Best Of Web
Best Of The Web
THREAT POST
Google Warning Gmail Users On China Spying Attempts
Google is using automated warnings to alert Gmail users about attempts to access personal mail accounts from Internet addresses in China
OESIOK.COM
New Antivirus Market Data
Symantec holds about 16.67 percent of the North American AV market, according to OPSWAT data
THREAT POST
My Opera Found To Host Malware
The My Opera free Web hosting service is the latest prominent hosting service to be gamed by malware distributors
SC MAGAZINE
PCI Council: P2PE Simplifies PCI DSS Compliance
The PCI Standards Council will publish a guidance document on point-to-point encryption (P2PE), also commonly known as end-to-end encryption for securing payment data
EWEEK
Facebook Outage Triggered by Database Software Error
Facebook says a software flaw that crippled its database clusters caused the worst outage at the social network in four years
FBI: Houston Energy Companies Targeted By Hackers
KENS 5
| Expert says attackers are taking aim at U.S. economy
Botnet Operators Shift From China To Russia
V3.CO.UK
Government crackdown may be forcing spammers to new locations, M86 researchers say
Put Me In, Coach
BILLY RIOS' BLOG
Fantasy football league leads to discovery of some interesting exploits on the Web
MICROSOFT NEWS CENTER
Free Microsoft Security Essentials Coming For Small Businesses
Lightweight antivirus and other products offered for free
SOFTPEDIA
New Trojan Steals Digital Certificates
Infostealer.Nimkey is distributed via tax-related spam
OFFICE OF INADEQUATE SECURITY
Victims Of ChoicePoint Data Breach To Receive Redress Checks
After 2006 breach, some 14,000 victims will get a check for $18
NATIONAL PUBLIC RADIO
Seeing The Internet As An "Information Weapon"
Experts wonder why there is no arms control for cyber weapons
READ WRITE WEB
Identity Management And Networks: The Enterprise Considers The Social Way
Many enterprises using social network identities as a means of authenticating users
BILLY RIOS' BLOG
Put Me In, Coach
Fantasy football league leads to discovery of some interesting exploits on the Web
V3.CO.UK
Botnet Operators Shift From China To Russia
Government crackdown may be forcing spammers to new locations, M86 researchers say
KENS 5
FBI: Houston Energy Companies Targeted By Hackers
Expert says attackers are taking aim at U.S. economy
Melbourne Schoolboy Blamed For Twitter Meltdown
ABC NEWS
A 17-year-old Australian schoolboy says he inadvertently caused the attack on Twitter yesterday after tweeting "mouseover" JavaScript code
Alleged Ringleader Of ID Theft Operation Extradited To New York
SC MAGAZINE
Dmitry Naskovets, 26, who allegedly operated a website for identity thieves, was extradited from the Czech Republic on charges of conspiracy to commit wire fraud and credit card fraud, and aggravated identity theft
Turkish Hacker Defaces Kiwi Parliament Website
THE NEW NEW INTERNET
"Iskorpitx" this weekend defaced New Zealand Parliament's official video website, replacing all content with an animated flag and the message "best regards to all world"
ABUSE.CH
New Dropper Uses DNS To Communicate
Trojan dropper spotted using DNS and HTTP in combination to communicate with the command-and-control server
THE REGISTER
Microsoft Warns Of In-The-Wild Attacks On Web App Flaw
Microsoft says it is seeing "limited attacks" exploiting a recently disclosed vulnerability in Microsoft Web development applications that opens password files and other sensitive data to interception and tampering
SC MAGAZINE
Alleged Ringleader Of ID Theft Operation Extradited To New York
Dmitry Naskovets, 26, who allegedly operated a website for identity thieves, was extradited from the Czech Republic on charges of conspiracy to commit wire fraud and credit card fraud, and aggravated identity theft
NETWORK WORLD
The Missing Piece Of Cloud Security?
