Best Of Web
Best Of The Web
SECURITY PRO NEWS
Better Business Bureau Warns Of New Email Scam
Phishing attack claims to be BBB complaint against the victim's company
COMPUTERWORLD UK
Malware Scam Publishes Web Browsing History
Attackers threaten to expose users' adult gaming habits unless they pay up
NETWORK WORLD
Future Of SF Admin Terry Childs Now In Jury's Hands
IT administrator who refused to give up admin passwords for city's network waits for verdict
V3.CO.UK
Mac OSX Malware Turns Into Botnet
Trojan payload found in pirated copies of Mac OS
THE LOS ANGELES TIMES
Apple Software More Vulnerable Than Microsoft, Security Expert Says
Security expert Marc Maiffret says Macs are actually less secure than Windows and that Apple in the past six months or so has finally started taking security seriously
SECURE COMPUTING
Hacker Accomplice Gets Five Years Prison
A U.S. federal court judge handed a five-year prison sentence to one of the men who helped Albert Gonzalez steal more than 90 million credit and debit card numbers from TJX and other retailers
HOSTED EXPLOIT
Man Charged With Laundering $500 Million
An Australian was arrested in Las Vegas and charged with helping illegal Internet gambling companies launder $543 million by disguising the transactions as unrelated to gambling
COMPUTERWORLD
Targeted Cyberattacks Testing IT Managers
IT managers are better off focusing on mitigating damage from targeted attacks instead of trying to prevent them, some security pros say
THE REGISTER
Virus Floors Russian-Chinese Automated Border
Hundreds of Russian tourists were stranded at the China border when a virus crippled an automated border control system
SECURITY PRO NEWS
BBB Warns Of New Email Scam
The Better Business Bureau says several businesses in the U.S., including law firms, advertising agencies, and architecture firms, have reported receiving suspicious emails purportedly from @bbb.org with the subject line "BBB Complaint Case #"
WIRED
School District Allegedly Snapped Thousands Of Student Webcam Spy Pics
Lawyers in the webcam spying scandal at a suburban Philadelphia school district say the school district secretly took thousands of webcam images of students using school-issued laptops without the pupils knowledge or consent -- including pictures of kids sleeping
CNET
Zeus Botnet Jumps On PDF Design Flaw
Attackers have begun exploiting a design flaw in Adobe's PDF format to spread the Zeus botnet
WCCO.COM
Stolen Loan Data Found In Police Evidence Room
Personal information of about 3 million federal student loan borrowers stolen last month from Educational Credit Management Corp.'s office was recovered shortly after the theft and was only recently discovered in a police evidence room
BBC
Infected XP Owners Left Unpatched
Some of the latest security updates for Windows XP will not be installed on machines infected with a rootkit virus, Microsoft says
GOVERNMENT COMPUTER NEWS
Cyber Chief Slams Security Efforts
U.S. cybersecurity coordinator Howard Schmidt calls for enterprise-wide network intrusion detection and math and science training in U.S. schools and cites a lack of coordination in the government's cyber research and development
PAN-ARMENIAN.NET
Armenian Websites Attacked By Turkish Hackers
Turkish hackers have attacked several Armenian Websites as commemorative remembrances of the Armenian genocide attacks are under way
COMPUTERWORLD UK
China: We Are Battling Massive Conficker Worm Infection
China last year hosted more than one in four of the world's computers infected with a major variant of the Conficker worm, according to an official report by the China CERT
THREAT POST
Sun About Face: Out-of-Cycle Java Update Patches Critical Flaw
Sun has rushed out a Java update to fix a drive-by download vulnerability that exposed Windows users to in-the-wild malware attacks
ESECURITY PLANETE
Mississippi Passes Data Breach Notification Law
Mississippi this week became the 46th state to pass legislation requiring businesses and government agencies to immediately notify people when their personal information has been compromised in a data breach
WEBSENSE LABS
New Zbot Campaign Comes In A PDF
A new Zbot Trojan attack is spreading via email using an infected PDF file
THOMPSON BLOG
Zero-Day Alert: Rihanna Is A Lure
The proof-of-concept published last week on how to use the latest version of Java to compromise a PC is already being used in attacks in the wild, including one on a song lyrics publishing site
IDG NEWS
Online Bookings Spur Cybercrime In South Africa
An increase in Web bookings for accommodations and tickets for the World Cup in South Africa has also increased the risk of cybercrime in the region
READWRITEWEB
Twitter's Entire Archive Headed To The Library Of Congress
