Best Of Web
Best Of The Web
ZSCALER RESEARCH
Nearly 3 Million "Hot Video" Pages Pushing Fake AV Are Undetected
Google has indexed nearly 3 million "Hot Video" pages, all pushing fake antivirus
UPI
College Laptop With Sensitive Info Stolen
A laptop computer stolen from University of Connecticut's West Hartford campus contained names and sensitive information on 10,174 school applicants, including Social Security numbers
YAHOO NEWS
Rustock Botnet Responsible for 40 Percent of Spam
Symantec's MessageLabs says Rustock has smaller numbers, with about 1.3 million bots
F-SECURE BLOG
Corporate Identity Theft Used to Obtain Code Signing Certificate
Researchers discover a process control consulting firm��s name being used by fraudsters in code-signing certificate
CLEVELAND.COM
Judge Approves Countrywide Financial ID Theft Settlement
Countrywide, now owned by Bank of America, will provide free credit monitoring for up to 17 million people whose financial information was exposed in its data breach
THREAT POST
ATM Makers Release Fixes for 'Jackpotting' Flaw
ATM manufacturers Hantle and Triton have fixed vulnerabilities in their machines' firmware that IOActive researcher Barnaby Jack demonstrated at Black Hat USA
THE NEW YORK TIMES
Hacker��s Arrest Offers Peek Into Crime in Russia
Russian law enforcement officials are reluctant to go after hackers like ��BadB�� for reasons of incompetence, corruption, or national pride, experts say
THE INQUIRER
India Arrests Hacker Who Exposed Electoral Fraud
A security researcher who exposed weaknesses in India��s computerized voting system was arrested by Indian officials
THE WASHINGTON POST
Facebook Deletes Accounts Purporting To Be From North Korea
Facebook said it deleted two accounts that claimed to be from North Korea �� posing another person or entity is a violation of the social network��s policy
ADOBE PRODUCT SECURITY INCIDENT RESPONSE TEAM BLOG
Security Bulletin: Adobe Shockwave Player
Adobe patched critical security issues today in Shockwave Player 11.5.7.609 and earlier versions
APPLE INSIDER
Scammers Steal From Paypal Accounts Through Users Of iTunes
Phishing attack hijacks iTunes accounts linked to PayPal, allowing criminals to siphon money from victim��s online account
TREND MICRO BLOG
Fake Celebrity Deaths Used in Malicious Spam Run
TrendLabs has spotted spammed messages using fake news on the deaths of Hollywood celebrities and famous athletes �� and it carries Trojans
TREND MICRO BLOG
ZeuS Variant Targets U.S. Military Personnel
Malware created with Zeus toolkit appears to be going after U.S. military Bank of America customers stationed overseas
THE LAST WATCHDOG
Infectious USB Stick Implicated In Deadly Spanair Jetliner Crash
El Pais cites a 12,000-page investigative report that outlines how malware spread via an infected USB thumb drive could have been a contributing factor after failures in the airlines�� monitoring system
PRIVACY DIGEST
Germany To Roll Out ID Cards With Embedded RFID
New generation of mandatory German identity cards will contain all personal data on the security chip that can be accessed over a wireless connection
THE REGISTER
Scareware Tries To Trick Marks Into Dropping Defences
New strain of malware attempts to con users into uninstalling legitimate security packages
COMPUTERWORLD
Google Patches 10 Chrome Bugs, Pays Out $10K In Bounties
Last week Google patched 10 vulnerabilities in Chrome, but it didn't award any of the researchers who reported bugs its new bit bounty reward of $3,133
AVIRA BLOG
Privacy Implications Of Facebook Places
How to set your privacy settings for the new Facebook Places service
INFOWORLD
Researcher Told Microsoft Of Windows Apps Zero-Day Bugs 6 Months Ago
Researcher names 28 vulnerable apps and claims 19 remote code vulnerabilities �� another claim hat many Windows programs are vulnerable to attack because of the way they load components
TIME
The Government's New Right to Track Your Every Move With GPS
Government agents can sneak onto your property in the middle of the night, put a GPS device on the bottom of your car and keep track of everywhere you go, according to an appeals court ruling
SPAMFIGHTER
21 Year Old Botnet Operator Stole $30,000
Manchester, England MAN admitted in a post on the underground forum that he operated GhostMarket.net
ELECTRONIC FRONTIER FOUNDATION
How To Protect Your Privacy On Facebook Places
New feature lets users "check-in" to their physical location and tag friends, but contains some privacy settings
THREAT POST
Shadowserver Starts Free Binary-Checking Service
New service lets users check executable files against a database of known good applications
SOFTPEDIA
Several MSN Websites XSSed
