Best Of Web
Best Of The Web
UPI
Inquiry Set On Suspected Michigan Data Breach
Suspect wanted to breach law enforcement records as well as wife's email account, officials say
GOVERNMENT INFO SECURITY
DHS Seeks More InfoSec Funds For 2012
Guarding cyberspace is one of the agency's primary missions, top official says
INFOWORLD
Should We Cheer Or Fear Cyber Vigilantes Like Anonymous?
Hacktivism can be fought--or embraced
SC MAGAZINE
The Jester Claims Responsibility For Taking Down Westboro Baptist Church Website
Anonymous refuses to back down
THE LAST WATCHDOG
Anonymous Targets Koch Brothers For Vigilante Hacks
DDoS attempts to take out Americans For Prosperity site
NEXGOV
Rules Keep Hackers From Helping Government, Ex DHS Head Says
Former DHS Secretary Tom Ridge said Congress must revisit rules that limit how private citizens work with the federal government so that the feds can get the expertise of the hacker community, which may be leery of sharing its input and talents
VANITY FAIR
Stuxnet Worm: A Declaration Of Cyber-War
An in-depth look at how Stuxnet was discovered, what we know, what we don�t know, and a look at whether Israel and the U.S. were behind it
V3
Google Patches Chrome Ahead Of Pwn2Own Challenge
Google has issued a security update for its Chrome browser ahead of the Pwn2Own hacking contest later this month, fixing 19 vulnerabilities
COMPUTERWORLD
Mozilla Follows Google, Patches Firefox As Prep For Pwn2Own
Mozilla is taking a preemptive strike to an upcoming hacking contest that starts next week by fixing 11 security flaws in its Firefox browser
USA TODAY
Anonymous Actively Probing Koch Brothers' Corporate Networks
Anonymous temporarily downed the Americans For Prosperity website, run by the conservative advocacy group backed by billionaires David and Charles Koch, and security expert warn there could be more attacks on the Koch brothers' other holdings
THREAT POST
iTunes Users Complain Of Account Hacks
New reports indicate that six months after a compromise of Apple�s iTunes store, iTunes user accounts are being exploited to make fraudulent music, games, and other purchases
NETWORK WORLD
PayPal CISO: DDoS One Big Security Threat Among Many
Michael Barrett, CISO at PayPal, says aside from DDoS, APT-type attacks are also a major concern for the company, urges other security pros to advise Congress on Internet security legislation
ESECURITY PLANET
State CIOs Ask Governors For Stronger Cybersecurity
The National Association of State CIOs is warning statehouses not to sacrifice cybersecurity efforts in their budget-cutting efforts
BLOOMBERG
Morgan Stanley Leak Shows Attack By China-Based Hackers Who Took On Google
Emails about breach are revealed in HBGary postings
SOPHOS
DarkComet RAT Author Denies BlackHole Mac Trojan Is His
New Trojan behaves like DarkComet, but is not as sophisticated or functional, author says
SEARCH SECURITY
Schneier On Stuxnet Malware Analysis
Attack opens doors for new kinds of exploits, according to experts
CNET
WikiLeaks, 'Net Nominated For Nobel Peace Prize
WikiLeaks and the Internet are among 241 nominees for global award
PC WORLD
Accused AT&T Hacker Makes Bail
Man suspected of trying to steal personal information from iPad customers is out on bond
THE REGISTER
Woman Sentenced For Breaching Former Employer's PCs
Worker convicted of stealing info from email server and posting it to public websites
ZYNAMICS
Zynamics Is Acquired By Google
Security research firm led by Halvar Flake says it is being bought out
INFOSECURITY
Agencies Should Prepare For Vigorous Cybersecurity Oversight, Federal CIO Says
"Cyberstat" sessions will lead to definitive actions, Kundra states
THE NEW YORK TIMES
NATO Builds Its Cyberdefenses
The commander of NATO's Allied Command Transformation says NATO would respond "deliberately" to any major attack based on the damage and taking into account the intentions of the attackers
SECUROSIS BLOG
Firestarter: Risk Metrics Are Crap
Securosis� Mike Rothman says assessing risk is important, but trying to quantify it isn�t effective
MALWARE DIARIES
Interview With Dancho Danchev
Independent cybercrime researcher says he never responds to cyberciminals who attempt to contact him directly, and that he doesn't associate himself with "hard-core cybercrime assessments" to ensure the safety of his loved ones
PC WORLD
Gmail Bug Deletes E-Mails For 150,000 Users
