Best Of Web
Best Of The Web
KAAL TV
Delta: Phishing Emails Sent To Customers
Fraudulent messages appear to be from the airline, but are seeking personal data, airline says
IE BLOG
HTML5, Hardware Accelerated; First IE9 Platform Preview Available For Developers
New version of browser could eventually be target for hackers
NSS LABS BLOG
Vulnerabilities, Exploits, And Payloads, Oh My!
Which is worse: one vulnerability, six exploits, or 55,000 pieces of malware per day?
SEARCH SECURITY
WhiteHat Security Reveals Top 10 Web Hacking Techniques
Hash algorithm flaw may be the Web's most dangerous vulnerability, researchers say
MICROSOFT
IE Vulnerability Advisory Update
Microsoft has added an automated fix-it solution to apply or undo the workaround for the latest zero-day IE flaw on XP and Server 2003 machines
THE REGISTER
Facebook Users Warned Over Stalk-My-Profile Scam
An app that lures Facebook users to see who checks into their profiles is phony, according to Trend Micro, which has found 25 different copies of the same rogue app with names such as as peeppeep-pro, profile-check-online and stalk-my-profile
TECHWORLD
U.S. Military Plotted Revenge On Wikileaks
The military was so concerned about classified information ending up on Wikileaks that it looked at ways to undermine the site, according to a newly published secret report published on Wikileaks
KSDK
St. Louis Police Department Computer Hacked In Cyber Attack
Police department computers targeted in an attack that compromised the personal information of about two dozen people
THREATCHAOS.COM
A Solution For Google In China
What if Google were to create a separate control interface to Google search that could be handed over to censors?
ZSCALER RESEARCH
Koobface Worm Hits On Weekend
Zscaler researchers found that during the weekend, the Koobface worm gathered steam and increased traffic to 122 unique C&C servers, most of which are hosted in the U.S.
COMPUTERWORLD
Hackers Lock Zeus Crimeware Kit With Windows-Like Anti-Piracy Tech
The newest version of the Zeus crimeware kit comes with anti-piracy provisions similar to those used by Microsoft's Windows, a researcher said today
CYBERSECURITY MARKET
U.S. Government Pours Money Into Cyber Security Technologies and R&D
Federal cybersecurity market will reach cumulative market valued at $55 billion from 2010 to 2015, according to a new report
BBC
Inside The Mind Of A Russian Hacker
An interview with a former black hat hacker from Russia who once hacked U.S. army and other military systems, but says he made no money doing it
POLITICO
Sarah Palin Testifying Against Hacker
Former Alaska Governor will testify next month against a college student who hacked into her e-mail account during the presidential campaign
WIRED
TJX Hacking Conspirator Gets 4 Years
Humza Zaman, a co-conspirator in the hack of TJX and other companies, was sentenced to 46 months in prison and fined $75,000 for his role in the conspiracy
BCS.ORG
Internet Users Urged To Lie
Internet users have been advised to lie in order to keep their personal information secure, including giving phony answers when prompted to provide their mother's maiden name
US-CERT
Apple Releases Safari 4.0.5
Browser update fixes multiple vulnerabilities in ColorSync, ImageIO, PubSub, Safari, and WebKit
SC MAGAZINE
India, Mexico, Brazil Have Most Mariposa Bots
Preliminary data shows that total losses from the massive botnet are in the millions of dollars
UPI
Turkey Examines PKK Hacker Ring
Turkish police have arrested more than 20 suspects in 13 provinces on allegations of computer hacking and ties to the outlawed Kurdistan Workers' Party
NEXT GOV
VA Investigating Security Breach Of Veterans' Medical Data
Veterans agency was still recovering from landmark breach in 2006
COMPUTERWORLD
Pennsylvania Fires CISO Over RSA Talk
Maley discussed incident at department of transportation without receiving approvals, sources say
SYMANTEC MESSAGELABS RESEARCH BLOG
Death By A Thousand Cuts -- Rustock Botnet Sending More Encrypted Spam
TLS is becoming the delivery method of choice for some spammers, researchers say
COMPUTER WEEKLY
IT Security Must Address Business Trends, Says Forrester
Security pros need to get into the mainstream of the organization, analysts say
NETWORK WORLD
Scareware Will Be Most Costly Scam Of 2010
McAfee reports 400 percent increase in reported incidents
HELP NET SECURITY
Human Exploit Attacks Surpass Software Flaw Approach