The U.S. Library of Congress will be acquiring the entire archive of Twitter messages back through March 2006
THREAT POST
Apache Foundation Hit By Targeted XSS Attack
The foundation detailed how a targeted attack on its server used a cross-site scripting vulnerability with a TinyURL redirect to steal passwords from all users
DEFENSE SYSTEMS
NATO Unites To Thwart Cyber Threats
NATO commander says alliance striving to balance open communications and network protection
COMPUTERWORLD
Man Who Left USB Drive In Shared PC Waived Privacy Claims, Court Rules
A man who left his thumb drive in a shared computer was charged with possessing and distributing child pornography based on evidence gathered from a USB drive he inadvertently left behind in a shared computer at work
GOVINFOSECURITY
Congress Tackles Key Cybersecurity Initiatives
Congressional committees will hold sessions on Army Lt. Gen. Keith Alexander's confirmation as military cyber commander, markup sessions on bills to fund cybersecurity research and development, realigning NIST's laboratories, and combating cybercrime and identity theft
WIRED
Brokerage Firm Fined $375,000 For Unsecured Data
Brokerage firm DA Davidson has agreed to pay $375,000 for failing to protect confidential client data from Latvian hackers who breached the company in 2007 via a SQL injection attack
H ONLINE
Trojan Threatens Legal Action
Malware looks for Torrent files on the PC, then offers $400 out-of-court settlement for piracy law violation
KASPERSKY SECURELIST
Reports Of Type O Negative Frontman's Death Unleash Rogue AV
Social engineering attack triggered by "news" of rock star's heart failure
PC WORLD
Facebook Beefs Up Site Against Hackers
In keynote address, CSO says social networking site is employing legal, technical strategies to improve security
TRENDLABS MALWARE BLOG
Emerging P2P Trojan Botnet Uncovered
Network appears to be set up to deliver other malware, researchers say
CNET
Marc Maiffret: The Quick Rise Of A Teen Hacker
One of the industry's best-known white hats discusses the past and future of security
COMPUTER WEEKLY
China-Based DDoS Attack Hits Australian Multinationals
Some customers of Australian telco Optus are without service for hours
SUCURI SECURITY
Wal-Mart Website Hacked And Hosting Spam
Wal-Mart community site infected, researchers say
SWITCHED
Talking Cybersecurity With Homeland Security Advisor (And Former Hacker) Jeff Moss
Founder of Black Hat, DEFCON offers views on next-generation defenses
NETWORK WORLD
IE8 Has Blocked Over 560 Million Malware Sites: How Many Were Legit?
Browser makers could do better than blocking the URL when a malware ad is to blame, expert says
THE HILL
Senators Seeking New "Ambassador At Large" For Cybersecurity
State Department official would serve as diplomat in issues relating to cyberspace
ZDNET
Appliances Now Targeted By Cybercrooks
Battery chargers, digital photo frames may soon come under attack
THE FACEBOOK BLOG
Facebook Introduces New Safety Center
Site offers new security content for parents, educators, teens, and law enforcement
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
- Three Principles to Improve Data Security and Compliance
- Aligning IT with strategic business goals: A proactive approach to managing IT risk to your business
- Connecting the Dots: Are You Seeing the Complete Big Data Picture?
- How crowdsourced testing has changed the game for innovative software companies
- Ensuring Your Apps Work in the Real World
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
- Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-3562
Multiple integer signedness errors in the tvb_unmasked function in epan/dissectors/packet-websocket.c in the Websocket dissector in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (application crash) via a malformed packet.
CVE-2013-3561
Multiple integer overflows in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (loop or application crash) via a malformed packet, related to a crash of the Websocket dissector, an infinite loop in the MySQL dissector, and a large loop in the ETCH dissector.
CVE-2013-3560
The dissect_dsmcc_un_download function in epan/dissectors/packet-mpeg-dsmcc.c in the MPEG DSM-CC dissector in Wireshark 1.8.x before 1.8.7 uses an incorrect format string, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
CVE-2013-3559
epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.8.x before 1.8.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (integer overflow, and heap memory corruption or NULL pointer dereference, and application crash) via a malformed packet.
CVE-2013-3558
The dissect_ccp_bsdcomp_opt function in epan/dissectors/packet-ppp.c in the PPP CCP dissector in Wireshark 1.8.x before 1.8.7 does not terminate a bit-field list, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.