Best Of Web
Best Of The Web
APPLE
Apple Issues Security Patches For Safari 5.0 And Safari 4.1
Viewing a maliciously crafted image with embedded ColorSync profile could lead to remote code execution
DASIENT
Third-Party Java Widget Discovered To Be Infected With Malware
Thousands of sites that embed the widget could be infecting users with malware, researchers say
WASHINGTON POST
Army Intelligence Analyst Detained For Leaking Sensitive Documents
Online contact says he turned in analyst who wanted to leak information
LOS ANGELES TIMES
Is Your Privacy Secure Online? There's No Way To Tell
Your identity data may be leaking out in ways you never imagined
MICROSOFT
Microsoft Rolls Out Ten Patches In Major Patch Tuesday Release
Three of the updates are considered "critical," software giant says
TWITTER SUPPORT
Safe Tweeting: The Basics
Twitter issues tips for staying secure on its site, including strong passwords, patching systems, and looking out for suspicious links
KREBS ON SECURITY
ATM Skimmers: Separating Cruft From Craft
A look at how phony ATM skimmer devices are being peddled online to scam scammers
CBC NEWS
Butterflies May Hold Key To More Secure Bank Cards
A U.K. study shows how light hitting a tropical butterfly's wings could make bank cards safer
ERRATA SECURITY BLOG
Cyberwar Is Fiction
The military's approach to attack and defense is based on the idea of brute force, but that doesn't work in cyberattacks
BANKINFOSECURITY
Interactive Timeline To Breaches Involving U.S. Financial Institutions
The Identity Theft Resource Center says there have been 37 financial institutions in the U.S. hit by breaches so far this year -- a look at the list
H ONLINE
Symantec's Norton DNS Service To Block Malware
New free DNS service now in beta uses a special name server to block known malware and phishing websites
COMPUTER WEEKLY
VISA Improves Security For Online Transactions
Visa has launched a payment card in Europe that uses one-time passcodes for debit and credit cards
TIMES ONLINE
NATO Warns Of Strike Against Cyber Attackers
NATO experts say next attack on a NATO country "may well come down a fibre-optic cable," justifying retaliation -- cyber-style
INFOWORLD
Microsoft Plans Gigantic Patch Tuesday Next Week
Look for 10 security updates next week from Microsoft for its June Patch Tuesday, for a record-tying 34 vulnerabilities in Windows, Internet Explorer, Office, and SharePoint
HACK IN THE BOX
US Wants Rules Of Engagement For Cyber Wars
The Department of Defense needs to be able to operate freely in cyberspace amid dangers of "remote sabotage," says General Keith Alexander, head of the new US Cyber Command
POST GAZETTE
Lenders Using Facebook, Twitter To Gather Borrower Information
Financial institutions are using the wealth of personal data on social networks to vet potential borrowers
COMPUTER WEEKLY
Google To Surrender Intercepted Wifi Data
Google will hand over to European authorities the private Wi-Fi data gathered via its controversial Street View service
THE REGISTER
Facebook Plugs Email Address Indexing Bug
The social network has plugged a privacy leak involving the indexing by search engines of email addresses not listed on Facebook
FOX NEWS
10 Bizarre-But-True Ways Your Home Is Susceptible To Hackers
Watch out for the Bluetooth "sniper rifle" that can tap into your phone and the information stored in the circuitry of your printer
INFOSECURITY MAGAZINE
SonicWALL Agrees Take-Over By Investor Group
SonicWALL, which went public in 1999, has agreed to an investor group taking it over in a deal worth around $717 million
CSO ONLINE
Cyberattacks: Top Threat To U.S. Power Grid
Cyberattacks, pandemics, and electromagnetic disturbances are the three top "high impact" risks to the U.S. and Canadian power-generation grids, according to a report from the North American Electric Reliability Corp. (NERC)
SEARCH SECURITY
Malware Discovered In Freely-Distributed Mac Applications
OSX/OpinionSpy can scan files, record user activity, and send stolen data to remote servers
