Best Of Web
Best Of The Web
IT WORLD
Microsoft Update Offers An Easier Way To Turn Off Autoruns
Among the patches released by Microsoft was an optional update that shuts off the "autorun" capability for users of older Windows operating systems as a precaution against the rise in worms carried on removable media
RSA BLOG
New SpyEye Gains Zeus Features -- A Detailed Analysis Of SpyEye Trojan v1.3
The SpyEye hybrid Trojan has a new injection mechanism that loads its executable code into a less conspicuous process' memory space
THREAT POST
Adobe Releases Huge Batch Of Patches For Flash, Reader And Shockwave
Adobe issued patches for dozens of bugs in its products yesterday, including fixes for 29 bugs in Reader
FORBES BLOG
Ex-WikiLeaker Claims Defectors Took Control Of Leaks From Assange
In a new book, former WikiLeaks spokesperson Daniel Domscheit-Berg says he and an "architect" of WikiLeaks' submissions platform wrested control of the system away from Assange as well as some of the leaked material that WikiLeaks had obtained
HELP NET SECURITY
Facebook Secure Browsing Option Thwarted
Users may automatically deselect HTTPS option if their applications don't work with it
HEALTH DATA MANAGEMENT
Heads Roll After U-Iowa Breach
Three employees fired after peeking at medical records of football team
ESET THREAT BLOG
Trojan In Microsoft Update Catalog -- A Bunny Bites Back
Software giant responds quickly after malware is found
SOPHOS
Russian Hacker Escapes Jail After $9 Million RBS WorldPay ATM Heist
Anikin was scheduled for suspended sentence anyway
ADOBE
Security Updates Available For Adobe Reader And Acrobat
Software vendor patches a variety of vulnerabilities
THE REGISTER
World Leaders Meet To Discuss Cyberwar Rules Of Engagement
Meeting in the Hague brings together international leadership
CISCO BLOG
Cisco 4Q10 Global Threat Report
Web malware grew by 139 percent in 2010, study says
THREATPOST
New Version Of Eleonore Exploit Kit Released With New Zero-Day Exploit
At $2,000, new kit doesn't come cheap, but it does come with some new exploits
BUZZFEED
The Top 20 Passwords Of All Time
Some 80 percent of consumers use insecure passwords
DVLABS BLOG
TippingPoint DVLabs Discloses Zero-Day Bugs In Multiple Vendors' Products
Microsoft, CA, Novell, IBM--and even its parent company, HP--were all in the hot seat today as the DVLabs group released its first round of vulnerabilities it found that have not been addressed after the grace period its researchers offer vendors
UNVEILLANCE BLOG
Malware Activity From Egypt
A look at how malware activity was affected by the Egyptian government�s move to cut off Internet connectivity in the nation, and how some infected machines were looking for their command and control servers
THE TELEGRAPH
Russian Hacker Admits $10 Million RBS Cyber Theft
A Russian man pled guilty to stealing $10 million from former Royal Bank of Scotland�s World Pay division in 2008 by hacking into accounts
EMIRATES 24/7
Iran Says Stuxnet Claims Need Investigating
Iran should investigate claims that the Stuxnet computer virus has seriously harmed its nuclear power station, the head of Iran�s Atomic Energy Organization said after suggestions the plant could become a "new Chernobyl"
SOPHOS NAKED SECURITY BLOG
Scammed Pensioner Told Heavy Rain Caused Computer Virus Infection
Fraudsters posing as Microsoft telephoned an elderly woman and told her she had a virus on her computer that was circulating due to heavy rains and storms
TRUSTEER BLOG
Turning The Tables On SpyEye
Trusteer CEO talks about how the new Zeus-SpyEye Trojan includes an anti-Trusteer feature and how this makes detecting the existence of SpyEye on customer computers easy
DEFENSE SYSTEMS
DOD Database To Keep Watch On Network Traffic
The Defense Department is considering building a database that would monitor government and private-sector network traffic to better map threats -- participation would be voluntary
MYCE
Security Researchers ID New Bank Account-Targeting Malware
New variation of Hydra contains elements of Zeus as well
OFFICE OF INADEQUATE SECURITY
Credit Report Resellers Settle FTC Charges
Security failures allowed hackers to access consumers' personal information
OFFICE OF INADEQUATE SECURITY
Ankle And Foot Center Of Tampa Bay Breach Affects 156,000
Social Security data and personal health information could be at risk, company says
