Best Of Web
Best Of The Web
NEXTGOV
Private Sector Not Adequately Defending Cyberspace, Security Expert Warns
Voluntary initiatives aren�t working, researcher says
SAN FRANCISCO EXAMINER
Glue Gun Goons Target Unwary ATM Users
Thieves glue down keys on ATM machines and then steal money when customers go into bank for help
NEXGOV
Cyberattacks Against Federal Networks Were Up 40 Percent In 2010
Federal agencies in fiscal 2010 reported 41,776 cyber incidents � up from 30,000 attacks in 2009
SYMANTEC BLOG
Phishing Continues to Target New Zealand Earthquake Victim
Attacks lure users to check in with the bank and provide additional personal information
ARS TECHNICA
Obama Administration Endorses New Privacy Regs, Do Not Track
President calls for new legislation and FTC power to enforce it
SOPHOS NAKED SECURITY BLOG
FedEx Notification Malware Attack Spammed Out
A malware-rigged spam attack posing as a parcel delivery notification is spreading worldwide
SC MAGAZINE
Microsoft, Google Warn Of Limited MHTML Exploits
Microsoft says it has seen "limited, targeted attacks" against an unpatched scripting vulnerability that affects all supported versions of Windows
GOV INFOSECURITY
IRS Financial Systems Vulnerable To Insider Threats
Federal auditors say the Internal Revenue Service is vulnerable to rogue insiders due to inconsistent implementation of security access controls
INTERNET STORM CENTER
Internet Explorer 9 Is Out, Includes New Security Features
Among the new security features is SmartScreen for catching socially engineered malware, Pinned Sites, and SafeSEH
PHILLY.COM
Data Security In Demand, Pays Well
IT security job openings are on the rise, up 54 percent this year on one online job posting site, and yield relatively high salaries
E-COMMERCE TIME
Tech Sector Plays Offense In Shaping Federal Cybersecurity Policy
The Business Software Alliance, The Center for Democracy and Technology, the Internet Security Alliance, TechAmerica, and the U.S. Chamber of Commerce have teamed up and met with congressional staffers to brief them on the coalition�s new white paper on cybersecurity, "Improving our Nation's Cybersecurity through the Public-Private Partnership"
THE WALL STREET JOURNAL
Firefox Maker: 'Do Not Track' Likely to Be Regulated
Mozilla's CEO says the do-not-track tool that lets consumers keep their online habits from being monitored will likely get regulatory backing
WIRED
Former NSA, CIA Chief: Declassify Cyber Vulnerabilities
Retired four-star General Michael Hayden says the U.S. government classifies too much information on cybersecurity vulnerabilities, and that it�s "easier to learn about physical threats from U.S. government agencies than to learn about cyberthreats"
H SECURITY
Google Users Targeted By Hackers
Politically motivated attack also is affecting a major social network, Google says
TECHWORLD
Security B-Sides Speaker List Promises "Left Field"
Alternative conference offers security speakers session that follow the road not taken
KCRA
Health Net Security Breach Could Affect 1.9M Enrollees
Company will not say if missing server drives were stolen or simply lost
STUFF
Iran Launches Cyberattack -- Report
Paramilitary group is attacking websites of 'enemies,' state-owned newspaper acknowledges
SYMANTEC
Spam, Phishing Up In February
U.S. continues to dominate as the most prolific spammer
GOVERNMENT INFO SECURITY
Sensitive Data Remains On Disposed PCs
Many disposed PCs repackaged for public auctions � but haven�t been wiped clean
THE REGISTER
Adobe Promises Emergency Patch For Flash, Reader Bugs
Critical vulnerability is being exploited to install malware on victim machines, company says
eWEEK
Twitter Settles With FTC Over Privacy Breach And Account Hacking
Social network concedes that poor security led to two major hacks in 2009
REUTERS
Hacker Group Releases Bank Of America Employee Correspondence
Anonymous has published emails related to questions around whether the bank improperly foreclosed on some homes
THE ORLANDO SENTINEL
Feds: Ring Bought Stolen Credit Card Numbers, Spent Thousands In Central Florida
Seven members of a Central Florida crime ring spent hundreds of thousands of dollars with stolen credit card numbers that they purchased online from hackers based in or connected to Azerbaijan
GOV INFOSECURITY
OCR's McAndrew On Enforcing HIPAA
Health and Human Services' Susan McAndrew says the two recent HIPPA violation cases demonstrate that the program will be enforced for compliance
NIR GOLDSHLAGER BLOG
Gaining Administrative Privileges On Any Blogger.com Account
Google's Blogger platform was found to have a bug that allows an attacker to add himself as an administrator on the victim's account
THREAT POST
Google Patches WebKit Bug in Chrome