Social engineering is attackers' favorite vector by far, Barracuda study says
SYMANTEC
Phishing Attacks Up 16 Percent In February
Spammers continue to take advantage of events in the news, monthly study says
ASSOCIATED PRESS
HSBC: Data On 24,000 Swiss Account Holders Stolen
Former employee obtained the data between 2006 and 2007, company says
SOPHOS BLOG
Internet Explorer 0-Day Targeted In Spam Runs
Spammed URLs are serving up malicious code to exploit this newly disclosed vulnerability
THE WASHINGTON POST
Security Gaps Exploited In Grade Scandal Remain, May Be Difficult To Close
Montgomery County, Md., school officials have not yet closed gaps in their computer system that allowed students at a high-performing high school to change dozens of grades using a $69 device that can be bought from Amazon.com
THE WALL STREET JOURNAL
ID Card for Workers Is at Center of Immigration Plan
Lawmakers are proposing a way to prevent employers from hiring illegal immigrants by using a national biometric identification card all American workers would obtain
TREND MALWARE BLOG
iPad Giveaway Gives Users' Identities Away
Spammers are using phony iPad promotions to steal identities
SCIENCE DAILY
New Research Advances Voice Security Technology
North Carolina State University is developing a way to authenticate voice via the acoustic parameters of speech
FINEXTRA
Citi Exposes 600,000 Social Security Numbers
Citibank sent 600,000 customers year-end tax statements through the post with Social Security numbers printed on the outside of the envelopes
KREBS ON SECURITY
N.Y. Firm Faces Bankruptcy From $164,000 E-Banking Loss
TDBank won't cover marketing firm's loss from online banking fraud via the Zeus Trojan
COMPUTERWORLD
FDIC: Hackers Took More Than $120M In Three Months
FDIC says computer scams targeting small businesses cost U.S. companies $25 million in the third quarter of 2009, while online banking fraud involving the electronic transfer of funds rose to more than $120 million
COMPUTER WEEKLY
U.S. Cybersecurity Efforts Hindered By Poorly Defined Roles, Says GAO
Agencies' responsibilities unclear; country lacks a plan for working with foreign governments, report says
STAR TRIBUNE
Sophisticated Minnesota Fraud Ring Has Global Tentacles
Investigators say ID fraud case could be one of the biggest of its kind in the U.S.
FINEXTRA
PayPal Tells Users To Download Anti-Phishing Software
Iconix software can help identify genuine emails, eBay unit says
MICROSOFT
Microsoft Launches Two Updates On Patch Tuesday
Both updates, rated "important," could allow remote code execution
GUARDIAN
How To Avoid Your Own 'Climategate' Scandal
University expert offers views on how to share information -- and how not to
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
- Three Principles to Improve Data Security and Compliance
- Aligning IT with strategic business goals: A proactive approach to managing IT risk to your business
- Connecting the Dots: Are You Seeing the Complete Big Data Picture?
- How crowdsourced testing has changed the game for innovative software companies
- Ensuring Your Apps Work in the Real World
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
- Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-3562
Multiple integer signedness errors in the tvb_unmasked function in epan/dissectors/packet-websocket.c in the Websocket dissector in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (application crash) via a malformed packet.
CVE-2013-3561
Multiple integer overflows in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (loop or application crash) via a malformed packet, related to a crash of the Websocket dissector, an infinite loop in the MySQL dissector, and a large loop in the ETCH dissector.
CVE-2013-3560
The dissect_dsmcc_un_download function in epan/dissectors/packet-mpeg-dsmcc.c in the MPEG DSM-CC dissector in Wireshark 1.8.x before 1.8.7 uses an incorrect format string, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
CVE-2013-3559
epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.8.x before 1.8.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (integer overflow, and heap memory corruption or NULL pointer dereference, and application crash) via a malformed packet.
CVE-2013-3558
The dissect_ccp_bsdcomp_opt function in epan/dissectors/packet-ppp.c in the PPP CCP dissector in Wireshark 1.8.x before 1.8.7 does not terminate a bit-field list, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.