A Romanian security researcher has discovered multiple cross-site scripting flaws in MSN websites, including ca.msn.com, fr.msn.com, be.msn.com, and fi.msn.com
THE REGISTER
Apple.com Hit In Latest Mass Hack Attack
A SQL injection attack has infected more than 1 million Web pages, at least two of which are Apple's
CNET
What Intel Gets From McAfee's Consumer Products
Some experts are predicting that Intel's planned purchase of McAfee will result in the slow death of McAfee's consumer products -- a look at what Intel is getting in the buy
MICROSOFT TECHNET BLOG
One Week Later: Broken LNKs
The U.S. had the most machines cleaned up by the MSRT after getting infected with Stuxnet, with 31,740, followed by Indonesia, with 11,030
THE NEW INTERNET
Novelist Claims NSA Hacked Wife's Laptop
Frederick Forsyth, author of "The Day of the Jackal" and "The Odessa File," accused the National Security Agency of hacking his wife's computer in an effort to steal an article he was writing
SOPHOS BLOG
Trojan Horse Suspected For Contributing To 2008 Madrid Aircrash
An investigation into the Madrid airline crash that killed 154 people found the central computer system that monitors technical problems in airplanes was infected with Trojans
P2PNET NEWS
China Dismisses US 'Cyberwarfare' Charges
Chinese officials say the U.S. is trying to "blacken China's image" with claims that it is developing cyberwarefare capabilities
THE H REPORT
Root Privileges Through Linux Kernel Bug -- Update
A problem in the memory management area of Linux allows local attackers to execute code at root level
ADOBE BLOG
Security Updates Released For Adobe Reader And Acrobat
Adobe today released out-of-band updates for Adobe Reader and Acrobat that fix critical security bugs in the products, as well as in Adobe Flash Player
INFORMATION AGE.COM
Virgin Media Enlists White Hat Hackers To Fight Botnets
ISP Virgin Media is getting assistance from volunteer security professionals to help determine which of its customers' computers have been compromised by botnets
SOFTPEDIA
Apple Discussions Temporarily Pulled Following Hack
Apple Discussions was hit over the weekend by an attack that may have targeted external DNS servers or Apple's content delivery partners
CLEVELAND.COM
Cameron Diaz Tops List Of Riskiest Celeb Internet Searches
Cameron Diaz, Julia Roberts, and Jessica Biel top the list of most dangerous celebrities to search for online, according to new research by McAfee
COMPUTERWORLD
Facebook Checks In To Location-Based Services With Places
New location-based offering security by default makes check-ins visible to friends only, but can be expanded
THREAT POST
HD Moore: Critical Flaw In 40 Different Windows Apps
Metasploit creator HD Moore discovered a serious problem that exposes more than 40 different Windows software programs to remote code execution attacks -- he has released a brief warning about this issue
MALWARECITY.COM
Facebook Hacker: A Dangerous Tool
A new DIY kit called Facebook Hacker lets bad guys steal usernames and passwords from all types of accounts
H ONLINE
Adobe To Release Critical Out-Of-Cycle Reader Updates Tomorrow
Adobe will issue an emergency patch for Adobe Reader and Adobe Acrobat that addresses multiple critical security issues, including the Cooltype.dll vulnerability presented at Black Hat
TREND MICRO BLOG
Malicious Android App Spies On User's Location
Trend Micro threats analysts have discovered an Android app that can send a user's GPS location via HTTP POST once the user accepts the end user license agreement for it
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
- HP Newsletter with Gartner Research: Maximizing Your Infrastructure through Virtualization
- Understanding Holistic Database Security 8 Steps to Successfully Securing Enterprise Data Sources
- A How-To Guide on Using Cloud Services for Security-Rich Data Backup
- Holistic Risk Management: Perspectives from IT Professionals
- Aligning IT with strategic business goals: A proactive approach to managing IT risk to your business
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
- Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2012-4697
TURCK BL20 Programmable Gateway and BL67 Programmable Gateway have hardcoded accounts, which allows remote attackers to obtain administrative access via an FTP session.
CVE-2011-4520
Heap-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page.
CVE-2011-4519
Stack-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page.
CVE-2011-4518
Directory traversal vulnerability in the PmWebDir object in the web server in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2012-6563
engine/lib/access.php in Elgg before 1.8.5 does not properly clear cached access lists during plugin boot, which allows remote attackers to read private entities via unspecified vectors.