Best Of Web
Best Of The Web
RSA RESEARCH
Zeus 2.1: Stronger And More Secure, But Will Fraudsters Upgrade?
Technology improves, but deployment of next-gen Trojan is not widespread
REUTERS
Limewire Says "Unauthorized" Applications Using Its Name
Forced to shut down, application file-sharing service says its name lives on
YAHOO! NEWS
New Cyberattack Linked To Nobel Peace Prize
Fake invitation to this year's ceremony is making the rounds, researchers say
COMPUTERWORLD
Microsoft Explains Missing Mac Office Patches
Software giant defends move, but won't say when it will fix Office for Mac
SYMANTEC RESEARCH
Percentage Of Spam Dropped Last Month, Study Says
Spam accounted for less than 87 percent of email data in October, down from more than 89 percent in September
ZDNET UK
Europe Hobbled By Lack Of Cyber-Contact Knowledge
In cyberattack simulation, differences between countries make unified responses difficult
CANADA FREE PRESS
Canadian Security Breaches Rose 29 Percent, Study Says
Cost of breaches actually dropped, researchers say
TG DAILY
Neural Cybernetic Implants Could Arrive Within A Decade
Hands-free hacking could reach a whole new level, experts say
IT KNOWLEDGE EXCHANGE
Barracuda Announces Bug Bounty For Its Security Products
Hackers can make $500 to $3,000 for finding vulns in company's software
THREATPOST
SpyEye Not Yet Zeus-like In Stature
New Trojan still doesn't have the reach of Zeus, experts say
IT WORLD
Workers Free Style With Tech On Office Time
Employees tend to apply their own rules to using personal technology in the office, study says
HUFFINGTON POST
V For Vendetta Hacker Infiltrates Washington State University
Unknown hacker broadcasts squirrel video all over campus
WALL STREET JOURNAL
Virus Leads To $20 Million Scam
Millionaire is fleeced in online fraud
BANK INFO SECURITY
New ID Theft Council Aims At Awareness
Grassroots group aims to touch every U.S. community
PANDA RESEARCH BLOG
Microsoft Doesn't Get It--Security Is About Diversity
Pushing only MSE from Windows Update is a bad idea, security experts say
HELP NET SECURITY
G20-Related Malicious Spam Campaign
Hackers take advantage of economic summit to launch targeted campaign
THE REGISTER
Bank Insiders Charged In Zeus Cybercrime Smackdown
Money mules suspects arrested in Moldova
COMPUTERWORLD
Danger To IE Users Increases As Hacker Kit Adds Exploit
Security expert calls for emergency update
EXPLOIT DATABASE
Google Hacking Database Reborn
Tool to help penetration testers use Google gets a new life
ADOBE
Adobe Issues Flash Player Security Update For Android
Patch is added to previous patches for Flash Player flaw
MICROSOFT
Microsoft Issues Three Security Bulletins In Slow Patch Tuesday
Only one of the 11 vulnerabilities identified is considered critical, software giant says
SHANGHAI DAILY
In China, Hackers Take Control Of 1 Million Mobile Phones
�Virus turns mobile phones into spam-sending zombies
MICROSOFT BLOG
Forefront Endpoint Protection 2010 Release Candidate Now Available
Microsoft's Forefront Endpoint Protection 2010 is now available in release candidate form, and will be available in manufacturing form by the end of the year
THE NEW YORK TIMES
U.S. Workers Are On Alert After Breach Of Data
General Services Administration employees have been exposed to identity theft after an employee sent the names and Social Security numbers of all of the agency's 12,000 people to a private e-mail address
TREND MICRO
Latest Adobe Zero-Day Exploit Leads To Trojan Dropper
A new "critical" vulnerability in Adobe Reader and Acrobat lets the attacker execute code remotely on the victim's machine
THE INQUIRER
Zeus The King Of Botnets
Kaspersky Lab's October malware statistic show that Zeus has become one of the most commonly used and best-selling tools on the online black market, and that fake archiving programs are the latest threat
THREAT POST
Researcher Publishes Android Browser Exploit
A researcher with Alert Logic released code that could be used to hack some versions of Google's Android OS
ABUSE
Introducing: SpyEye Tracker
A researcher has released a new tool for ISPs, CERTs, and law enforcement that tracks the new crimeware kit SpyEye, which could become the new super-banking Trojan
