Best Of Web
Best Of The Web
AVIRA TECHBLOG
The Post Might Not Bring Exactly What You Expect For Christmas
New spam campaign posing as email from FedEx contains a ZIP file with an executable file called Postal-Receipt.exe, which was detected only by three antivirus software from the 48 registered at the online scanning service VirusTotal
RAPID7
Metasploit 4.5: Manage Your Organization's Phishing Exposure
New version of Metasploit Pro provides quick insight on risks and advice on how to reduce them
SOFTPEDIA
Cyberattack Against ITU Website Disrupts 'Internet Freedom' Talks
Hackers have launched a cyberattack against a website of the International Telecommunication Union (ITU), disrupting the United Nations ITU World Conference on International Telecommunications (WCIT)
FOREIGN AFFAIRS.COM
The Fog Of Cyberwar
Why the threat doesn't live up to the hype in the wake of Stuxnet, Flame, and other attacks
BLUE COAT
BlackHole Kit Doesn't Like Chrome
BlackHole appears to avoid Chrome due to security features in the browser that ask for permission before running Java applets, as well as its built-in PDF reader
THREAT POST
Microsoft Fixing 11 Vulnerabilities For December Patch Tuesday
Among Microsoft's seven security bulletins for December, the third bulletin -- rated critical -- affects Microsoft Word and appears to use Outlook to display documents without the users' interaction
IT PORTAL
Is Security The Key To Blackberry 10 Regaining Enterprise Dominance For RIM?
The BlackBerry 10 and its security features could be RIM's hopes of recovering
THE CHICAGO TRIBUNE
Foreign Hackers Targeted Former Military Chief Mullen: Report
Cyberattacks out of China appear to have compromised a personal email account of Mike Mullen, ex-chairman of the Joint Chiefs of Staff, while he was working at the U.S. Naval Academy after his retirement from the military
WIRED
Apple Hires Hacker Who Helped Save Windows From Security Hell
Apple has hired security researcher Kristin Paget--formerly known as Chris Paget--who helped Microsoft lock down its Windows operating system.
ZDNET
U.S. Now 'Totally Unified' In Opposition Of U.N. Internet Governance
The U.S. House of Representatives has unanimously approved a resolution to oppose a United Nations proposal to govern and regulate the Internet
THE DAILY BEAST
Did Iran's Cyber-Army Hack Into The IAEA's Computers?
Clues suggest the most recent cyberattack on the International Atomic Energy Agency may be more than a prank
SOFTPEDIA
US Navy Hit by 1,833 Cyberattacks Each Minute, HP Reveals
The United States Navy was hit, on average, by 110,000 cyberattacks every hour, or 1,833 attacks per minute, or 30 attacks per second, HP says
FOX NEWS LATINO
Software Giant John McAfee Arrested in Guatemala
Guatemalan police arrested McAfee founder John McAfee Wednesday for entering the country illegally, ending a search for the antivirus guru by authorities in Belize, who are seeking him as a person of interest in a murder case
THE GUARDIAN
Student Convicted Over Anonymous Cyber-Attacks
Christopher Weatherhead has been convicted for his role in a series of cyberattacks on Paypal and other major companies
THREAT POST
Nationwide, Allied Insurance Breach Hits 1.1 Million Users
An estimated 1.1 million consumers were exposed to potential ID theft after Nationwide and Allied insurance companies� servers were hacked on Oct. 3
SOFTPEDIA
Vulnerability Lab Researchers Find 3 Remotely-Exploitable Vulnerabilities in Skype
Newly discovered flaws include mail encoding Web vulnerabilities
SEARCH SECURITY
Software Development Maturity Driving Down ZDI Flaw Submissions
Growing secondary market for zero-day vulnerabilities and better software coding practices together are reducing the number of submissions to the HP TippingPoint Zero-Day Initiative, according to a vulnerability researcher who heads up the bug bounty program there
CNET
New Mac Malware Uses OS X Launch Services
New OS X malware has keylogging features to record what is being typed on an infected system in addition to remote-access features for backdoor access into the system
THE NATIONAL CONVERSATION
Former Hacker 'Dark Tangent' Issues Warning Over New Internet Rules
Rules in draft at the World Conference on International Telecommunications (WCIT) in Dubai to shape future of the Internet will be technically impossible to implement, ICANN's Jeff Moss says
POLITICO
Natural Gas Industry's Cyber Concerns
Top natural gas industry officials say cyberthreats are a major issue, but they don't know what attackers will do once they get in
SOFTPEDIA
DOS And Other 'Important' Vulnerabilities Identified In Apache Tomcat 6 And 7
The Apache Software Foundation reported flaws, including a denial-of-service bug, in Apache Tomcat, the open source Web server and servlet container developed by the organization.
