Best Of Web
Best Of The Web
DATABREACHES.NET
ID Thief Who Had Wells Fargo Customer Info Sentenced
Jonah Hanneke Nelson was sentenced to 58 months in prison following a plea agreement over charges of ID theft and bank fraud
SKUNKPOST
BlackBerry Battle: UN Says Share The Data
The United Nations' telecommunications chief says Research In Motion should provide law enforcement agencies around the world access to its customer data
GOVERNMENT COMPUTER NEWS
Snoop Dogg Joins Cybercrime Fight Because 'Hack Is Wack'
Rapper Snoop Dogg and Symantec's Norton are sponsoring a video contest for raps about hacking, identity theft, and computer viruses -- the winner gets to meet Snoop, two free tickets to his concert, and a new laptop with Norton Internet Security 2011
MICROSOFT SECURITY RESEARCH & DEFENSE BLOG
The Enhanced Mitigation Experience Toolkit 2.0 is Now Available
EMET applies security mitigation technologies to prevent vulnerabilities in third-party or other applications from successfully being exploited
THREAT POST
Apple Uses Security Advisory to Push iTunes 10 Upgrade
Aside from a new social network and GUI upgrades, in the iTunes 10 version Apple also fixed some major vulnerabilities that leave iTunes prone to Web-based attacks
PC WORLD
To Boost Security, Facebook Adds Remote Logout
Facebook is gradually rolling out a new security feature that lets users see which computers and devices are logged into their Facebook accounts so they can remove unauthorized ones
US-CERT
Google Releases Chrome 6.0.472.53
Google has released Chrome 6.0.472.53 for Linux, Mac, and Windows to patch multiple vulnerabilities that could let an attacker run code, bypass security restrictions, steal information, or launch spoofing attacks
THE LOCAL
New Government ID Cards Easily Hacked
The Chaos Computer Club demonstrated on television how personal information on the new German identification cards can be hacked using the new home scanning machines that go with the cards
IT SECURITY PORTAL
India And Russia Are The Biggest Producers Of Viruses
India has knocked the U.S. out of the number one virus producer title, according to new data from Network Box, which says India is responsible for 13.74 percent of all of the world's viruses, followed by Russia, with 11 percent, and the U.S., with just over 8 percent, down from 14.65 percent last month
THE REGISTER
Feds Crack Phone Clone Scam That Cost Sprint $15 Million
Insiders alleged to be behind scam that illegally cloned thousands of cellphones
SC MAGAZINE
Service Provider Of German Chemist Exposes Personal Details Of Around 150,000 Customers
Available data could have allowed cybercriminals to write directly to Schlecker customers, researcher says
COUNTERPUNCH
The Rite-Aid Scandal
$1M settlement with FTC is indicative of privacy problems throughout the healthcare industry
IT PRO PORTAL
Algerian Hackers Attack Wrong Website
Cyberpirates attack Belvoir Castle, mistaking it for Belvoir Fortress in Israel
PC WORLD
Smartphones Are Safer Than PCs -- For Now
There's a reason that there isn't any antivirus software for your iPhone -- but that situation could change, experts say
COMPUTERWORLD
Discover To Get $5M From Heartland For '08 Data Breach
Settlement resolves all issues between the two companies, attorneys say
SHOPSAFE
UK Consumers Face 1 In 63 Chance Of Attack Online
Figure is higher than global average, AVG study says
MONEYWEB
Facebook Coming Under Increasing Attack From Phishers
Facebook accounted for nearly 13 percent of all phishing messages in August, Kaspersky says
MICROSOFT
Microsoft Issues Workaround For Library-Loading Attack
Automated Microsoft Fix it solution as a workaround to the threat
SOPHOS BLOG
Twitter Tightens Security--Good News For Social Media Safety
Twitter officially discontinued the availability of its old API today, replacing it with OAuth, which should provide users with more granular control of programs that can tweet on their behalf
COMPUTERWORLD
Update: Moscow Police Investigate Alleged Ransomware Gang
Russian police are investigating a gang that installed ransomware programs on thousands of PCs and orced victims to send SMS messages in order to unlock their PCs
US-CERT
VMware Releases Updates for ESX Service Console Packages
VMware has released security updates for several third party packages for the ESX Service Console fixing vulnerabilities in the perl, krb5, samba, tar, and cpio packages
THREAT POST
New Conference Wants To Bring Malware Writers Out Of The Shadows
A security conference scheduled for December in Mumbai called Malcon aims to gather the world's most talented Virus authors, exploit writers and toolkit creators -- and the security pros who try to stop them
GARY WARNER BLOG
Major Fraud Ring Busted in Largest Chinese Cybercrime Operation
Police in Taiwan and China have arrested 450 fraudsters in telephone and Internet auction fraud scams
THE WASHINGTON POST
Defense Official Discloses Cyberattack
DoD says major breach of U.S. military computers was caused by a flash drive inserted into a U.S. military laptop on a post in the Middle East in 2008
CIO
Windows DLL Exploits Boom; Hackers Post Attacks for 40-Plus Apps
Among the Windows applications that can be exploited using DLL load hijacking flaw are Firefox, Chrome, Safari and Opera browsers and Microsoft's Word 2007
M86 SECURITY LABS
Pushdo Botnet Crippled
TLLOD says that it has taken down more than 20 Pushdo command and control servers with the help of the relevant hosting providers
IT PRO PORTAL
Google Android Licensing Server Hacked
Google is investigating it and Android developer says 100 percent protection from piracy is not possible but licensing server is designed to make it difficult for pirates
PC WORLD
UTorrent Patches Application Against DLL Vulnerability
uTorrent file-sharing application has been updated to fix problem that could allow an attacker to load malicious code onto a victim��s system
LAW.COM
Is 'Private' Data on Social Networks Discoverable?
