Best Of Web
Best Of The Web
MCAFEE AVERT LABS BLOG
Zeus Crimeware Toolkit
An inside look at Zeus toolkit that comes with a control panel typically used to track the botnet infections and enables the attacker to remotely control and send commands to bots
THE REGISTER
Man Gets 6 Years For Laundering $2.5m From Phony Credit Cards
A California man worked with money mules who used stolen credit card data to withdraw money from ATMs
H-ONLINE
Hole In Linux Kernel Provides Root Rights - Update
A vulnerability in the 32-bit compatibility mode of the current Linux kernel and previous versions for 64-bit systems can be exploited to escalate privileges
CSO ONLINE
Adobe Will Patch Flash Bug Today
Adobe accelerated the delivery of a patch for a critical vulnerability in Flash
NETWORK WORLD
Inside Intel's Security Organization
The "Here You Have" e-mail worm hit Intel--4,400 of its employees clicked on the malware, and 400 machines were infected
AVIRA BLOG
The Anti-Botnet Initiative
Eco and The German Federal Bureau for Information Security are also offering telephone hotline for users who might have been infected by bots, and major German ISPs are also participating
FIERCE GOVERNMENT IT
A Merging Of Civilian And National Security System Cybersecurity Underway
An anticipated policy change requiring national security systems to follow selected National Institute of Standards and Technology cybersecurity guidance is blurring the lines between civilian and national security systems, according to the Government Accountability Office
EWEEK
Adobe Advises Users Be Wary Of Unofficial Security Patches
Adobe Systems says unofficial patches can cause unexpected damage and advises caution before applying an unofficial patch provided by a security company for a zero-day being exploited in the wild
COMPUTERWORLD
Mozilla Halts Firefox Security Updates
Mozilla is investigating a bug in a new version of Firefox that caused computers to crash
THE REGISTER
Code For Open-Source Facebook Littered With Landmines
Four New York University students who built Diaspora, a privacy-preserving alternative to Facebook, were under fire as hackers began finding security flaws in the pre-alpha release source code
US CERT
Apple Releases QuickTime 7.6.8
Apple fixed two vulnerabilities affecting earlier versions of QuickTime for Windows, including an insecure loading issue with dynamic link libraries (DLLs)
THREAT POST
Security A Concern As HTML5 Gains Traction
HTML5, the next-generation HTML, could usher in a new generation of powerful Web attacks
YAHOO!
Microsoft Overlooks Four Stuxnet Zero-Day Bugs In Patch Tuesday
Vulnerabilities could pose problems for Windows users, researchers warn
McAFEE LABS
New Phishing Scam Targets Electronic Federal Tax Payment System Users
Fraudulent email message claims to be a rejected tax payment
SUNBELT BLOG
Google Image Searches For "Marvin Sapp" Have Been Poisoned
Fake antivirus peddlers target searches of gospel singer/songwriter following his wife's death
TECHWORLD
Google Engineer Fired For Privacy Violations
Ex-employee reportedly accessed accounts belonging to teenagers
NETWORK WORLD
Ultimate Privacy: How To Disappear, Erase Digital Footprints, And Vanish Without A Trace
Privacy expert Frank Ahearn can help you legally poof and fall off the grid
V3.CO.UK
UK Firms Gloomy On Security Spending
Only one-third predict an increase in spending in the coming year
MSNBC
Personal Information Stolen From Rice University
Stolen device contained personal data on thousands of faculty and staff, report says
THE RAW STORY
U.S. Urges NATO To Build "Cyber Shield"
Cybersecurity should be a key plank in alliance's defense platform, U.S. officials say
ZDNET
Criminals Use Hacked Email To Steal House
Sophisticated scam results in the unauthorized sale by criminals of an Australian man's half-million dollar home after his email account credentials are stolen
FOX
NBA Star Shaquille O'Neal Sued For Computer Hacking, Framing Former Employee
Shaquille O'Neal faces allegations of hacking and destroying email evidence in an attempt to frame a former employee
ZSCALER BLOG
Attackers Re-Create An Entire Facebook Site For Phishing
Russian phishing site has cloned all Facebook pages and in 64 different languages
ARS TECHNICA
Appeals Court Guts Landmark Computer Privacy Ruling
A federal appeals court Monday reversed its decision that had dramatically narrowed the government's search-and-seizure powers in computers
