Best Of Web
Best Of The Web
V3.CO.UK
Night Dragon Hackers Targeted Shell, Exxon, And BP
IT security at petrochemical firms called into question
IE BLOG
Web Tracking Protection: An Emerging Internet Standard That Helps Protect Consumers
New technology could help consumers turn off the trackers
THE REGISTER
Security Shocker: Android Apps Send Private Data In The Clear
Facebook's persistent SSL isn't
H SECURITY
Microsoft's Virus Scanner Causes Security Problem
Vulnerability found in Microsoft Malware Protection Engine
THE TECH HERALD
Iranian Cyber Army Defaces Voice Of America And 93 Other Domains
The Iranian Cyber Army (ICA), best known for attacks on Twitter and other sites, replaced the landing page for Voice of America (VOA) on Monday with a message of its own, and says it has hit more than 90 other websites with a similar attack
E-SECURITY PLANET
Pentagon Requests $2.3 Billion For Cyber Security
The U.S. Defense Department has requested $2.3 billion for cybersecurity as part of its 2012 budget, including $500 million being earmarked for researching the use of cloud computing and implementing encryption on these networks
THREAT POST
HIPAA Bares Its Teeth: $4.3m Fine For Privacy Violation
The Department of Health and Human Services issued a $4.3 million fine to a Maryland health care provider for violations of the HIPAA Privacy Rule -- the first monetary fine issued since the Act was passed in 1996
TREND MICRO BLOG
Facebook Stalker Tracker Tool Turns Users Into Spammers
New "stalker tool" lures users into copying a script and pasting it into their browser address bar -- it then uses the victims to send spam
SECURELIST
Zeus In The Mobile Is Back
New wave of Zeus Trojan attacks go after Symbian and Windows mobile smartphones
NETWORK WORLD
Memory Scraping Malware Goes After Encrypted Private Information
"Pervasive memory scraping" is among one of the most dangerous attack techniques expected to be employed by attackers in the coming year
CNET
Feds Seek New Ways To Bypass Encryption
With more encryption products in play, law enforcement agents are inventing better ways to bypass or circumvent the technology
LIFE HACKER
Secure Erase Methods Probably Won�t Work On Your Solid-State Drive
A new study shows that most secure-erase methods don't work well on solid-state drives (SSDs)
KASPERSKY
Cybercrime Outlook 2020 From Kaspersky Lab
In the new decade, attackers will evolve from attacking Windows to attacking specific individuals
SANS
HBGary Hack: Lessons Learned
SQL injection attacks can be devastating if you're not careful, experts say
ZDNET
Zeus Crimeware Targets Symbian And Blackberry Users
"Zeus Mitmo" takes aim at two-factor authentication solutions
SYMANTEC MESSAGELABS INTELLIGENCE BLOG
419 Scammers Taking Advantage Of Egypt's Revolution
Scammers claim to have access to Egyptian government funds
THE REGISTER
Site To Highlight Social Networking's Soft Spots
Socialworksecurity.org aims to publish vulnerabilities found on Web 2.0 sites
DISCOVERING IDENTITY
Identity Theft And Phishing Scams: Practical Advice
A look at how users can prevent the damage caused by online scams
TRUSTEER
New Financial Trojan Keeps Online Banking Sessions Open After Users Log Out
"Oddjob" threatens financial services, researchers say
KREBS ON SECURITY
Russian Cops Crash Pill Pusher Party
A firsthand look at Russian illegal online pharmacies
SOFTPEDIA
Fake FDIC Emails Distribute Trojan
Messages claim to offer information about user's bank accounts
CIO
Romanian Pleads Guilty To Role In $2.7 Million EBay Scam
Money mule scam also affected victims on Craigslist and AutoTrader
SEARCH SECURITY
Advanced Persistent Threat Detection, Prevention Are Hard, But Possible
APTs could become more sophisticated and damaging, experts say at RSA
WINNIPEG FREE PRESS
Hackers Invade Canada
Canadian government says some of its databases were hacked in "unprecedented cyberattack"
EWEEK EUROPE
Egyptian Dissidents Offered Android Encryption Apps
Country-specific tools encrypt VoIP calls and texts
COMPUTERWORLD
U.S. Patients Trust Doctors, But Not E-Health Records, Survey Shows
Many respondents don't even trust themselves with their own records