WIRED
Lieberman Bill Gives Feds "Emergency" Powers To Secure Civilian Nets
Government could step in to secure critical infrastructure in the event of a cyber-emergency
PC MAGAZINE
Microsoft Defends Itself Against Security Concerns
Software giant reacts to reports that Google has banned the use of Windows internally
READ WRITE WEB
Facebook Cracking Down On Rogue Apps With New Verification Program
Program requires Facebook developers to authenticate via phone or credit card
GOVERNMENT INFO SECURITY
Internal Fraud: A Growing, Global Problem
Companies lose about 5 percent of revenue annually through employee misuse of corporate resources, study says
EDUCATIONAL SECURITY INCIDENTS
Compromised Penn State Computer Potentially Exposes Personal Information
Cached copy of database contained details on more than 15,000 individuals
GOVERNMENT INFO SECURITY
Stolen Laptop Breach Affects 61,000
Stolen, unencrypted laptop held data on thousands of patients of Cincinnati medical center
MCAFEE LABS BLOG
McAfee Helps FTC, FBI In Case Against Scareware Outfit
Collection of data transmitted from IMU servers to TCP Port 80 was instrumental in indictments
NETWORK WORLD
FTC Shoves Identity Theft Rule Deadline To Year-End
Deadline for implementation of Red Flag rules delayed yet again
NATIONAL JOURNAL
Defense Bill Includes Cybersecurity Legislation
New law would push through agency security updates, establish separate cybersecurity office at White House
GOVERNMENT COMPUTER NEWS
The Security Hole You Probably Forgot To Close
Digital photocopiers present new challenges in data protection, disposal
SOFTPEDIA
Five Indicted In Californian City ACH Fraud Case
Five allegedly served as money mules; Trojan was used to infect treasurer's laptop and steal data
THE REGISTER
London Metropolitan Police Lab Claims 'Biggest Breakthrough Since Watergate'
Electrical network frequency analysis could help authenticate digital evidence, including audio and video
COURIER MAIL
30,000 Users Kill Accounts On Quit Facebook Day
Organized boycott stems from privacy complaints about social networking site
H ONLINE
iPhone Leak Is Getting Bigger
Researchers find path to reveal sensitive data, including passwords in clear text
COMPUTERWORLD UK
Hackers Promise Demo Of Google Android Rootkit
Rootkit could enable attackers to siphon data from phone or misdirect users, researchers say
SAN FRANCISCO CHRONICLE
Privacy Worries Inspire A New Wave Of Startups
Emerging companies seek ways to improve on the privacy-bashed Facebook model
FINEXTRA
Surprising Surge Of Phishing On Nationwide Banks
After focusing on smaller, regional banks, phishers now moving back toward the big targets
SIMPLY GREEN
Car Hacking: In The Future, Will Your Car Catch A Virus?
Researchers say they've been able to control auto brakes remotely
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
- Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-3496 (vipnet_client, vipnet_coordinator, vipnet_personal_firewall, vipnet_safedisk)
Infotecs ViPNet Client 3.2.10 (15632) and earlier, ViPNet Coordinator 3.2.10 (15632) and earlier, ViPNet Personal Firewall 3.1 and earlier, and ViPNet SafeDisk 4.1 (0.5643) and earlier use weak permissions (Everyone: Full Control) for a folder under %PROGRAMFILES%\Infotecs, which allows local users to gain privileges via a Trojan horse (1) executable file or (2) DLL file.
CVE-2013-2849 (chrome)
Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome before 27.0.1453.93 allow user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) drag-and-drop or (2) copy-and-paste operation.
CVE-2013-2848 (chrome)
The XSS Auditor in Google Chrome before 27.0.1453.93 might allow remote attackers to obtain sensitive information via unspecified vectors.
CVE-2013-2847 (chrome)
Race condition in the workers implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via unknown vectors.
CVE-2013-2846 (chrome)
Use-after-free vulnerability in the media loader in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2013-2840.