Best Of Web
Best Of The Web
MICROSOFT
Microsoft Re-Releases Critical Security Patch
New patch addresses problems raised in fixing Windows Media Services vulnerability
SPLUNK BLOGS
Splunk.com Password Leak -- Splunk The Product Not Affected
Back-end password exposure causes security company to advise password resets
CNET
Visa Targets Online Marketing 'Scam'
Credit card company calls out retailers for "unholy alliance" with online loyalty marketing firms
COMPUTER WEEKLY
Cybercriminals Step Up Click Theft From Online Advertisers
Click fraud is increasing at a rapid rate, researchers say
PC ADVISOR
McAfee To Offer Compensation To Crippled XP Users
McAfee says it will reimburse consumers for "reasonable expenses" they incurred due to the faulty AV update it issued last week
THE REGISTER
Verizon Dubs Security Researchers 'Narcissistic Vulnerability Pimps'
Member of Verizon Risk Intelligence unit calls researchers who disclose vulnerabilities "narcissistic vulnerability pimps," and compared them to criminals
H ONLINE
Malware Hides From Search Engines
Criminals are hiding malware in hacked websites from search engines such as Yahoo! and Google in order to prevent browsers from sounding the alarm when a user visits
HOST EXPLOIT
Internet Spreads Mexican Drug Gang Fears
Restaurants and bars closed this month after rumors of a curfew imposed by a drug gang spread by email and across social networking sites
ZDNET BLOG
Microsoft Admits MS10-025 Patch Didn't Fix Vulnerability
Microsoft pulled back security updates shipped in the MS10-025 bulletin after realizing the patch did not fix underlying security flaw
CSO ONLINE
Inside Oracle's Security Assurance Program
Oracle CSO says that when vulnerabilities are discovered, it falls to the original product developers at Oracle to fix them
SOPHOS BLOG
Why I��m Right to Use The Word 'Hacker' And Will Carry On Using It
Most people think "bad guys" if we say the word "hacker"
THE NEW YORK TIMES
Spammers Pay Others To Answer Security Tests
People in India, Bangladesh, China, and other developing countries are getting paid 80 cents to $1.20 for each 1,000 deciphered CAPTCHA box
SEARCH SECURITY
Feds Must Take Action On Cyber Storm Exercise Lessons, Expert Says
After failure to stop simulated attack, little has been done to improve defenses, Purdy says at conference
THE AGE
Anti-ID Theft Computer System Flops
High-tech system designed to fight identity crime is plagued with technical problems
COMPUTER WEEKLY
UN Rejects International Cybercrime Treaty
Russia-backed proposal aimed to build more global support; U.S., EU back 2001 Budapest accord
HELP NET SECURITY
Survey: 71 Percent Of Companies Monitor Employees' Social Media Use
Almost 40 percent ban the use of Facebook, other social networking sites
SEARCH SECURITY
Researchers Aim To Smarten Web Application Security Scanners
Experts at SOURCE Boston conference say they've found a way to automate some scanning functions
INFO SECURITY
PwC Report Shows Bleak Security Landscape
Number of businesses reporting attacks on their networks is double what it was two years ago, study says
PANDA SECURITY USA
The Effect Of Banking Trojans On Small And Medium-Sized Businesses In The U.S.
Most small businesses are unaware of the potential threats posed by banking Trojans, study says
ESET THREAT BLOG
McAfee False Positive News Misused For More SEO Poisoning
Searches for information on security software problem could result in malware downloads
MICROSOFT SECURITY RESPONSE CENTER
MS10-025 Security Update To Be Re-Released
Security patch affecting Windows 2000 Server was not completely effective, software giant says
TRENDLABS MALWARE BLOG
Koobface IP Taken Down, Gang Transfers Hosting To China
Authorities pull down server, but bad guys are quick to shift to another location
ESET THREAT BLOG
Another Look At Koobface: How It Infects Facebook Users
Online video shows, step by step, how malware fools users and invades their PCs
NEW ZEALAND HERALD
Health System's Viral Attack Holds Lessons
A detailed look at the aftermath and lessons learned from a Conficker attack
ZDNET AUSTRALIA
Telstra Confirms Customer Data Breach
Breach of business website may have revealed personal data on as many as 700 customers
SECURITY INFO WATCH
Report: 10 Percent Of Fraud Victims Fall Victim To Bogus ATM Withdrawals
Almost a quarter of the victims left their financial institution after being hacked, study says
TECHNOLOGY REVIEW
Are Offshore Banks Safe From Hackers?
They might be a tax haven, but offshore banks may have questionable security, speakers say
BUSINESSWEEK
Minnesota Audit: State Was Lax On Data Security Issues
Auditor says state officials didn't do enough to protect employee data
THE WASHINGTON POST
Google Hackers Duped System Administrators To Penetrate Networks, Experts Say
Experts say today's attacks often begin with a seemingly innocuous link or attachment that contains malware
FEDERAL COMPUTER WEEK
HHS Publishes Online List Of Patient Data Breaches
The Department of Health and Human Services is now publishing a list online of breaches of private patient health care data -- the list currently shows more than 60 such events
IT PRO NEWS
New Zeus Trojan Targets Firefox Online Banking Users
A new version of the Zeus Trojan can exploit the Firefox browser to carry out fraud against online banking users, even if the financial institutions are using strong layers of protection
MERCED SUN-STAR
District Says Teacher Hacked Into E-Mails
Fresno Unified School District say a Bullard High School teacher allegedly hacked into the private e-mail accounts of the principal, administrators, and other teachers, as well as into confidential student files
H ONLINE
Google Closes Vulnerabilities In Chrome 4 For Windows
Google has issued a security update for Chrome for Windows that addresses four high-risk vulnerabilities its browser
BUSINESSWEEK
Ex-Societe Generale Trader Accused of Stealing Code
Samarth Agrawal was charged by the U.S. with stealing the company's computer code for high-frequency trading -- he was arrested today
ROGER HALBHEER ON SECURITY
Detailed Analysis Of An Attack -- Do We Need An International Incident Sharing Database?
A look at how a common set of rules could be set up for collaboration on data breaches
COMPUTERWORLD
Drug-Dealing Spammers Hack Gmail Accounts
Google is investigating reports of hacked Gmail accounts being used for spamming
WALL STREET JOURNAL
Alibaba Reports Hacker Attacks
Chinese online trading platform says its beta English-language systems were attacked by unidentified hackers
REUTERS
China Google Hack Hit Password System
December attack penetrated much-ballyhooed single sign-on system, report says
MICROSOFT SECURITY RESPONSE CENTER
Guidance On Internet Explorer XSS Filter
Microsoft offers advice to users following the disclosure of vulnerabilities in IE 8 at Black Hat Europe
HACKING EXPOSE
Malware Writers Begin To Target Google's Chrome Browser
Just because you're using Chrome doesn't mean you're safe from attack
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
- Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-3270 (vnx_control_station, celerra_control_station)
EMC VNX Control Station before 7.1.70.2 and Celerra Control Station before 6.0.70.1 have an incorrect group ownership for unspecified script files, which allows local users to gain privileges by leveraging nasadmin group membership.
CVE-2013-1014 (itunes)
Apple iTunes before 11.0.3 does not properly verify X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate.
CVE-2013-1011 (itunes)
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
CVE-2013-1010 (itunes)
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
CVE-2013-1008 (itunes)
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.