Best Of Web
Best Of The Web
HEALTH INFOSECURITY
Preventing Insider Medical ID Theft
Medical identify theft cases like recent ones in Louisiana, Florida, and Texas, could be prevented by auditing and monitoring employee activity, restricting their access to patient data, and beefing up employee training
THE REGISTER
Better Than Adobe' Foxit PDF Plugin Hit By Worse-Than-Adobe 0-Day
A new security flaw in the Foxit PDF reader plug-in for Web browsers could allow attackers to install malware on the victim's machine
SECURITY WEEK
Iran Denies It's Behind Cyber Attacks On US Banks
Iranian officials told the country's official news agency that Iran is not behind cyberattacks against U.S. banks and that it would be a 'violation of the sovereignty of nations'
INFORISK TODAY
3% Unemployment Among Infosec Pros?
After seven consecutive quarters of no joblessness, IT security now has an about three percent jobless rate, according to an unpublished U.S. Bureau of Labor Statistics report
COMPUTERWORLD
Google Revs Up Chrome, Crushes Bugs
A new Chrome update includes patches for 24 vulnerabilities as well as a faster start-up and additional performance improvements for the browser
SLASHGEAR
Nokia Confirms HTTPS Traffic Is Temporarily Decrypted On Its Servers
Nokia says its servers are decrypting all data that flows through HTTPS connections, including from banking apps and encrypted e-mail, and others but that it’s not accessing customer data
QW MAGAZINE
Texas Judge Rules Schools Can Force RFID Chips On Students
U.S. District Court ruled that the San Antonio Northside School District in Texas has the right to expel a student for refusing to wear her student badge with RFID-tracking technology
IVIZ
Web Application Vulnerability Statistics Of 2012
Study shows 99 percent of apps tested had at least one vulnerability
SOFTPEDIA
Fake US Airways Online Registration Confirmation Emails Serve Malware
In latest spam run, crooks rely on bogus online registration confirmation emails to trick users into clicking on malicious links
KREBS ON SECURITY
Police Arrest Alleged Zeus Botmaster "bx1"
Man arrested in Thailand is suspected of stealing millions from online bank accounts
WIKILEAKS
Judge Refuses To Drop Charges In Bradley Manning Hearing
Alleged WikiLeaks source asks for charges to be dropped but awards 112 days of sentencing credit
CSO
Better Business-Government Teamwork Needed To Categorically Fight Cyberthreats
Business Roundtable says cyberthreats to their businesses have become severe
SOFTPEDIA
Anonymous Asks U.S. President To Make DDoS Attacks A Legal Form Of Protesting
Hacktivist group submits petition to White House's "We The People" website
GOOGLE
Detective Guilty Of Offering Leaks In Hacking Scandal
Detective tried to sell information about a phone hacking investigation to the Rupert Murdoch-owned News of the World tabloid
BUSINESS INSIDER
US Government Says WikiLeaks Material Was Found At Osama Bin Laden's Safe House
Leaked documents were studied by al-Qaeda, testimony says
SC MAGAZINE
Debate: Bug Bounty Programs
Chris Evans, a software engineer at Google, argues that properly managed bug bounty programs make organizations more secure, while Ward Spangenberg, director of security at Pearl.com, contends that secure coding and analysis is a better bet
THE NEW YORK TIMES
Bank Hacking Was the Work of Iranians, Officials Say
U.S. government officials think the DDoS attacks that commandeered servers was likely the work of Iran in retaliation for economic sanctions by the U.S.
IDG NEWS
Obama's CIA Nominee An Advocate For Federal Cybersec Regulations
CIA director nominee John Brennan been a vocal supporter of federal cybersecurity legislation in recent months--he was among officials who called for the Senate to quickly pass the since-failed Cybersecurity Act of 2012
FINEXTRA
Hacker Jailed Over Subway Store POS Attack
A Romanian man was sentenced to 21 months in prison for his role in the hack of point-of-sale systems at hundreds of U.S. Subway restaurants and the compromise of thousands of payment cards resulting in millions of dollars in theft
KREBS ON SECURITY
Facebook, Yahoo Fix Valuable $ecurity Hole$
Facebook and Yahoo have now fixed security flaws that could allow hackers to hijack user accounts, and exploits for both bugs appear to have been sold by the same cyberciminal
NAKED SECURITY BLOG
US-Wanted "Bank Hacker" Is All Smiles As He Is Arrested At Bangkok Airport
An alleged hacker wanted by the FBI for stealing millions of dollars from online bank accounts was arrested by Thai police and paraded in front of media
THREAT POST
Exploit Code For Ruby On Rails Flaw Likely On The Horizon
The bugs patched yesterday in Ruby on Rails could be used for serious attacks and Metasploit creator calls the XML parsing bug ‘worst security issue’ ever for the platform
SECURITY LEDGER
Does Your LinkedIn Profile Hold The Key To Your Password?