Google has fixed a vulnerability used by researchers to win one portion of the Pwn2Own contest at CanSecWest
ASSOCIATED PRESS
Report: Iran's Paramilitary Launches Cyber Attack
Iranian hackers working for the Revolutionary Guard's paramilitary Basij group have launched attacks on websites of the "enemies," a state-owned newspaper has reported
EASTERN ECHO
Students' Info Lifted, Provided To Third Party
Eastern Michigan University is investigating two former student employees who allegedly gave the names, birthdates, and Social Security numbers of approximately 45 students to a third party
THE DARK VISITOR
US #1 Perp Attacking China�s Classifed Networks
Rising�s new reports shows more than 10 million attacks on classified networks in China -- 90% which the IPs came from mainly the U.S., Japan, and South Korea
BUSINESS INSIDER
"Don't Type" And 9 Other Awkward And Hilarious CAPTCHAs
What does your CAPTCHA say about you? Solve Media provides a slide show of funny word combinations found in CAPTCHAs
COMPUTERWORLD
With Hacking, Music Can Take Control Of Your Car
Researchers have discovered techniques where a hacker could turn a song on a CD into a Trojan by adding code to a digital music file in the car's sound system
INFO-SECURITY
Naval Academy Adds Cybersecurity To Curriculum
The Naval Academy will beef up cybersecurity education in response to its new Fleet Cyber Command/10th Fleet
INFORMIT BLOG
Software [In]security: Software Patents And Fault Injection
Gary McGraw discusses Cenzic���s patent suit, and the invention of fault-injection for security
KATU NEWS
Police Find ATM Skimmer At Credit Union; Suspect Sought
Vancouver, Wash., authorities are searching for a man who allegedly put a skimming device on an ATM at a local credit union after someone reported a suspicious device
THE HACKER NEWS
35,000 Chinese Websites Hacked In 2010
The National Computer Network Emergency Response Technical Team/Coordination Center of China has reported that 35,000 websites on the Chinese mainland were attacked in 2010, including 4,635 government websites
THE REGISTER
DDoS Malware Comes With Self-Destruct Payload
The DDoS attacks on dozens of South Korea's government websites also have carried a malicious payload that causes the infected machines recruited to carry out the assaults to self-destruct and destroy sensitive files
COMPUTERWORLD
Verizon Offers Refunds For Fraudulent SMS Messages
Group duped users into signing up and paying for short-message services, company alleges
TECHNORATI
FTC: Consumer Complaints About Malware, Spyware, Adware Climbed 279 Percent In 2010
"Badware" complaints have risen nearly 850 percent in the past two years, commission says
ZDNET
Pwn2Own 2011: IE8 On Windows 7 Hacked With Three Vulnerabilities
Irish researcher wins CanSecWest hacker contest
PUBLIC INTELLIGENCE
Morgan Stanley Demands Removal Of HBGary AnonLeaks Document
Document released by Anonymous contains CERT information
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
- Three Principles to Improve Data Security and Compliance
- Aligning IT with strategic business goals: A proactive approach to managing IT risk to your business
- Connecting the Dots: Are You Seeing the Complete Big Data Picture?
- How crowdsourced testing has changed the game for innovative software companies
- Ensuring Your Apps Work in the Real World
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
- Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-3661
The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not check whether linked-list traversal is continually accessing the same list member, which allows local users to cause a denial of service (infinite traversal) via vectors that trigger a crafted PATHRECORD chain.
CVE-2013-3660
The EPATHOBJ::pprFlattenRec function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly initialize a pointer for the next object in a certain list, which allows local users to obtain write access to the PATHRECORD chain, and consequently gain privileges, by triggering excessive consumption of paged memory and then making many FlattenPa...
CVE-2013-3634
The SNMPv3 functionality on Siemens Scalance X200 IRT switches with firmware before X-200IRT 5.1.0 does not properly validate credentials, which allows remote attackers to execute arbitrary SNMP commands by leveraging knowledge of a username.
CVE-2013-3633
The web interface on Siemens Scalance X200 IRT switches with firmware before X-200IRT 5.1.0 relies on client-side privilege checks, which allows remote authenticated users to execute arbitrary commands via unspecified vectors.
CVE-2013-1022 (quicktime)
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted mvhd atoms in a movie file.