Best Of Web
Best Of The Web
THREAT POST
Google Warning Gmail Users On China Spying Attempts
Google is using automated warnings to alert Gmail users about attempts to access personal mail accounts from Internet addresses in China
OESIOK.COM
New Antivirus Market Data
Symantec holds about 16.67 percent of the North American AV market, according to OPSWAT data
THREAT POST
My Opera Found To Host Malware
The My Opera free Web hosting service is the latest prominent hosting service to be gamed by malware distributors
SC MAGAZINE
PCI Council: P2PE Simplifies PCI DSS Compliance
The PCI Standards Council will publish a guidance document on point-to-point encryption (P2PE), also commonly known as end-to-end encryption for securing payment data
EWEEK
Facebook Outage Triggered by Database Software Error
Facebook says a software flaw that crippled its database clusters caused the worst outage at the social network in four years
FBI: Houston Energy Companies Targeted By Hackers
KENS 5
| Expert says attackers are taking aim at U.S. economy
Botnet Operators Shift From China To Russia
V3.CO.UK
Government crackdown may be forcing spammers to new locations, M86 researchers say
Put Me In, Coach
BILLY RIOS' BLOG
Fantasy football league leads to discovery of some interesting exploits on the Web
MICROSOFT NEWS CENTER
Free Microsoft Security Essentials Coming For Small Businesses
Lightweight antivirus and other products offered for free
SOFTPEDIA
New Trojan Steals Digital Certificates
Infostealer.Nimkey is distributed via tax-related spam
OFFICE OF INADEQUATE SECURITY
Victims Of ChoicePoint Data Breach To Receive Redress Checks
After 2006 breach, some 14,000 victims will get a check for $18
NATIONAL PUBLIC RADIO
Seeing The Internet As An "Information Weapon"
Experts wonder why there is no arms control for cyber weapons
READ WRITE WEB
Identity Management And Networks: The Enterprise Considers The Social Way
Many enterprises using social network identities as a means of authenticating users
BILLY RIOS' BLOG
Put Me In, Coach
Fantasy football league leads to discovery of some interesting exploits on the Web
V3.CO.UK
Botnet Operators Shift From China To Russia
Government crackdown may be forcing spammers to new locations, M86 researchers say
KENS 5
FBI: Houston Energy Companies Targeted By Hackers
Expert says attackers are taking aim at U.S. economy
Melbourne Schoolboy Blamed For Twitter Meltdown
ABC NEWS
A 17-year-old Australian schoolboy says he inadvertently caused the attack on Twitter yesterday after tweeting "mouseover" JavaScript code
Alleged Ringleader Of ID Theft Operation Extradited To New York
SC MAGAZINE
Dmitry Naskovets, 26, who allegedly operated a website for identity thieves, was extradited from the Czech Republic on charges of conspiracy to commit wire fraud and credit card fraud, and aggravated identity theft
Turkish Hacker Defaces Kiwi Parliament Website
THE NEW NEW INTERNET
"Iskorpitx" this weekend defaced New Zealand Parliament's official video website, replacing all content with an animated flag and the message "best regards to all world"
ABUSE.CH
New Dropper Uses DNS To Communicate
Trojan dropper spotted using DNS and HTTP in combination to communicate with the command-and-control server
THE REGISTER
Microsoft Warns Of In-The-Wild Attacks On Web App Flaw
Microsoft says it is seeing "limited attacks" exploiting a recently disclosed vulnerability in Microsoft Web development applications that opens password files and other sensitive data to interception and tampering
SC MAGAZINE
Alleged Ringleader Of ID Theft Operation Extradited To New York
Dmitry Naskovets, 26, who allegedly operated a website for identity thieves, was extradited from the Czech Republic on charges of conspiracy to commit wire fraud and credit card fraud, and aggravated identity theft
NETWORK WORLD
The Missing Piece Of Cloud Security?
