Best Of Web
Best Of The Web
THREAT POST
Ransomware Extortion Scam Locks Machines, Demands Payment
The latest ransomware scam locks down infected machines and displaying localized Web pages warning users that their computer contains 'banned material’ and won’t be unlocked until a fine is paid
AUTOMATED BUILDINGS
Security Issues With Integrated Smart Buildings
Securing a building includes access control, video surveillance, building control and automation systems together
THE WASHINGTON POST
Reacting To Users' Outcry, Instagram Reverts To Prior Policy On Advertising
Instagram will know ask users' permission to introduce possible ad products only after they are fully developed
SC MAGAZINE
Stabuniq Trojan Found On Servers At U.S. Banks
An information-stealing Trojan has compromised servers at a number of U.S. financial institutions mainly in Chicago and New York
THE HUFFINGTON POST
How Hackers Protect Themselves From Getting Hacked
Some practices seem like "Mission Impossible" to the typical user, but these security experts employ some interesting methods of protection online, including digital password generators and browser add-ons
THE REGISTER
Apple Shifts iTunes To HTTPS, Sidesteps China's Censors
Apple has adopted HTTPS for searches and downloads on the version of iTunes used in China amid the country’s efforts to regulate online app stores
SYMANTEC BLOG
The Latest Urban Legend: Cracking PGP Whole Disk Encryption
Symantec expert says ElcomSoft's claim that they could decrypt PGP containers is false
SANS INTERNET STORM CENTER DIARY
White House Strategy On Security Information Sharing And Safeguarding
The Obama administration's new national strategy for information sharing and safeguarding looks at the trade-off between sharing and safeguarding as well
ICSCA LABS
Why Online Shopping With A Debit Card Is A Bad Idea -- Part I
Security expert shares his debit-card breach experience and recommends using a small-balance credit card for online shopping
WTOP NEWS
Al-Qaida Hit By Cyber Attack
U.S. intelligence sources say key al-Qaida websites were knocked offline more than two weeks ago and remain offline
THREAT POST
VMware Patches Directory Traversal Vulnerability In View Server And Security Server
VMware fixed a critical vulnerability in the VMware View desktop virtualization product that could have led to a directory traversal attack and an attacker reading or downloading files
GOV INFOSECURITY
Conferees Agree On DoD Breach Requirement
Most U.S. Defense Department contractors would be required to report a data breach to DoD under the National Defense Authorization Act if the bill passes in Congress
THREAT POST
Malware-Infested Sudoku Puzzles Researchers
Attackers employ macros in attack that poses as a tool to generate Soduku puzzles
THE REGISTER
PGP, TrueCrypt-Encrypted Files CRACKED By �300 Tool
ElcomSoft has built a utility that hunts for encryption keys in snapshots of a PC's memory to decrypt PGP and TrueCrypt-protected data
BANK INFOSECURITY
Wells Fargo Still Dealing With DDoS
Wells Fargo was the only bank reporting DDoS isseus yesterday, but the hacktivist group behind the wave of attacks says it will wage another round of attacks on banks this week
THREAT POST
Privacy Protests Cause Instagram To Rethink Changes
In the wake of protests from Instagram users on the social network's proposed new terms of service that could affect privacy, the photo-sharing site's head says the company won't sell users' photos as of January 16
SOFTPEDIA
Anonymous' Barrett Brown Pleads Not Guilty To All 12 Stratfor Charges
Barrett Brown, activist and self-proclaimed Anonymous spokesperson, has pleaded not guilty to all the 12 counts filed against him for his role in the hack on Stratfor
RSA BLOG
Got An Extra $40,000 Lying Around? Carberp Is Back On The Market!
Carberp Trojan's team is now offering its Trojan to cybercriminals for monthly usage fees ranging from $2,000 to $10,000 per month depending on the number of modules and plugins, or purchase the entire kit for $40K
CSO ONLINE
Oracle's Java Security Update Lacking, Experts Say
Java apps can now be prevented from running in browsers, but the new JDK doesn't go far enough
COUNCIL ON FOREIGN RELATIONS
Five Trends To Watch For In Chinese Cybersecurity In 2013
Growth of malware targeting smartphones and other mobile devices, and cybersecurity discussions with the U.S. -- meanwhile, cyberspionage attacks are escalating out of China
KREBS ON SECURITY
Point-Of-Sale Skimmers: No Charge...Yet
One PoS skimmer vendor now ships devices that will print out "transaction approved" receipts even though the machine is offline and just recording the customer's card data and PIN for future fraudulent use
ANDROID CENTRAL
Samsung To Fix Exynos Vulnerability In Software Update 'As Quickly As Possible'
Samsung says it will fix the recently discovered Exynos kernel vulnerability issue that could allow an attacker to take over a device via a malicious app
DEFENSE NEWS
DOJ Plans To Indict State-Sponsored Cyber Attackers
The Department of justice could also name governments behind cyberespionage cases, an official said
FINANCIAL EXPRESS
Over 10,000 Email IDs Hit In 'Worst'Cyber Attack
In the biggest cyberattack on India’s networks, more than 10,000 email addresses of top government officials were hacked in a single day on July 12
ISC DIARY
All I Want For Christmas Is To Not Get Hacked!
