Best Of Web
Best Of The Web
TG DAILY
Nefarious Mac OS X Trojan Spotted In The Wild
Malware masquerades as a video link in email or Facebook
TECH CENTRAL
MWeb Security Breach Not A Hack
ISP says data could have been stolen by an authorized user
GOVERNMENT ACCOUNTABILITY OFFICE
National Archives and Records Administration Needs To Implement Key Controls
Federal agency has not done enough to protect the security of documents, GAO says
CNET
Amid Criticism, WikiLeaks Shifts Focus
Site evolves from geek-driven community under power personality of spokesperson Julian Assange
TECHDIRT
Judge Orders Limewire To Shut Down; Limewire Pretends It Can Still Exist
Judge's decree guts functionality from file-sharing site
ZDNET
Boing Boing Hacked Following Redesign
Hackers deface popular site via SQL injection
ALL SPAMMED UP
Arizona Man Pleads Guilty In Pump And Dump Spam Scheme
Man faces five years in prison after pleading guilty to being the mastermind in a pump and dump spam scheme that used a Russian botnet to spam and hack into brokerage accounts to buy penny stocks without the knowledge of the account owners
SECURE MAC
Boonana Trojan Horse
SecureMac has discovered a new Trojan in the wild that affects Mac OS X, including Snow Leopard (OS X 10.6), the latest version of OS X that is spreading via social network sites disguised as a video
HEALTHCARE INFOSECURITY
5 Million Affected By Health Breaches
More than 5 million Americans have been affected by major healthcare data breaches since September 2009, according to federal government data on reported incidents
INFOLAW GROUP
Is Social Networking Disclosing Your Trade Secret Customer Lists?
So far, there have been no fully tried cases on disclosure of trade secrets, such as a client/customer list via social media and social networking
TREND MICRO BLOG
Firefox Zero-Day Found in Compromised Nobel Peace Prize Website
The official website of the Nobel Peace Prize was used to serve an exploit targeting a zero-day vulnerability in Mozilla Firefox that allows an attacker to wage a drive-by download attack
THREAT POST
Inside Google's Anti-Malware Operation
Google uses virtual machines running unpatched versions of Windows and Internet Explorer that it points at potentially malicious URLs to determine malware-serving sites
CIO UPDATE
White House Forms Internet Privacy Subcommittee
The Obama administration has formed a new advisory panel to create a policy framework for the collection and use of personal information on the Internet
THE NEW YORK TIMES
E-Mail Spam Falls After Russian Crackdown
Russian law enforcement officials are investigating suspected spam kingpin, Igor A. Gusev, who may have fled the country
NEW YORK TIMES
Iranian Cyber Army Moves Into Botnets
Group that previously attacked Twitter also could be running a for-rent botnet, researcher says
TECH CENTRAL
MWeb Hacked, Users' Details Exposed
Hackers publish user names and passwords on the Web
ZDNET
Chip-And-Pin Crack Code Released As Open Source
Device can modify communications between a credit card and a terminal, researcher says
EWEEK
Botnet For Sale Business Going Strong, Security Researchers Say
Renting out space on a botnet is good business for the bad guys
NEWS ABOUT FRAUD
Research On Avoiding Fraud In Biometric Identification
Researchers in Madrid outline ways that biometrics can be spoofed--and how to prevent them
SECURITY WEEK
The Rise Of The Small Botnet
Bad guys seek to harness smaller networks that fly under the radar, researchers say
SUNBELT BLOG
Web Filtering: Are Employees Offended?
