Best Of Web
Best Of The Web
BANK TECHNOLOGY NEWS
ID Analytics Pokes Hole In Address Fraud Fight
Data used to measure risk of ID theft may be faulty, study suggests
FORT WAYNE NEWS-SENTINEL
Top 10 Scams Hurt Consumers
A look at the most frequently cited online and phone scams nationwide, according to the Better Business Bureau
AMERICAN BANKER
Heartland Settles Second Data Loss Litigation
Payment processing firm agrees to pay up to $2.4 million to breach victims in class action suit
SEARCH SECURITY
Microsoft Doesn't Rule Out Rushed Patch For IIS Zero-Day Vulnerability
Flaw could allow attackers to load malware on Web servers, researchers say
SOPHOS
Thousands Of Websites Affected By New Trojan
Troj/JSRedir-AK is often introduced via compromised FTP credentials, researchers say
LOS ANGELES TIMES
Federal Judge Gives Preliminary Approval To Settlement Over Countrywide ID Theft
Judge grants 17 million victims free credit monitoring, up to $50,000 in reimbursements
GOVERNMENT COMPUTER NEWS
About Schmidt: We Finally Have A Cybersecurity Coordinator -- Now What?
Experts say new cyber czar faces challenges that may be difficult to overcome
PEOPLE'S DAILY
Computers Monitored In China Internet Cafes For Crackdown On Illegal Online Games
Government is monitoring more than 4.65 million computers at 81,000 locations
SF GATE
Hackers' Attacks Rise In Volume, Sophistication
2009 marked huge increase in attacks, as well as some new exploits
THE REGISTER
Inmate Gets 18 Months For Thin Client Prison Hack
Former inmate stole personal data on 1,100 employees and made it available to other inmates
THE BOSTON CHANNEL
Inmate Sentenced For Hacking Jail Computer
A former Plymouth County jail inmate will go back to jail for hacking the jail's computer system and stealing personal information on workers
WIRED
Former Morgan Stanley Coder Gets 2 Years In Prison For TJX Hack
The man who created a custom sniffing program used to siphon millions of credit and debit card numbers from TJX's network was sentenced to two years in prison
ALL HEADLINE NEWS
Palin E-mail Hacker To Go On Trial
The son of a Tennessee politician accused of hacking Sarah Palin's e-mail insisted he did not steal her identity, but a judge refused to dismiss the case
LEP NEWS
Customer Credit Card Details Stolen
A stolen laptop in Europe has led to the compromise of thousands of MBNA credit card customer accounts
WEB SECURITY BLOG
XSS Vulnerabilities In 8 Million Flash Files
Researcher discovers cross-site scripting bugs in 8 million Flash files in Websites
THE REGISTER
Hackers Break Amazon's Kindle DRM
An Israeli hacker claims to have broken copyright protections built into Amazon's Kindle for PC
METASPLOIT BLOG
Metasploit Framework 3.3.3 Released, Includes Exploit Rankings
The release includes exploit rankings, session automation, and bug fixes; exploit rank indicates how reliable the exploit is and how likely it is for the exploit to have a negative impact on the target system
PC WORLD
Citigroup, Law Enforcement Refute Cyber Heist Report
Citigroup and a federal law enforcement source refute claim that the bank's customers lost millions of dollars in a breach last summer
BAYWORDS BLOG
Intel Exposes Server Login Dates, Passport And Credit Card Dates
Hacker reveals SQL injection flaw in Intel's site that exposes sensitive data
CISCO BLOG
The Effectiveness Of Antivirus On New Malware Samples
Test finds only 40 percent of new malware samples were detected by more than half of antivirus products and 60 percent by less than half, while 28 percent were detected by fewer than 30 percent of AV products
THREAT POST
Attackers Buying Own Data Centers For Botnets, Spam
Cybercriminals are building their own virtual data centers as a way to evade shutdown
H ONLINE
Beware Of Christmas Presents With Non-Volatile Memory
The Internet Storm Center recommends formatting any unsolicited mobile storage device you receive
THE REGISTER
Intel Patches Critical Security Bug In Vpro Processors
Intel released a patch for its series of silicon-based security protections after researchers found bugs that let them bypass the protections
PRAETORIAN PREFECT BLOG
Reactivating DECAF In Two Minutes
DECAF is a working tool that can be re-enabled, and researchers demonstrate how
FINEXTRA
Middle East Banks Struggling To Control Fraud
Online security survey of Middle East major banks finds 75 percent rating their ability to defend against online threats "average"
COMPUTERWORLD
Microsoft's 'Whitelist' Helps Hackers, Says Trend Micro