GLOBAL SECURITY NEWS
Iran Urged To Assess Damage From Stuxnet
Experts disagree on whether sophisticated malware may still pose a threat
MASHABLE
Hackers Take Down Government Websites In Egypt And Yemen
Anonymous takes aim at Egypt again
GOOGLE
Hague Bids To Prevent "Cyber War"
U.K. Foreign Secretary appeals for governments to establish rules of engagement
HELP NET SECURITY
250,000 Facebook Profiles Harvested For Setting Up Dating Site
Custom software enables hackers to collect data on more than 1 million users
THREATPOST
SAUSAGE Con Delves Into IT Security's "Human Problem"
April conference will focus on "useable security"
TRUSTEER
Zeus Continues To Evolve
Four years later, malware continues to be a thorn in security professionals' sides
THE REGISTER
Google Offers $20,000 Prize In Annual Hack-Off
Pwn2Own lets Chrome in, after all
WIRED
No, Hackers Can't Open Hoover Dam Floodgates
Proponents of Internet "kill switch" say dam is vulnerable; security experts say not
M86 Security Labs
Donbot Spreading Bank Of America Scam
Banking giant takes down site to clean up new threat
SECURELIST
The Dark Side Of The New Android Market
New interface installs apps quickly--maybe a bit too quickly
SC MAGAZINE UK
DDoS Attacks Were At Their Strongest In 2010
Attacks broke through the 100 Gbps barrier last year, report says
THE TECH HERALD
Ligatt Security Breached
Emails from controversial company hijacked and sent to public
SOPHOS
Runes Of Magic Publisher Says It Won't Be Blackmailed By Hacker
Company says it won't give in to extortionist who threatens to expose customers' personal information
THREAT POST
Dozens Charged In $1M Scheme To Fence Apple Goods
Some 27 people have been charged in an identity theft and fencing ring responsible for some $1 million in fraudulent purchases from Apple stores nationwide
MY LOOKOUT BLOG
Lookout Security Vulnerability Patched In Android Release 5.1.1
Lookout recently patched a security vulnerability its Android security app that was first reported by Tavis Ormandy of the Google Security Team--the bug affects Android versions 5.1.1 and above
THINQ
Hackers Claim PS3 3.56 Firmware Packs A Rootkit
Researchers creating custom firmware for the Sony PlayStation 3 version 3.56 say they found a rootkit built into the software that lets Sony run code on the PS3 user�s console--it came as part of a security release from Sony
NAKED SECURITY
Compromised Website Used In Bank Of America Phish
A Trojan spammed to users in email messages masquerading as notifications from the Bank of America purports to be a billing verification step that takes victims to a spoofed Bank of America Web page
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
- Three Principles to Improve Data Security and Compliance
- Aligning IT with strategic business goals: A proactive approach to managing IT risk to your business
- Connecting the Dots: Are You Seeing the Complete Big Data Picture?
- How crowdsourced testing has changed the game for innovative software companies
- Ensuring Your Apps Work in the Real World
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
- Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-3562
Multiple integer signedness errors in the tvb_unmasked function in epan/dissectors/packet-websocket.c in the Websocket dissector in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (application crash) via a malformed packet.
CVE-2013-3561
Multiple integer overflows in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (loop or application crash) via a malformed packet, related to a crash of the Websocket dissector, an infinite loop in the MySQL dissector, and a large loop in the ETCH dissector.
CVE-2013-3560
The dissect_dsmcc_un_download function in epan/dissectors/packet-mpeg-dsmcc.c in the MPEG DSM-CC dissector in Wireshark 1.8.x before 1.8.7 uses an incorrect format string, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
CVE-2013-3559
epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.8.x before 1.8.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (integer overflow, and heap memory corruption or NULL pointer dereference, and application crash) via a malformed packet.
CVE-2013-3558
The dissect_ccp_bsdcomp_opt function in epan/dissectors/packet-ppp.c in the PPP CCP dissector in Wireshark 1.8.x before 1.8.7 does not terminate a bit-field list, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.