SOPHOS NAKED SECURITY BLOG
Hacker Forces Royal Navy To Suspend Website
'TinKode' says he broke into the main website run by the British Royal Navy, www.royalnavy.mod.uk, revealing usernames and passwords of administrators
CHICAGO TRIBUNE
State Department Official Admits Looking At Passport Files For More Than 500 Celebrities
A State Department official confessed to viewing the passport files of more than 500 celebrities without authorization
PC MAGAZINE
'Anonymous' Takes Down Copyright Office Site Via DDoS
Hactivist group against copyright advocates took down the U.S. Copyright Office's website this week, according to TorrentFreak
THE REGISTER
IE Bug Fix Not Included In Light Patch Tuesday
Microsoft Patch Tuesday for November includes fixes for 11 security vulnerabilities--including a patch for a critical Office vulnerability--but no patch yet for the new IE zero-day bug
ADOBE PRODUCT SECURITY RESPONSE TEAM BLOG
Potential Issue In Adobe Reader
A proof-of-concept posted on Full Disclosure demonstrating a denial-of-service against Reader is being investigated by Adobe
NETWORK WORLD
Financial Services Firms Expand Online Fraud Defense
A look at how some banks are hunkering down in the face of increased security challenges and Trojan attacks
HELP NET SECURITY
Myanmar Cut Off The Internet Ahead Of Elections
Myanmar, formerly known as Burma, was hit with a major DDoS attack that started last last month and crippled most network traffic in and out of the country
IT NEWS
U.S. Military Ready For War In Cyberspace
New U.S. Cyber Command, tasked with protecting 15,000 military computer networks from intruders, is now fully operational, the Defense Department says
BLOOMBERG NEWS
Bank Of America, Citigroup Said To Test IPhone For Mobile E-Mail
Bank of America and Citigroup are testing software that would let employees use the iPhone rather than the BlackBerry for corporate e-mail
SOPHOS NAKED SECURITY BLOG
Two Suspected Zbot Mules Arrested In Wisconsin
Two 21-year-olds, both originally from Moldova, were arrested in Wisconsin for alleged bank fraud as part of the Zbot gang's activities
MICROSOFT
Vulnerability In Internet Explorer Could Allow Remote Code Execution
Software giant offers workarounds until a full patch can be rolled out
YAHOO!
Europe Tests Cyber Defenses Against Hackers
First cross-continental cyber simulation tests the defenses of 30 European countries
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
- Three Principles to Improve Data Security and Compliance
- Aligning IT with strategic business goals: A proactive approach to managing IT risk to your business
- Connecting the Dots: Are You Seeing the Complete Big Data Picture?
- How crowdsourced testing has changed the game for innovative software companies
- Ensuring Your Apps Work in the Real World
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
- Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-3661
The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not check whether linked-list traversal is continually accessing the same list member, which allows local users to cause a denial of service (infinite traversal) via vectors that trigger a crafted PATHRECORD chain.
CVE-2013-3660
The EPATHOBJ::pprFlattenRec function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly initialize a pointer for the next object in a certain list, which allows local users to obtain write access to the PATHRECORD chain, and consequently gain privileges, by triggering excessive consumption of paged memory and then making many FlattenPa...
CVE-2013-3634
The SNMPv3 functionality on Siemens Scalance X200 IRT switches with firmware before X-200IRT 5.1.0 does not properly validate credentials, which allows remote attackers to execute arbitrary SNMP commands by leveraging knowledge of a username.
CVE-2013-3633
The web interface on Siemens Scalance X200 IRT switches with firmware before X-200IRT 5.1.0 relies on client-side privilege checks, which allows remote authenticated users to execute arbitrary commands via unspecified vectors.
CVE-2013-1022 (quicktime)
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted mvhd atoms in a movie file.