Best Of Web
Best Of The Web
H ONLINE
Danger Lurks In PDF Documents
A FireEye researcher detailed security problems in Adobe's PDF standard, such as how a PDF can contain a database scanner that becomes active and scans a network when the document is printed on a network printer
HELP NET SECURITY
The Significant Decline Of Spam
Commtouch reports that December's daily spam average was around 30 percent less than September's, and December spam levels hit a low of nearly 74 percent
WORDPRESS
3.0.4 Important Security Update
Version 3.0.4 of WordPress fixes a critical core security bug in the blogging platform�s HTML sanitation library called KSES
SHADOWSERVER
New Fast Flux Botnet For The Holidays: Could It Be Storm Worm 3.0/Waledac 2.0?
New spam campaign using holiday e-card scam could be from the next-generation of Storm/Waledac, researchers at Shadowserver say
IT NEWS
Harvard Study Probes Denial Of Service Attacks
Most attacks perpetrated by botnets; report offers advice for smaller organizations
ENGADGET
Scientists Developing E.Coli Bacteria That Stores, Encrypts Data
Data experts say researchers might have a germ of an idea
NETWORK WORLD
Website For Tour Company CitySights NY Hit By Hackers
Thieves allegedly stole more than 110,000 credit card numbers
COMPUTERWORLD
Microsoft BPOS Cloud Service Hit With Data Breach
"Small number" of Offline Address Book users' data is accessed by outsiders
MICROSOFT
New Internet Explorer Vulnerability Affects All Versions Of IE
Flaw could lead to remote code execution, software giant says
EWEEK EUROPE
OpenBSD Founder Blames Contractor, Not FBI, For Backdoor Plant
Executive now believes third party was hired to plant backdoors into encryption project code
THREAT POST
Media, Human Rights Sites Suffer With Rise In DDoS Attacks
Political "hacktivism" hits some sites harder than others
RSA CONFERENCE
Ruling That Data Breach Victims Had Standing To Pursue Claims
Starbucks ruling shows court's stance on breach claims
SOFTPEDIA
Fake iTunes Email Alerts Lead Users To Drive-By Download
Malicious emails alerting recipients their accounts may be suspended directs them to a Web page that installs malware on the victim�s computers
EXPATICA
Hackers Steal An Alleged 5.5 Million Euros From Dutch Bank
Thirteen people have been arrested for allegedly lifting 5.5 million euros from Dutch bank ABN AMRO in a March hack
NEWSWEEK
Interview With Cyber Security Czar Howard Schmidt
White House cybersecurity coordinator says while there is potential for attackers to get into some segment of the U.S. power grid, "catastrophic failure" isn�t likely to occur due to hacks
SOFTPEDIA
New URL Shortener Hijacks Browsers For DDoS
A student who wanted to illuminate the dangers of trusting shorted URLs created a service that generates links that take users to their destination and also hijacks their browsers for DDoSing
THREAT POST
Data Breach Could Test Massachusetts Law
Financial data on 1,800 Massachusetts residents was exposed in a database breach linked to the CitySights NY sightseeing firm, which could be an early test of the nation�s most stringent data privacy law
THE REGISTER
Open Source FTP App Fixes Fiery Backdoor Bug
ProFTPD has fixed a zero-day flaw in its open-source file transfer application that attackers used to plant a backdoored version of the software on the open-source site
FORTINET BLOG
Encrypting Facebook
How to use the Firefox plugin FireGPG that enables easy encryption/ decryption/signature/ and verification in the browser for encrypting Facebook account messages
FORBES
No, WikiLeaks Has Not �Confirmed� It Will Target Bank Of America
Assange said he has enough info to force bank execs to resign, but he didn�t confirm he would leak it
INFOWORLD
Is iOS Jailbreaking An Enterprise Security Threat?