Recent announcements, however, from VMware, Citrix and Oracle show that enterprise cloud computing is gaining momentum
INFORMATION WEEK GLOBAL CIO BLOG
Larry Ellison Hammers Salesforce.com On Security
Larry Ellison cited Amazon.com and Salesforce.com as examples of different cloud approaches, criticizing the latter for "commingling" customers' data and offering a "very weak security model"
ASERT BLOG
Another Family Of DDoS Bots: Avzhan
New DDoS bot family appears to be related to IMDDOS
ABC NEWS
Melbourne Schoolboy Blamed For Twitter Meltdown
A 17-year-old Australian schoolboy says he inadvertently caused the attack on Twitter yesterday after tweeting "mouseover" JavaScript code
THE NEW NEW INTERNET
Turkish Hacker Defaces Kiwi Parliament Website
"Iskorpitx" this weekend defaced New Zealand Parliament's official video website, replacing all content with an animated flag and the message "best regards to all world"
PC WORLD
The World's Strangest Computer Security Products
Sometimes security product development takes a turn for the weird
TRENDLABS MALWARE BLOG
Adobe Fixes Flash Player Bugs; Acrobat And Reader Still Vulnerable
Patches for the latter two bugs will be available Oct. 4, company says
NEW YORK OBSERVER
Are You Human? This Advertisement Will Decide
Startup vendor proposes replacing CAPTCHA with targeted ads
EXAMINER.COM
Does The "Here You Have" Virus Have All Of Your Computer Passwords?
Intent of attack may have been password-gathering, expert says
CANADIAN CENTER OF INTELLIGENCE AND SECURITY STUDIES
Cyber Probing: The Politicization Of Virtual Attack
Probing of other country's systems is becoming a commonplace strategy for many governments
RED CONDOR
"Here You Have" Virus Does Not Compare To Plug-And-Play Malware Threat
Spam campaign turned out to be a low-level threat that got a lot of airtime
INFOWORLD
Don't Let Company Politics Dictate Your Security Priorities
When your network is compromised, address the most pressing risks first
H ONLINE
ZoneAlarm Scares Users With "Virus Alert"
Marketing campaign causes consternation among users
YAHOO NEWS
Hackers Hit Hollywood's Piracy Watchdog
The Motion Picture Association of America???s website was temporarily knocked offline Saturday by pirates upset with an escalation in anti-piracy efforts
THE MICROSOFT SECURITY RESPONSE CENTER (MSRC)
Security Advisory For ASP.Net Vulnerability
A publicly disclosed vulnerability in ASP.NET affects all versions of the .NET Framework; Microsoft offers workarounds
ALL SPAMMED UP
ISP That Won $2.6 Million Drops Suit Under Threat Of Bankruptcy
Asis Internet Services has dropped its lawsuit against Subscriberbase, claiming the lawsuit it filed and lost against AzoogleAds.com may send it to bankruptcy
AOL NEWS
Company: Drone Program Using Hacked Software
Intelligent Integration Systems Inc. has filed a lawsuit to immediately stop customers, including the CIA, from using proprietary geospatial software it says another company illegally reverse-engineered
YAHOO NEWS
Hackers Hit Hollywood's Piracy Watchdog
The Motion Picture Association of America's website was temporarily knocked offline Saturday by pirates upset with an escalation in anti-piracy efforts
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- Endpoint Security: End user security requires layers of tools and training as employees use more devices and apps.
- Security Isn't A Piece Of Cake: It's time we rethink the conventional wisdom about security layering.
- BYOD Is Here To Stay: Trying to keep employees' devices off the network is futile.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-2969
Cross-site scripting (XSS) vulnerability in IBM Sterling Control Center (SCC) 5.2 before 5.2.0.9, 5.3 before 5.3.0.4, and 5.4 through 5.4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving invalid characters.
CVE-2013-2968
An unspecified buffer-read method in IBM Sterling Control Center (SCC) 5.2 before 5.2.0.9, 5.3 before 5.3.0.4, and 5.4 through 5.4.0.1 allows remote authenticated users to cause a denial of service via a large file that lacks end-of-line characters.
CVE-2013-4622
The 3G Mobile Hotspot feature on the HTC Droid Incredible has a default WPA2 PSK passphrase of 1234567890, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area.
CVE-2013-0484
The server process in IBM Cognos TM1 10.1.x before 10.1.1 FP1 allows remote attackers to cause a denial of service (daemon crash) via an undocumented API call that triggers the transmission of unexpected data.
CVE-2013-3744
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2400.