canada was expelled after finding and helping fix a vulnerability in the college's computer system, and later checking via a Web scanning tool whether the flaw had been fixed
OHS ONLINE
Air Force Space Command To Add 1,000 Cyber Pros
The U.S. Air Force Space Command head says the Air Force will 1,000 new employees, mainly civilians, to its base of about 6,000 cyberprofessionals during fiscal year 2014
ZDNET BLOG
A Close Look At How Oracle Installs Deceptive Software With Java Updates
Over the past 18 months, Oracle has released 11 updates, and with each one, Java actively tries to install unwanted software -- why it has to stop
BANK INFOSECURITY
Visa Issues ATM Cash-Out Warning
Visa warned U.S. payment card issuers to be alert for suspected ATM cash-out fraud schemes
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
- Strategy: Building and Maintaining Database Access Control Permissions
- Best Practices: Using Apple's Global Proxy to Boost Mobile Security
- InformationWeek 2013 IT Spending Priorities Survey
- Take the InformationWeek 2013 Database Technology Survey
- Strategy: How to Conduct an Effective IT Security Risk Assessment
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
- Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-3496 (vipnet_client, vipnet_coordinator, vipnet_personal_firewall, vipnet_safedisk)
Infotecs ViPNet Client 3.2.10 (15632) and earlier, ViPNet Coordinator 3.2.10 (15632) and earlier, ViPNet Personal Firewall 3.1 and earlier, and ViPNet SafeDisk 4.1 (0.5643) and earlier use weak permissions (Everyone: Full Control) for a folder under %PROGRAMFILES%\Infotecs, which allows local users to gain privileges via a Trojan horse (1) executable file or (2) DLL file.
CVE-2013-2849 (chrome)
Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome before 27.0.1453.93 allow user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) drag-and-drop or (2) copy-and-paste operation.
CVE-2013-2848 (chrome)
The XSS Auditor in Google Chrome before 27.0.1453.93 might allow remote attackers to obtain sensitive information via unspecified vectors.
CVE-2013-2847 (chrome)
Race condition in the workers implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via unknown vectors.
CVE-2013-2846 (chrome)
Use-after-free vulnerability in the media loader in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2013-2840.