Best Of Web
Best Of The Web
COMPUTERWORLD
Intel Developing Security 'Game-Changer'
CTO of Intel says scientists at the company are working on technology that will halt all zero-day attacks, and it may be released this year
V3
MyDoom The Most Destructive Malware Of The Decade
McAfee report says cleanup costs for the 2004 MyDoom infection was about $38 billion, and that it slowed worldwide Internet traffic by 10 percent at its peak
MCAFEE BLOG
Massive Online Bank Phishing Attacks In China
McAfee has witnessed SMS Web-phishing attacks targeted Bank of China online banking customers, with a message that sends them to a link that appears to be the bank�s own site
FACEBOOK BLOG
Facebook Offers HTTPS Option
Now Facebook has an encrypted HTTPS connection option, which it recommends for public Internet access points
WEBSENSE BLOG
Mark Zuckerberg Facebook Page Showing Rogue Comments
Mark Zuckerberg's Facebook fan page was still offline today after an apparent rogue comment with a politically themed message was posted purported to be from the Facebook founder
PERIMETER E-SECURITY
What Apple's Blowout Quarter Means For Security
Apple devices are coming to your network. Is your security plan in place?
HELP NET SECURITY
Fedora Project Investigates Possible Compromise
Open-source project says one of its contributors has been compromised
SEARCH SECURITY
Cisco Says Attackers Will Take Aim At Apple, Android Mobile Devices
Popular handheld devices may become easier 'pickins' than PCs and laptops, report says
HOST EXPLOIT
PS3 Jailbreakers Face Lawsuit As Sony Cries Fraud
Jailbreaking the iPhone might be legal, Sony says, but PlayStation 3 is a different story
MSNBC
Report: 3,100 Agencies, Firms Involved In War On Terror
Intelligence community may now be too large to manage, report states
YAHOO! NEWS
Iran Launches Cyber Crime Unit
Watchdog unit will police threats and social networks that "spread espionage and riots"
HOST EXPLOIT
Malicious Ads Through ICQ
Sophisticated ad infection helps bad guys spread fake antivirus software
TRENDLABS MALWARE BLOG
SpyEye/Zeus Toolkit V 1.3.05 Beta Released
New version of combined exploit toolkit could cause trouble for users on the Web
NSS LABS
Network IPS Group Test Q4 2010
IPSes tested by NSS Labs in the fourth quarter showed to be mostly improving security-wise, on average 62 percent improvement in security effectiveness, according to the test results, while performance has declined
THREAT POST
Government, Military Sites Hacked, Data and Access for Sale
The U.S. military's Communications-Electronics Command (CECOM) website was off line on Monday after reports that access to the site was among those hacked and its credentials being sold off by cybercriminals in the black market
MOZILLA FIRST PERSON COOKIE BLOG
More Choice and Control Over Online Tracking
Mozilla is adding a "do not track?" feature for users to control the flow of their personal information, allowing them to opt out of online behavioral advertising
CNN
Ex-PM Brown Feared Voice-Mail Hacking Amid Scandal, Source Says
Former British prime minister Gordon Brown asked police last summer if his voice mail had been hacked into by News of the World, which did so for several celebrities and members of the royal household
ZDNET
Apple Signs On For Some Geekonomics
Apple has reportedly hired "Geekonomics" author David Rice as head of global security?Rice also has served as a network vulnerability analyst for the NSA
APPRIVER BLOG
Fillet-O-Phish
A new phishing attack poses as a McDonald's survey that awards $250 to participants, but they must also enter their credit-card number to be "credited" for the reward, and it also redirects victims to the real McDonald's website after they finish the process to make it all look legitimate
GEEKY GADGETS
U.S. Researcher Creates Zombie Malware
Researcher will demonstrate how a rootkit and three Android phones can be used to build a botnet that can send spam and DDoS attacks without the smartphone�s user knowing
NEXTGOV
NSA Targets Tech-Savvy Workers
The National Security Agency offers smartphone tagging and a career links application for recruiting new IT and cybersecurity professionals, its human resources officials say
BUSINESSWEEK
Vermont AG Settles Data Breach Case For $55,000
Connecticut-based Health Net Inc. and Health Net of the Northeast Inc. of Shelton, Conn., will pay $55,000 to settle a complaint that the company did not inform customers their personal information had been lost when an unencrypted computer hard drive went missing