IT PRO PORTAL
Norton Unveils Online Cybercrime Index
Britons pay about $200 per year in cybercrime costs, index says
CNET
FBI: We're Not Demanding Encryption Back Doors
Discussion should focus on enabling law enforcement to do electronic surveillance, agency official tells Congress
V3.CO.UK
RSA: Bruce Schneier Ponders The Nature Of Security
Human traits and human nature provide keys to understanding security issues, security guru says
SEARCH SECURITY
RSA Panel Debates Cyberwar Definition, Realities
Discussion covers the use of offensive weapons in cyberspace
TECHWORLD
U.S. Politicians Introduce Law To Prosecute Wikileaks
Julian Assange could be sent to jail if SHIELD bill passes
eWEEK
Stuxnet Turns USB Memory Sticks Into Weapons Of Mass Destruction
A thumb drive can be a dangerous thing
TG DAILY
Pentagon Wary Of 'Toxic Malware'
Payloads aimed at specific targets could break free and infect other systems on the Internet, deputy defense secretary warns
ZD NET
Cybercrime Policing To Get Major Finanical Boost In U.K.
Police will get about $100 million to fight online crime
U.S. OFFICE OF PERSONNEL MANAGEMENT
OPM Completes Governmentwide Cybersecurity Survey
Survey is designed to help pinpoint the skills required for security pros, and to help recruitment
WALL STREET JOURNAL
Cybercrime Costs Mount In The U.K.
U.K. government says cybercrime costs the country about $43 billion annually
COMPUTERWORLD
Obama Seeks Big Boost In Cybersecurity Spending
Philip Coyle, associate director for national security, said at a budget briefing on Monday that the administration is proposing "considerable growth" in cybersecurity research
BBC NEWS
Anonymous Victim HBGary Goes To Ground
HBGary cancelled its appearances at public events, including the RSA Conference, saying that members of staff had been threatened in the wake of attacks by the Anonymous group
LOOKOUT BLOG
Security Alert: HongTouTou, New Android Trojan, Found In China
A new Android Trojan is being repackaged in popular apps for the smartphone available on app markets for Chinese-speaking users; the malware requests additional user permissions and appears to emulate keyword searches
ARS TECHNICA
Anonymous Speaks: The Inside Story Of The HBGary Hack
A look at the SQL injection attack against its content management system and the social engineering that led to the breach of HBGary's systems
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
- Three Principles to Improve Data Security and Compliance
- Aligning IT with strategic business goals: A proactive approach to managing IT risk to your business
- Connecting the Dots: Are You Seeing the Complete Big Data Picture?
- How crowdsourced testing has changed the game for innovative software companies
- Ensuring Your Apps Work in the Real World
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
- Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-3562
Multiple integer signedness errors in the tvb_unmasked function in epan/dissectors/packet-websocket.c in the Websocket dissector in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (application crash) via a malformed packet.
CVE-2013-3561
Multiple integer overflows in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (loop or application crash) via a malformed packet, related to a crash of the Websocket dissector, an infinite loop in the MySQL dissector, and a large loop in the ETCH dissector.
CVE-2013-3560
The dissect_dsmcc_un_download function in epan/dissectors/packet-mpeg-dsmcc.c in the MPEG DSM-CC dissector in Wireshark 1.8.x before 1.8.7 uses an incorrect format string, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
CVE-2013-3559
epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.8.x before 1.8.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (integer overflow, and heap memory corruption or NULL pointer dereference, and application crash) via a malformed packet.
CVE-2013-3558
The dissect_ccp_bsdcomp_opt function in epan/dissectors/packet-ppp.c in the PPP CCP dissector in Wireshark 1.8.x before 1.8.7 does not terminate a bit-field list, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.