Lack of trust could cause issues with company personnel, study says
CORNELL UNIVERSITY
"Fabric" Application Programming Language Builds Security Into Development
Java extension builds security into development process
WASHINGTONPOST.COM
Google 'Mortified' That Street View Cars Scarfed Up E-Mail, Passwords; Privacy Criticism Intensifies
Google's Street View cars found out more about Internet users than previously revealed
DATABREACHES.NET
MetLife Reports Employee Snooped On Files Of Public Figures
MetLife letter to the New Hampshire Attorney General's office says the third-party provider whose database they use to run searches on individuals recently notified them that one of MetLife's employees had been misusing the database to run searches on public figures
GOOGLE NEWS
US Releases Cyber Warfare Manual
New Air Force manual for cyberwarfare is unclassified and discusses mostly the need to protect U.S. military secrets--analysts say the military appears to be keeping its offensive plans secret
ITP.NET
Update: BlackBerry Data Security Study Underway
University of Toronto scientists are studying how the BlackBerry's data traffic is handled in countries such as the UAE, where it has been under scrutiny for security reasons
DATABREACHES.NET
MetLife Reports Employee Snooped On Files Of Public Figures
MetLife letter to the New Hampshire Attorney General's office says the third-party provider whose database they use to run searches on individuals recently notified them that one of MetLife's employees had been misusing the database to run searches on public figures
GOOGLE NEWS
US Releases Cyber Warfare Manual
New Air Force manual for cyberwarfare is unclassified and discusses mostly the need to protect U.S. military secrets--analysts say the military appears to be keeping its offensive plans secret
DOWNLOAD SQUAD
Mozilla Pays 12-Year-Old $3000 For Finding Critical Vulnerability In Firefox
San Jose boy was awarded $3,000 for finding a buffer overflow bug in 'document.write'
MSNBC
Paladino's Facebook Page Hit By Hackers
New York gubernatorial candidate Carl Paladino's public Facebook profile was hacked and populated with inflammatory photo captions, such as "Join the Confederacy. Crazy Carl: The Candidate for the Fringe"
CNET
Researchers Hack Toys, Attack iPhones At ToorCon
"Weaponized" iPhone software, hacked toys, and leaked cookies were among the hot presentations at the ToorCon security conference
ITP.NET
Update: BlackBerry Data Security Study Underway
University of Toronto scientists are studying how the BlackBerry's data traffic is handled in countries such as the UAE, where it has been under scrutiny for security reasons
WASHINGTONPOST.COM
Google 'Mortified' That Street View Cars Scarfed Up E-Mail, Passwords; Privacy Criticism Intensifies
Google's Street View cars found out more about Internet users than previously revealed
FORBES BLOG
Wikileaks Hacked By 'Very Skilled' Attackers Prior To Iraq Doc Release
A WIKILEAKS source says the organization's server in Amsterdam, used to host its encrypted instant messaging communications, was compromised by an unknown attacker, and the chat service had to be relocated to another server
ADOBE PRODUCT SECURITY INCIDENT RESPONSE TEAM BLOG
New Critical Zero-Day Found In Shockwave Player
Adobe has issued a security advisory warning of a critical flaw in in Adobe Shockwave Player 11.5.8.612 and earlier versions on the Windows and Macintosh that can crash the app and let an attacker take over the victim's machine
H ONLINE
Trojan Trouble At Lenovo
Lenovo's service and support-related training website is spreading the hackload.AD Trojan
ANTI-PHISHING WORKING GROUP
APWG Industry Advisory: Avalanche, Phishing Fall
Avalanche, the world's largest phishing gang, moved from phishing to pushing the Zeus banking Trojan in the first half of this year
ANTI-PHISHING WORKING GROUP
APWG Industry Advisory: Avalanche, Phishing Fall
Avalanche, the world's largest phishing gang, moved from phishing to pushing the Zeus banking Trojan in the first half of this year
H ONLINE
Trojan Trouble At Lenovo
Lenovo's service and support-related training website is spreading the hackload.AD Trojan
BKIS BLOG
Tracking Zeus Botnet Which Updates Like Conficker
New Zeus Trojan variants update like the Conficker worm, and this new botnet encompasses nearly 19,000 bots, 34 percent of which are located in the U.S.
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- Endpoint Security: End user security requires layers of tools and training as employees use more devices and apps.
- Security Isn't A Piece Of Cake: It's time we rethink the conventional wisdom about security layering.
- BYOD Is Here To Stay: Trying to keep employees' devices off the network is futile.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-3744
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2400.
CVE-2013-3743
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 45 and earlier and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT.
CVE-2013-2473
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, and CVE-2013-2472.
CVE-2013-2472
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, and CVE-2013-2473.
CVE-2013-2471
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2469, CVE-2013-2470, CVE-2013-2472, and CVE-2013-2473.