SECUNIA
Secunia Year In Review 2010
Vulnerabilities increased 71 percent in the past 12 months, mainly due to vulnerabilities in third-party applications, which often go unpatched
THINQ
Android Handset Used For USB Hack Attack
Researchers rewrote the Android OS�s USB driver so that any connected device can be controlled from it, in some cases without authentication
WIRED
Claim: WikiLeaks Published Documents Siphoned Over File Sharing Software
WikiLeaks may also have used file-sharing networks to obtain some of the documents it has published, according to a security company specializing in P2P, a report in Bloomberg says
NETWORK WORLD
Soundminer Android Malware Listens, Then Steals, Phone Data
A data-stealing Trojan created for Android called Soundminer monitors phone calls and records keystrokes and voice calls
COMPUTERWORLD
Over 10 Million Passwords Possibly Compromised At Trapster
Trapster, a service that notifies users of road hazards and speed traps, says a breach may have exposed more than 10 million email addresses and passwords of the site�s users
SC MAGAZINE
Schools, Homes And Cars Are The Most Prominent Places To Have A Laptop Stolen
Consumers� laptops are most likely to be stolen at school and home, followed by cards, offices, and college campuses
THREAT POST
Carbon Trading Halted After Hack Of Exchange
The European Commission suspended trading in carbon credits this week when the accounts of Czech traders were hacked, and $38 million stolen from them
ARS TECHNICA
Why You Should Always Encrypt Your Smartphone
Court ruling allows police to peruse smartphones without a warrant, but encrypted phones are a different story
SYMANTEC
Spam Dropped In December, Symantec Report Says
Spam accounted for 81 percent of email during the month, compared to 84 percent in November
HELP NET SECURITY
Inside A Banking Trojan Drop Zone
A closer look at Zeus -- where it has been, and where it's going
THREATPOST
Report: ZDnet's Danchev Hospitalized?
Whereabouts of well-known security researcher still unclear
METRO UK
World Leaders Warned Of A "Perfect Storm" Of Cyberattacks
Coordinated efforts by hackers could prove "catastrophic," OECD says
SC MAGAZINE AUSTRALIA
Vista Proven An Effective Web Filter By European Commission Tests
Much-maligned OS is one of the most effective content filters for parents, report says
COMPUTERWORLD
Coming Soon: A New Way To Hack Into Your Smartphone
Black Hat DC presentation could create headaches for iPhone, Android
EZINE MARK
Hackers Target Medical Servers To Hijack Bandwidth
Gamesters seek high bandwidth from medical institutions for online play
NEXGOV
Administration Says It Will Give Industry And Academia Heads Up On Cyberattacks
The Obama administration will supply universities and businesses with government intelligence and law enforcement information about cybercrime activity so can protect themselves, cybersecurity coordinator Howard Schmidt said this week
SC MAGAZINE
Hackers May Have Stolen South Carolina Employees' Data
Personal information, including Social Security numbers, of around 5,600 South Carolina state employees might have been exposed after a computer containing that data was found to be malware-infected
THREAT POST
GAO Warns Of Cyber Insecurity On Smart Grid
The Government Accountability Office said in a new report that the quick adoption of the smart grid infrastructure is lacking proper cybersecurity planning and that the U.S. could be vulnerable to major attacks unless this is addressed
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- Endpoint Security: End user security requires layers of tools and training as employees use more devices and apps.
- Security Isn't A Piece Of Cake: It's time we rethink the conventional wisdom about security layering.
- BYOD Is Here To Stay: Trying to keep employees' devices off the network is futile.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-3744
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2400.
CVE-2013-3743
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 45 and earlier and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT.
CVE-2013-2473
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, and CVE-2013-2472.
CVE-2013-2472
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, and CVE-2013-2473.
CVE-2013-2471
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2469, CVE-2013-2470, CVE-2013-2472, and CVE-2013-2473.