SYMANTEC BLOG
Stuxnet Introduces the First Known Rootkit for Industrial Control Systems
Researchers say Stuxnet isn't just a rootkit that hides itself on Windows, but is also the first publicly known rootkit able to hide injected code located on a PLC
YAHOO NEWS
Trojan Monitors Your Porn Surfing Habits, Threatens to Blackmail You
The Kenzero Trojan out of Japan posts your browser history, favorites, illegally downloaded porn, and clipboard content to a public website, and then its creators demand payment of $18 to remove the details
GAWKER
Google Engineer Stalked Teens, Spied on Chats (Updated)
A Google engineer spied on four underage teens for months before the company was notified of the abuses
COMPUTERWORLD
Researchers Clash Over Possible Return Of Google Attackers
Secureworks shoots down Symantec researcher's suggestion that the cybercriminals who hacked into Google and other firms are back in a new attack
THREATPOST
'Padding Oracle' Crypto Attack Affects Millions Of ASP.NET Apps
Weakness in cookie-handling process could allow attackers to hijack online banking sessions
IT WORLD
Siemens: Stuxnet Worm Hit Industrial Systems
Siemens confirms 14 plants have been infected; some systems might have been reprogrammed
MICROSOFT
Microsoft Issues Nine Patches On Patch Tuesday
Four patches are considered critical, software giant says
SOPHOS
No Certificate For You! VeriSign Revokes Cert From Malware Fiends
Rejection of signing certificate could be problematic for users, expert says
SYMANTEC
Aurora Attackers Back?
Activity suggests the distributors of Trojan.Hydraq could be up to their old tricks
ADOBE
Security Advisory For Adobe Reader And Acrobat
Patch for zero-day vulnerability is rolled out for Adobe Flash Player as well
TRENDLABS MALWARE BLOG
Mehika Twitter Botnet Targets Twitter Users
Twitter account used to send out commands to botnet zombies, researchers say
TECHWORLD
Hacker Claims 'Here You Have' Worm Was Propaganda Tool
"Iraq Resistance" says he didn't expect worm to spread as widely as it did
GARY WARNER BLOGSPOT
Random Pseudo-URLs Try to Confuse Anti-Spam Solutions
URLs reported potential phish, but the links aren't real URLs
F-SECURE BLOG
Apple's iOS 4.1 Fixes 24 Vulnerabilities
Apple releases iOS version 4.1, which patches 24 security vulnerabilities -- 20 of which are related to WebKit
COMPUTERWORLD
Hotel Operator Warns Of Data Breach
Attacks on point-of-sale systems at HEI Hospitality, owner of Marriott, Sheraton, Westin, and other hotels, may have exposed card data on 3,400 customers
SYMANTEC
State of Spam And Phishing Report
92.51 percent of all messages were spam in August, up from 91.89 percent in July
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
- Three Principles to Improve Data Security and Compliance
- Aligning IT with strategic business goals: A proactive approach to managing IT risk to your business
- Connecting the Dots: Are You Seeing the Complete Big Data Picture?
- How crowdsourced testing has changed the game for innovative software companies
- Ensuring Your Apps Work in the Real World
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
- Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-3661
The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not check whether linked-list traversal is continually accessing the same list member, which allows local users to cause a denial of service (infinite traversal) via vectors that trigger a crafted PATHRECORD chain.
CVE-2013-3660
The EPATHOBJ::pprFlattenRec function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly initialize a pointer for the next object in a certain list, which allows local users to obtain write access to the PATHRECORD chain, and consequently gain privileges, by triggering excessive consumption of paged memory and then making many FlattenPa...
CVE-2013-3634
The SNMPv3 functionality on Siemens Scalance X200 IRT switches with firmware before X-200IRT 5.1.0 does not properly validate credentials, which allows remote attackers to execute arbitrary SNMP commands by leveraging knowledge of a username.
CVE-2013-3633
The web interface on Siemens Scalance X200 IRT switches with firmware before X-200IRT 5.1.0 relies on client-side privilege checks, which allows remote authenticated users to execute arbitrary commands via unspecified vectors.
CVE-2013-1022 (quicktime)
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted mvhd atoms in a movie file.