Among the risks of jailbreaking an iPhone is malware could steal your email, and if you install and configure SSH, the root user password could be weak and easy for an attacker to take over
V3
Gartner Warns On Emerging Outsourcing Destinations
New Gartner research reveals top 30 global destinations for outsourcing and outlines security risks with intellectual property and data in some of the more emerging nations
IT PRO
Microsoft Quietly Pushes Out MSE Update
Microsoft Security Essentials 2.0 comes with improved malware detection, behavior monitoring, and other new features
CSO ONLINE
After Hack, Gawker CTO Outlines Security Changes
In the wake of a hack that compromised 1.4 million user accounts, Gawker is now mandating SSL for employees with Google Apps accounts and two-factor authentication for employees with access to legal, financial, or account data
GOV INFOSECURITY
Napolitano Outlines DHS Cybersecurity Focus
Secretary of the Department of Homeland says for first time ever, DHS has people stationed at NSA, including legal counsel and privacy officers, to ensure protections applied in civilian context
THE SMOKING GUN
FBI Probe IDs Conde Nast "Hacker"
A fashion-obsessed Ohio student has been identified by the FBI as a suspect for illegally accessing a Conde Nast computer system last year and downloading photos and pages from upcoming magazine issues, which he then posted to his blog
SOFTPEDIA
Survey Scammers Exploit Plans To Give People Facebook.com Email Addresses
Security researchers say scam produces spam messages reading, "Just got my own email @facebook.com! Quickly get one before someone takes your name [link]," but really signs them up for premium rate services
JEREMIAH GROSSMAN BLOG
Sandboxing: Welcome To The Dawn Of The Two-Exploit Era
The good news is that it takes at least two exploits to hack a sandboxed application, one to exploit the app itself and the other to escape the sandbox
THE NEXT WEB
All Internet Porn �To Be Blocked� In The U.K.
U.K. government has plans to ask ISPs to block all pornography from home Internet connections by default, forcing consumers to ask for access with their ISPs
THREAT POST
Group Publishes Database Of Embedded Private SSL Keys
The LittleBlackBox Project has amassed a list of private SSL keys that are hard-coded into many embedded devices, such as consumer home routers
BANK INFOSECURITY
SQL Injection Blamed For New Breach
Some 110,000 credit card accounts were compromised via a SQL injection attack on tourism company Twin America�s Web server
COMPUTERWORLD
SAP Pushes Out 'Significant' Patch Update
SAP released a big pile of security patches for its Business Suite applications and NetWeaver middleware platform on Tuesday, following an "extensive scan of 280 million lines of coding with new, enhanced code scan tools," according to the company
FEDERAL COMPUTER WEEK
Cybersecurity Provisions Stripped From Defense Bill
Federal cybersecurity reform may not make the National Defense Authorization Act, as provisions for a White House Office of Cyberspace and an oversight board for federal IT security compliance were nixed after a version of the bill failed to get Senate approval, as well was a new mandate for continuous security monitoring
SOFTPEDIA
Google Unwilling To Share Gmail Encryption Keys With Indian Government
Google says it has no plans to provide the Indian government with the encryption keys to intercept Gmail traffic in a readable format, but that it will comply with lawful access requests by officials
TECHNOLOGY REVIEW
Raising A Botnet In Captivity
Researchers from ESET and Canadian and French universities have created a prototype botnet that mimics the C&C of a Waledac-type botnet
BUSINESS DAY
FINANCIAL TIMES: Tabloid Accused Of Hacking
Attorneys for actress Sienna Miller alleged that a senior executive at the News of the World procured a private detective to hack into the actress� cell phone voicemail account to intercept messages left on Miller�s mobile phones and those of friends, including actor Jude Law
YAHOO NEWS
Romania Smashes International Cybercrime Ring
Law enforcement in Romania busted 42 people in connection with a cybercrime network that allegedly caused $13.5 million in losses to firms in the U.S., Britain, South Africa, Italy, and Romania, by stealing confidential VoIP data
SCHNEIER ON SECURITY
Did FBI Plant Backdoors In OpenBSD?
Bruce Schneier doubts this is the case, mainly because there are more than enough exploitable security vulnerabilities in a piece of code that large
THE TECH HERALD
Arbor Networks Targeted After DDoS Report
Arbor Networks was briefly targeted in a DDoS attack in Operation Payback in retaliation for a blog post by the company about the recent DDoS campaign
SAFE AND SAVVY
New Facebook Profiles: What You Need to Know
Customize privacy settings for "photos and videos I�m tagged in" to "Only Me" and only friend people you trust
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- Endpoint Security: End user security requires layers of tools and training as employees use more devices and apps.
- Security Isn't A Piece Of Cake: It's time we rethink the conventional wisdom about security layering.
- BYOD Is Here To Stay: Trying to keep employees' devices off the network is futile.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-3744
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2400.
CVE-2013-3743
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 45 and earlier and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT.
CVE-2013-2473
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, and CVE-2013-2472.
CVE-2013-2472
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, and CVE-2013-2473.
CVE-2013-2471
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2469, CVE-2013-2470, CVE-2013-2472, and CVE-2013-2473.