California federal court ruling maintains that messages and comments on social networks visible to a restricted set of users are protected
NETWORK WORLD
Report: Sun, Microsoft And Mozilla Leave The Most Vulnerabilities Unpatched
Sun has the most unpatched software vulnerabilities followed closely by Microsoft and Mozilla, according to the mid-year security report by IBM's X-Force
KREBS ON SECURITY
White House Calls Meeting on Rogue Online Pharmacies
Obama administration invites leaders of the top Internet domain name registrars and registries to attend a meeting next month about ways to crack down on websites selling counterfeit prescriptions
COMPUTERWORLD
China Policy Could Force Foreign Security Firms Out
China is checking for compliance with a little-known initiative that mandates that core products used by government, banks, transportation and other infrastructure providers must come from Chinese companies
INFOSECURITY
Hackers See Opportunities In The Cloud
Survey of attendees at Defcon found that 96 percent say transition to cloud services will provide more hacking opportunities
ERRATA SECURITY BLOG
DLL Exploit Not A Job For Secure Coding Programs
SDL didn't catch this DLL code execution bug is because this type of vulnerability is outside of the scope of a successful secure coding program
SOPHOS BLOG
The Pentagon Awakens From Cyberslumber
Implication is that computers and personnel responsible for national security were not running up-to-date protection, that removable devices were being used recklessly and sensitive information was unencrypted
ZDNET
Hackers Accidentally Give Microsoft Their Code
When hackers crash their systems while developing viruses, the code is often sent directly to Microsoft
MSDN BLOG
Microsoft SDL And The Creative Commons
Microsoft will offer SDL documentation and other SDL process content under a Creative Commons license
REUTERS
ICANN Asks Demand Media For Answers After Report
The world��s second-biggest domain name registrar eNom is now under investigation by ICANN after a report said eNom hosts a large number of malicious websites and represents a friendly domain for pharmaceutical spammers
ZDNET BLOG
Fact Check: Malware Did Not Bring Down A Passenger Jet
Malware, if it existed, was one symptom among many of a much larger management problem at an unprofitable airline
COMPUTERWORLD
Visa Offers New Guidance On Securing Payment Applications
Visa released a set of security best practices for vendors of payment applications and for systems integrators and resellers
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- Endpoint Security: End user security requires layers of tools and training as employees use more devices and apps.
- Security Isn't A Piece Of Cake: It's time we rethink the conventional wisdom about security layering.
- BYOD Is Here To Stay: Trying to keep employees' devices off the network is futile.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-2866
The Flash plug-in in Google Chrome before 27.0.1453.116 does not properly determine whether a user wishes to permit camera or microphone access by a Flash application, which allows remote attackers to obtain sensitive information from a machine's physical environment via a clickjacking attack, as demonstrated by an attack using a crafted Cascading Style Sheets (CSS) opacity property.
CVE-2013-2969
Cross-site scripting (XSS) vulnerability in IBM Sterling Control Center (SCC) 5.2 before 5.2.0.9, 5.3 before 5.3.0.4, and 5.4 through 5.4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving invalid characters.
CVE-2013-2968
An unspecified buffer-read method in IBM Sterling Control Center (SCC) 5.2 before 5.2.0.9, 5.3 before 5.3.0.4, and 5.4 through 5.4.0.1 allows remote authenticated users to cause a denial of service via a large file that lacks end-of-line characters.
CVE-2013-4622 (droid_incredible)
The 3G Mobile Hotspot feature on the HTC Droid Incredible has a default WPA2 PSK passphrase of 1234567890, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area.
CVE-2013-0484 (cognos_tm1)
The server process in IBM Cognos TM1 10.1.x before 10.1.1 FP1 allows remote attackers to cause a denial of service (daemon crash) via an undocumented API call that triggers the transmission of unexpected data.