Make sure AV and OSes are set to auto-update, and keep track of your system logs over the holidays
HELP NET SECURITY
Scarlett Johansson Hacker Gets 10 Years In Prison
Christopher Chaney, 36, was sentenced to 10 years in prison and has to pay $66,000 restitution for having hacked the email accounts of Scarlett Johansson, Mila Kunis, and other celebs
BBC
Instagram Seeks Right To Sell Access To Photos To Advertisers
Facebook's photo-sharing site Instagram has updated its privacy policy such that it can sell users' photos to advertisers without notification
CLOUDMARK BLOG
Android Trojan Used To Create Simple SMS Spam Botnet
Big jump in mobile spam over the past week is tied to a mobile botnet of infected Androids
NY TIMES BLOG
Android Malware Creeps Into Cellphone Bills
Lookout report says that from 2012 to the end of 2013, some 18 million Android users will encounter malware
ARS TECHNICA
How Spyware On Rental Pcs Captured Users' Most Intimate Moments
PC Rental Agent was supposed to stem theft, but instead, it sparked a firestorm
THREAT POST
Oracle Adds Ability To Prevent Java Apps From Running In Browsers
Oracle has released a new version of the Java Development Kit that allows developers to prevent any Java application from running in the browser
CLOUDMARK
Android Trojan Used To Create Simple SMS Spam Botnet
New crop of Trojan mobile apps now demonstrating simple mobile botnet behavior; first to distribute SMS spam
HUMAN IPO
Hacker From Egypt Exploits Vulnerability In Yahoo!, Leaks Data
Prolific hacker Virus_Hima says his intentions are ethical and that he is seeking to highlight vulnerabilities in major websites
U.S. DEPARTMENT OF ENERGY OFFICE OF THE INSPECTOR GENERAL
Follow-Up Audit Of The Department Of Energy’s Cyber Security Incident Management Program
Inspector General says DoE still has not met requirements on cybersecurity program
ZSCALER
Zscaler Offers Free Tool: HTTPS Everywhere For Internet Explorer
Browser security extension helps protect users against next-generation threats
ZDNET
Security Flaw Found In Samsung Handsets, Tablets
Android exploit could result in remote attackers gaining root level permissions of Samsung products
HELP NET SECURITY
Carberp-In-The-Mobile Found On Google Play
Kaspersky Lab researchers discover slew of apps carrying CitMo component that allows criminals to steal mobile transaction authentication numbers sent by banks
ZDNET
Anonymous Renews Attack On Westboro Baptist For Newtown Picketing
Hacktivist group takes down church's website and usurps leader's Twitter account following statements supporting shooter
IMPERVA
From A To V: Refuting Criticism Of Our Antivirus Report
Antivirus take Imperva to task for report on ineffectiveness of AV technology; Imperva fights back
SC MAGAZINE
Fraudsters Plan Strike On US Banks
Malware campaign launched against customers at 30 banks is continuing
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
- Three Principles to Improve Data Security and Compliance
- Aligning IT with strategic business goals: A proactive approach to managing IT risk to your business
- Connecting the Dots: Are You Seeing the Complete Big Data Picture?
- How crowdsourced testing has changed the game for innovative software companies
- Ensuring Your Apps Work in the Real World
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
- Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-3661
The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not check whether linked-list traversal is continually accessing the same list member, which allows local users to cause a denial of service (infinite traversal) via vectors that trigger a crafted PATHRECORD chain.
CVE-2013-3660
The EPATHOBJ::pprFlattenRec function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly initialize a pointer for the next object in a certain list, which allows local users to obtain write access to the PATHRECORD chain, and consequently gain privileges, by triggering excessive consumption of paged memory and then making many FlattenPa...
CVE-2013-3634
The SNMPv3 functionality on Siemens Scalance X200 IRT switches with firmware before X-200IRT 5.1.0 does not properly validate credentials, which allows remote attackers to execute arbitrary SNMP commands by leveraging knowledge of a username.
CVE-2013-3633
The web interface on Siemens Scalance X200 IRT switches with firmware before X-200IRT 5.1.0 relies on client-side privilege checks, which allows remote authenticated users to execute arbitrary commands via unspecified vectors.
CVE-2013-1022 (quicktime)
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted mvhd atoms in a movie file.