An experimental dataflow programming language allowed a researcher to derive passwords from public content in LinkedIn profiles
MCAFEE
What's On Your Phone? A Lot More Than You Realize
As smartphones replace PCs, the need for security becomes increasingly great
CYBER WARZONE
FBI.gov Hacked Again By Anonymous And Ghost Shell
PasteBin posting says agency website has been compromised
SOFTPEDIA
Over 1,400 Indian Sites Hacked By BGHH In Memory Of Girl Killed By BSF
Members of the Bangladesh Grey Hat Hackers group claim to have breached and defaced hundreds of Indian websites in protest
H SECURITY
Yahoo Adds HTTPS Support To Yahoo Mail
Yahoo begins to catch up with other webmail providers
FINEXTRA
Hacker Jailed Over Subway Store POS Attack
Romanian man is sentenced to prison for his role in scam that hacked hundreds of U.S. Subway shops
CNN Money
Nations Prepare For Cyber War
Analysts predict that nation-sponsored cyberwar will go mainstream this year -- and may lead to actual deaths
SOFTPEDIA
Anonymous Calls For Germany To Protest Against Censorship And Surveillance
Feb. 23 will be an "international day of action against censorship and surveillance," hacktivist group says
SC MAGAZINE
Linguistics Identifies Anonymous Users
Researchers reveal carders, hackers on underground forums using linguistic study
LE MONDE
In Romania, A Quiet City Has Become The Global Hub For Hackers And Online Crooks
Insight from some cybercriminals cashing in on the easy marks online -- especially U.S. users
SOFTPEDIA
Algerian Hacker Wanted In The US Arrested By Thai Police
A man wanted by the FBI for allegedly hacking accounts in more than 200 banks and financial institutions worldwide was arrested by Thai police -- laptops, a tablet computer, a satellite phone, and some external hard drives were found with him
NAKED SECURITY BLOG
John Mcafee Says He Infected Laptops With Malware, Spied And Stole Passwords From Belize Officials
John McAfee is now saying he gave Belize officials cheap laptops infected with keylogging spyware
THE NEXT WEB
Yahoo Mail Users Hit By Widespread Hacking, XSS Exploit Seemingly To Blame
Yahoo Mail users are being targeted with emails that include a link that exploits a DOM-Based XSS vulnerability in major browsers to hack email accounts
WIRED
Japanese Hacker Continues To Taunt Police With Clue Strapped To Cat
Japanese police have recovered a memory card from the collar of a cat found near Tokyo in the latest development in their hunt for a hacker who has been sending them clues for months
REUTERS
Exclusive: U.S. Nuclear Lab Removes Chinese Tech Over Security Fears
Los Alamos National Laboratory recently discovered its computer systems contained some Chinese-made network switches and replaced at least two due to national security concerns
SECURITY WEEK
NVIDIA Releases Fix For Dangerous Display Driver Exploit
Graphics card maker NVIDIA has released a driver update (version 310.90) that fixes a new security vulnerability in the NVIDIA Display Driver service
INFOSECURITY MAGAZINE
Data Can Be Hidden In Skype's Silence
Pauses in Skype sessions could be exploited to include secret encrypted messages in a steganographic-type attack
SOFTPEDIA
HeartBeat: Advanced Persistent Threat Aimed At South Korean Government
APT campaign studied by Trend Micro has been going after the South Korean government and related organizations since at least 2009
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
- Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-2059
OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API, which allows remote authenticated users to retain access via the token.
CVE-2013-2007
The qemu guest agent in Qemu 1.4.1 and earlier, as used by Xen, when started in daemon mode, uses weak permissions for certain files, which allows local users to read and write to these files.
CVE-2013-2006
OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the (1) admin_token and (2) LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file.
CVE-2013-1977
OpenStack devstack uses world-readable permissions for keystone.conf, which allows local users to obtain sensitive information such as the LDAP password and admin_token secret by reading the file.
CVE-2013-1964
Xen 4.0.x and 4.1.x incorrectly releases a grant reference when releasing a non-v1, non-transitive grant, which allows local guest administrators to cause a denial of service (host crash), obtain sensitive information, or possible have other impacts via unspecified vectors.