By recommending users exclude some file extensions and folders from antivirus scans, Microsoft may put users at risk, according to Trend Micro
WIRED
Internal Twitter Credentials Used In DNS Hack, Redirect
The DNS company that services Twitter said "valid Twitter credentials" were used to redirect the site last week
THREAT POST
Adobe Patches Critical Flash Media Server Flaws
Adobe has released a critical patch for vulnerabilities discovered in Adobe Flash Media Server (FMS) 3.5.2 and earlier versions
MCAFEE AVERT LABS BLOG
Brittany Murphy Searching Dangers
Poisoned Web searches are under way as users begin searching for details on the death of actress
ARS TECHNICA
IPhone Worm Code Suggests Mobile Botnets May Be Future Risk
Security researchers analyzed the code of recently discovered malware that targeted jailbroken iPhones and say it's part of a proof-of-concept for a mobile botnet
TECHWORLD
Employers Are Getting Used To Personal PCs, Says Gartner
An average of only 10 percent of office laptops belong to companies, as employees are using more privately owned machines, according to a survey of 500 IT managers in the U.K., Germany, and U.S.
THE REGISTER
U.K. Retail Wi-Fi Security Still Patchy
War-walking test finds one-fourth of all Wi-Fi networks unencrypted, and 21 percent with easily breakable WEP encryption
THE JERUSALEM POST
IDF Bolstering Computer Defenses
Israeli IDS warned of cyberwarfare threat against the country and said it was working on shoring up its cyber defenses
WIRED
Drone Feeds Gave Insurgents 'Early Warning': Report
U.S. Air Force official says one militant group in Iraq was able to stay a step ahead of U.S. forces thanks to ability to intercept spy drones' transmissions
CHOSUN
N. Korea 'Hacks into S.Korea-U.S. Defense Plans'
North Korean hackers may have accessed a war plan devised by South Korea and the U.S. in preparation for an emergency
COMPUTERWORLD
Heartland Pays Amex $3.6M Over 2008 Data Breach
Heartland Payment Systems will pay American Express $3.6 million to settle charges relating to the 2008 hacking of its payment system network
NETWORK WORLD
Microsoft Investigating Windows 7 SMB Crash Bug
New security advisory provides details on denial-of-service bug in Windows 7 and Server 2008
THE REGISTER
Film Review Site Hacked To Spew Malicious PDFs
Malicious PDF exploited two vulnerabilities in Adobe Reader that Adobe has already fixed
LAW360
Yodle Sues Ex-Employees For Alleged Hacking Plot
Online advertising company Yodle has filed suit against three former employee alleging they helped the company's rival hack systems and steal data
H ONLINE
PHP 5.2.12 Closes Security Holes
A new version of PHP fixes more than 60 bugs mainly to increase stability and also repair some security holes
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
- Three Principles to Improve Data Security and Compliance
- Aligning IT with strategic business goals: A proactive approach to managing IT risk to your business
- Connecting the Dots: Are You Seeing the Complete Big Data Picture?
- How crowdsourced testing has changed the game for innovative software companies
- Ensuring Your Apps Work in the Real World
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
- Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-3562
Multiple integer signedness errors in the tvb_unmasked function in epan/dissectors/packet-websocket.c in the Websocket dissector in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (application crash) via a malformed packet.
CVE-2013-3561
Multiple integer overflows in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (loop or application crash) via a malformed packet, related to a crash of the Websocket dissector, an infinite loop in the MySQL dissector, and a large loop in the ETCH dissector.
CVE-2013-3560
The dissect_dsmcc_un_download function in epan/dissectors/packet-mpeg-dsmcc.c in the MPEG DSM-CC dissector in Wireshark 1.8.x before 1.8.7 uses an incorrect format string, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
CVE-2013-3559
epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.8.x before 1.8.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (integer overflow, and heap memory corruption or NULL pointer dereference, and application crash) via a malformed packet.
CVE-2013-3558
The dissect_ccp_bsdcomp_opt function in epan/dissectors/packet-ppp.c in the PPP CCP dissector in Wireshark 1.8.x before 1.8.7 does not terminate a bit-field list, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.