Recent announcements, however, from VMware, Citrix and Oracle show that enterprise cloud computing is gaining momentum
INFORMATION WEEK GLOBAL CIO BLOG
Larry Ellison Hammers Salesforce.com On Security
Larry Ellison cited Amazon.com and Salesforce.com as examples of different cloud approaches, criticizing the latter for "commingling" customers' data and offering a "very weak security model"
ASERT BLOG
Another Family Of DDoS Bots: Avzhan
New DDoS bot family appears to be related to IMDDOS
ABC NEWS
Melbourne Schoolboy Blamed For Twitter Meltdown
A 17-year-old Australian schoolboy says he inadvertently caused the attack on Twitter yesterday after tweeting "mouseover" JavaScript code
THE NEW NEW INTERNET
Turkish Hacker Defaces Kiwi Parliament Website
"Iskorpitx" this weekend defaced New Zealand Parliament's official video website, replacing all content with an animated flag and the message "best regards to all world"
PC WORLD
The World's Strangest Computer Security Products
Sometimes security product development takes a turn for the weird
TRENDLABS MALWARE BLOG
Adobe Fixes Flash Player Bugs; Acrobat And Reader Still Vulnerable
Patches for the latter two bugs will be available Oct. 4, company says
NEW YORK OBSERVER
Are You Human? This Advertisement Will Decide
Startup vendor proposes replacing CAPTCHA with targeted ads
EXAMINER.COM
Does The "Here You Have" Virus Have All Of Your Computer Passwords?
Intent of attack may have been password-gathering, expert says
CANADIAN CENTER OF INTELLIGENCE AND SECURITY STUDIES
Cyber Probing: The Politicization Of Virtual Attack
Probing of other country's systems is becoming a commonplace strategy for many governments
RED CONDOR
"Here You Have" Virus Does Not Compare To Plug-And-Play Malware Threat
Spam campaign turned out to be a low-level threat that got a lot of airtime
INFOWORLD
Don't Let Company Politics Dictate Your Security Priorities
When your network is compromised, address the most pressing risks first
H ONLINE
ZoneAlarm Scares Users With "Virus Alert"
Marketing campaign causes consternation among users
YAHOO NEWS
Hackers Hit Hollywood's Piracy Watchdog
The Motion Picture Association of America???s website was temporarily knocked offline Saturday by pirates upset with an escalation in anti-piracy efforts
THE MICROSOFT SECURITY RESPONSE CENTER (MSRC)
Security Advisory For ASP.Net Vulnerability
A publicly disclosed vulnerability in ASP.NET affects all versions of the .NET Framework; Microsoft offers workarounds
ALL SPAMMED UP
ISP That Won $2.6 Million Drops Suit Under Threat Of Bankruptcy
Asis Internet Services has dropped its lawsuit against Subscriberbase, claiming the lawsuit it filed and lost against AzoogleAds.com may send it to bankruptcy
AOL NEWS
Company: Drone Program Using Hacked Software
Intelligent Integration Systems Inc. has filed a lawsuit to immediately stop customers, including the CIA, from using proprietary geospatial software it says another company illegally reverse-engineered
YAHOO NEWS
Hackers Hit Hollywood's Piracy Watchdog
The Motion Picture Association of America's website was temporarily knocked offline Saturday by pirates upset with an escalation in anti-piracy efforts
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
- Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-3562
Multiple integer signedness errors in the tvb_unmasked function in epan/dissectors/packet-websocket.c in the Websocket dissector in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (application crash) via a malformed packet.
CVE-2013-3561
Multiple integer overflows in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (loop or application crash) via a malformed packet, related to a crash of the Websocket dissector, an infinite loop in the MySQL dissector, and a large loop in the ETCH dissector.
CVE-2013-3560
The dissect_dsmcc_un_download function in epan/dissectors/packet-mpeg-dsmcc.c in the MPEG DSM-CC dissector in Wireshark 1.8.x before 1.8.7 uses an incorrect format string, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
CVE-2013-3559
epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.8.x before 1.8.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (integer overflow, and heap memory corruption or NULL pointer dereference, and application crash) via a malformed packet.
CVE-2013-3558
The dissect_ccp_bsdcomp_opt function in epan/dissectors/packet-ppp.c in the PPP CCP dissector in Wireshark 1.8.x before 1.8.7 does not terminate a bit-field list, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.