Best Of Web
Best Of The Web
TECHSPOT
Android Passes IPhone In The U.S.
More Americans are now using Google's Android smartphone than Apple's iPhone, but RIM's BlackBerry is still the most used smartphone, according to new data
RSA
Online Fraud Report: Phishing
Phishing attacks that simultaneously target multiple organizations via one attack are becoming popular, such as those that pose as tax collection agencies and customer satisfaction surveys
ISEC LAB BLOG
Exposure: A New Service From Iseclab Goes Online
Free service detecting domain names involved in malicious activities is now up and running--it performs passive DNS analysis
NAKED SECURITY
LinkedIn Scam--The Fraudulent Survey Which Wasn't
Suspicious-looking emails purportedly from LinkedIn promise to give cash for taking a survey, but the prize money varied among different message, anywhere from 10 to 20 Euros, and in one case no compensation
WIRED
Feds Charge Two For Allegedly Exploiting Bug In Video-Poker Machines
Two men allegedly used an exploit against a line of video-poker machines to win hundreds of thousands of dollars in unearned jackpots in Las Vegas casinos
SOFTPEDIA
Infected Laptop Leads To Data Breach At Pentagon Federal Credit Union
Breach involvies personal and credit card information, giving hackers access to a database of names, addresses, Social Security numbers, account numbers, and payment cards of members, employees, and others
HELP NET SECURITY
Undetectable Fake ATM Keyboard Steals Pins In Real Time
Fake keyboard sits atop an ATM's legitimate one and records the typed-in PIN, using a fake magnetic strip reader that can be manufactured from cheap spare electronic parts
CIO
Google Enhances E-Mail Security In Apps
Google has added digital signatures to legitimate e-mail messages sent by its Apps users so these messages don�t get caught in spam filters
INFOWORLD
Hackers Find New Way To Cheat On Wall Street -- To Everyone's Peril
Side-channel attack on high-frequency trading networks demonstrates how these networks are vulnerable to manipulation by hackers who inject small amounts of latency into them
NAKED SECURITY BLOG
My 1st St@tus Scam Hits Facebook Users Hard, Spreads Virally
Thousands of Facebook users have been hit by a new viral survey scam via a rogue application that pretends to be users' first-ever Facebook status updates
THREAT POST
Multi-Million Dollar Cyber Fraud Investigation Surrounds Exchange Students
The U.S. Department of Homeland Security is investigating two international students from Vietnam on charges of identity theft and wire fraud
RED ORBIT
Mac App Store Cracked Shortly After Launch
Just after Apple launched an applications store for Macintosh users, hackers had reportedly already cracked the store and developed piracy tools that can allow users to download some of the roughly 1,000 apps free of charge
INFOSEC ISLAND
USB Device Containing Military Secrets Missing
Removable storage device has been missing since July, officials now say
SEARCH SECURITY
Creating A Java Security Framework That Thwarts A Java Exploit
Java attacks are growing at a rapid pace, according to reports
NAKED SECURITY
Chinese Auction Site Sells Thousands Of Stolen iTunes Accounts
Some 50,000 accounts linked to stolen credit cards
EXECUTIVE GOV
IG Report: GSA Needs To Enforce Cybersecurity Policies
Agency does not have proper safeguards for logging unauthorized use of networks, report says
HELP NET SECURITY
Undetectable Fake ATM Keyboard Steals PINs In Real Time
Cheap magnetic card strip reader helps prove ATM theft can be done easily and affordably
EWEEK
Nine New Malware Threats That Grabbed Attention In 2010
A look at malware's innovation during the past year
MICROSOFT
Microsoft To Issue Two Security Bulletins On Patch Tuesday
One update is considered critical, software giant says
NETWORK WORLD
Self-Encrypted Drives Set To Become Standard Fare
Many enterprises moving to on-board data encryption
THE TECH HERALD
Attackers Walk With 4.9 Million Customer Records In Honda Breach
American Honda Motor Company recently discovered that data on 2.2 million customers was exposed in a breach that could be further fallout from the Silverpop hack
SYMANTEC
Spam From Rustock, Lethic And Xarvester Disappears Over The Holiday Season
Worldwide spam levels have dropped dramatically since Christmas, in part due to the apparent shutdown of Rustock
THREAT POST
Researcher Publishes Method For Bypassing Flash Local-With-Filesystem Sandbox