Some 150,000 Gmail users had their emails deleted and accounts disabled by a bug in the cloud-based email service
THREAT POST
Report: Major Russian Hacker Forum...Hacked
A major cybercrime forum has been hacked and its database of more than 2,000 members leaked, according to reports from the Russian website Lifenews; attack reportedly came at the hands of a rival forum called Direct Connection
CNET
Senator Wants More Secure Web Sites For Wi-Fi Use
Sen. Charles Schumer has called on Amazon, Twitter, and other online sites to switch their default pages to HTTPS to help protect users from hacking and WiFi sniffing
FORBES BLOG
Hackers Vs. Billionaires: Anonymous Takes Down Koch-Supported Websites Amid Wisconsin Protest
Anonymous has taken down two websites for brothers David and Charles Koch, and is calling for a boycott on companies in which the brothers have invested
COMPUTERWORLD
Three-Time Pwn2Own Winner Knocks Hacking Contest Rules
Previous contest winner says hacking contest encourages researchers to weaponize exploits that may not be taken off the table, but sponsor TippingPoint disagrees
THE ORLANDO SENTINEL
Former Employee Accused Of Writing Virus To Target Whac-A-Mole Machines
Marvin Walter Wimberly Jr., 61, of Orlando, has been arrested with a charge of offenses against intellectual property for allegedly writing viruses into gaming modules in order to ensure his job security
SECURE COMPUTING
How Dangerous Is Anonymous?
The real threat comes from the professionals in the loosely affiliated group, experts say, from those members with access to botnets as well as real hacking skills
THREAT POST
New BIND Bug Can Cause Remote Server DoS
A major vulnerability in BIND DNS software could let an attacker force a remote server to freeze and stop processing requests -- BIND 9.7.1 or 9.7.2 are affected, and experts recommend updating to BIND 9.7.3 as soon as possible
BANK INFOSECURITY
FFIEC Draft Guidance: Where's Mobile?
An early peek at the Federal Financial Institutions Examination Council (FFIEC)'s new guidelines for online security doesn't appear to include mobile banking
INFOSECURITY
Advances In Health Care IT Increase Data Breach Risks, Says Deloitte
A new report from Deloitte concludes that healthcare organizations using advanced technologies are at increasing risk for patient data breaches -- electronic health records, clinical data warehousing, home monitoring, and telemedicine are among these technologies that put patient data at risk
ICSA LABS BLOG
Confused About New Texas Law, Title 10, Section 2059.060? Read The Law Itself
The law doesn�t require products to be tested by a particular vendor or laboratory -- any independent lab can be used
ATTRITION.ORG
Gregory D. Evans Files Suit Against Attrition.org (And 7 Others)
A filing with the Georgia Northern District Court centers around Evans' e-mails to being disclosed publicly
STOREFRONT BACKTALK
Check-In Cheating: Shopkick Retail Mobile System Easily Faked
Anyone can get points for visiting a retail store, whether or not they actually did, researchers say
HOST EXPLOIT
FTC Asks Court To Shut Down 'Mind-Boggling' Text Spammer
Operation has blasted consumers with millions of spam messages, commission says
THREATPOST
RSA 2011: Winning The War But Losing Our Soul
HBGary�s absence on the show floor should cause some security pros to do some rethinking
KREBS ON SECURITY
SpamIt, Glavmed Pharmacy Networks Exposed
Organized crime group may have generated $150 million promoting rogue online pharmacies
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- How Hackers Fool Your Employees: People are your most vulnerable endpoint. Make sure your security strategy addresses that fact.
- Not All Or Nothing: Effective security doesn't mean stopping all attackers.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-3342 (acrobat_reader)
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 do not properly handle operating-system domain blacklists, which has unspecified impact and attack vectors.
CVE-2013-3341 (acrobat_reader)
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, and CVE-2013-3340.
CVE-2013-3340 (acrobat_reader)
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, and CVE-2013-3341.
CVE-2013-3339 (acrobat_reader)
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3340, and CVE-2013-3341.
CVE-2013-3338 (acrobat_reader)
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.