A researcher has come up with a way to bypass one of the sandboxes that Adobe has implemented to prevent Flash files from taking unwanted or malicious actions on users' PCs
GOV INFOSECURITY
Conscripting Cyber Experts To Protect IT
Estonia is considering an official draft of civilian cybersecurity experts that could act as a military command if and when the next cyberattack hits the country
SOFTPEDIA
Court's Pro Warrantless Phone Searching Decision Encourages Mobile Encryption Adoption
The recent ruling by the California Supreme Court's allowing police to search cell phones of arrested people -- without a warrant -- could drive more people to adopt mobile encryption
WIRED
Dubai Assassination Followed Failed Attempt By Same Team
Israeli spies had been monitoring al-Mabhouh�s e-mail and online activities via a Trojan horse planted on his computer, so they knew when he�d be arriving in Dubai
INFOSECURITY
U.S. Racked Up 662 Reported Data Breaches In 2010
Identity Theft Resource Center data shows 662 reported breach events, an about 33 percent increase over 2009
THE WASHINGTON POST
Hackers Attack Brazilian Government's Website
Officials say attackers attempted to knock the Brazilian government's website off the air a day after President Dilma Rousseff was sworn in
THREATPOST
Facing Attacks On RTF Hole, Microsoft Urges Office Users To Patch
Active attacks found in the wild, software giant says
YOMIURI SHIMBUN
Computer Virus Creation To Be Banned In Japan
Justice Ministry plans to criminalize the development of viruses, according to report
THE NEXT WEB
Firefox Overtakes IE As Europe's Dominant Browser
Chrome also shows strong growth as IE usage declines, study says
NETWORK WORLD
Good Times Projected For Network Security Market In 2011
IDC predicts return to prerecession growth
NAKED SECURITY
Fake Microsoft Security Update Spreads Autorun Worm
Experts say users should think twice before acting on update message
COMPUTERWORLD
DHS Goes After Vietnamese Hackers, Identity Thieves
Agency looks to crack down on organized crime ring suspected of stealing hundreds of millions of dollars
WIRED
Report Strengthens Suspicions That Stuxnet Sabotaged Iran's Nuclear Plant
Malware was tuned to attack frequencies as commonly used in plant rotors
SECURITY NEWS DAILY
"Anonymous" Hacktivists Attack African Government Sites
Politically motivated cybergroup now taking on whole countries, according to reports
ZDNET BLOG
Is Your Internet TV Vulnerable To Hackers?
Security firm says it was able to easily hack an Internet-connected television set and obtain the owner's credit card numbers and monitor the data being sent from the TV to various websites
NAKED SECURITY BLOG
Pro-WikiLeaks Hackers Bring Down Tunisian Government Websites
Hacktivists DDoS'ed official websites in the African country of Tunisia in an apparent response to the government's attempts to block access related to leaked cables that related to the country
INFORM IT
Driving Efficiency And Effectiveness In Software Security
BSIMM study shows what works in secure development programs, including how penetration testing decreases dramatically when secure development program initiatives mature
KREBS ON SECURITY
'White House' eCard Dupes Dot-Gov Geeks
Emails posing as White House greeting cards stole gigabytes of sensitive documents from dozens of victims during the holidays, including a number of government employees and contractors who work in cybersecurity
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
- Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-2059
OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API, which allows remote authenticated users to retain access via the token.
CVE-2013-2007
The qemu guest agent in Qemu 1.4.1 and earlier, as used by Xen, when started in daemon mode, uses weak permissions for certain files, which allows local users to read and write to these files.
CVE-2013-2006
OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the (1) admin_token and (2) LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file.
CVE-2013-1977
OpenStack devstack uses world-readable permissions for keystone.conf, which allows local users to obtain sensitive information such as the LDAP password and admin_token secret by reading the file.
CVE-2013-1964
Xen 4.0.x and 4.1.x incorrectly releases a grant reference when releasing a non-v1, non-transitive grant, which allows local guest administrators to cause a denial of service (host crash), obtain sensitive information, or possible have other impacts via unspecified vectors.