ARS TECHNICA
Oh Great: New Attack Makes Some Password Cracking Faster, Easier Than Ever
Researcher designs method that makes password-cracking 21 percent faster for passwords protected by the SHA1 cryptographic algorithm
COMPUTERWORLD
Experts Question Microsoft's Decision To Retire XP
PCs running XP will be at risk to attacks exploiting vulnerabilities uncovered -- and patched for other editions of Windows -- from that point on
SOFTPEDIA
Tumblr Worm Might Have Leveraged Stored XSS Vulnerability, Expert Says
Worm most likely exploited Tumblr's reblog feature, experts say
INFOWORLD
Android Devices In U.S. Face More Malware Attacks Than PCs
Almost 10 percent of Android devices have experienced a malware attack over a three-month period, Sophos says
INFOWORLD
Security Firms Warn Of Spreading Windows AutoRun Malware
Significant increase in infections is curious because Windows 7 and Windows 8 PCs will not launch autorun.inf files
HACK READ
Dalai Lama Affiliated Website Hacked
Website connected to Dalai Lama's official YouTube channel infected with malicious Mac software
THREAT POST
Bug Hunter Finds Blended Threat Targeting Yahoo Website
Romanian researcher says new threat targets Yahoo Developer Network
HELP NET SECURITY
Hackers Publish More Info From UN Atomic Energy Agency's Servers
Anti-Israel hacker group publishes another Pastebin to prove they have the goods on nuclear data
INFOSEC ISLAND
Risky Business Of Info Security
Risk management is the backbone of any good info security program
SECURITY WEEK
Report: Swiss Spy Agency Warns Of Huge Data Leak From Insider
Counterterrorism data shared by foreign governments may have been compromised by massive data theft
SPACE TRAVEL.COM
Japan Confesses Data Breach On Epsilon Rocket
The Japan Aerospace Exploration Agency has reported a possible data breach on its first Epsilon solid-fueled rocket--details on the rocket's parameters, engine maintenance and protocols were exposed
H ONLINE
Season's gr3371ng5 -- Hacker Releases Exploits For MySQL And SSH
Hacker "KingCope" this weekend released a pile of exploits mostly targeting Oracle's SQL open source database, as well as SH servers by SSH Communications Security and FreeSSHd/FreeFTPd
BUSINESS INSURANCE
Western Connecticut State University Warns 235,000 Of Potential Data Breach
Personal information -- including social security numbers -- may have been exposed to unauthorized access
BBC
UK Planning 'Cyber Reserve' Defence Force
The U.K. government is establishing a Cyber Reserve force for fighting cybercrime
KREBS ON SECURITY
Vrublevsky Sues Kaspersky
Co-founder and owner of ChronoPay, one of Russia's largest e-payment providers, is suing Russian security firm Kaspersky Lab for allegedly writing defamatory blog posts about him in connection with his cybercrime trial
EWEEK
Microsoft Can Retain Control of Zeus Botnet Under Federal Court Order
Microsoft got a court’s permission to keep two major Zeus banking fraud botnets down for the next two years to allow more time to clean up machines infected with the Trojan
CNET
Former Spy Chief Says U.S. Has Had Its Cyber '9/11 Warning'
Former NSA director says a cyberattack could cripple the nation's banking system, power grid, and other critical infrastructure
ARS TECHNICA
How Script Kiddies Can Hijack Your Browser To Steal Your Password
The hack has been possible for years, but two newly posted proofs of concept demonstrate just how easy it is for even savvy people to fall for
NAKED SECURITY BLOG
W32/VBNA-X Worm Spreads Quickly Through Networks And Removable Media
SophosLabs has detected a jump in the spread of a malware variant that operates like a Trojan -- it spreads via autorun.inf files dropped on removable media and writable network shares
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
- Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-2059
OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API, which allows remote authenticated users to retain access via the token.
CVE-2013-2007
The qemu guest agent in Qemu 1.4.1 and earlier, as used by Xen, when started in daemon mode, uses weak permissions for certain files, which allows local users to read and write to these files.
CVE-2013-2006
OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the (1) admin_token and (2) LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file.
CVE-2013-1977
OpenStack devstack uses world-readable permissions for keystone.conf, which allows local users to obtain sensitive information such as the LDAP password and admin_token secret by reading the file.
CVE-2013-1964
Xen 4.0.x and 4.1.x incorrectly releases a grant reference when releasing a non-v1, non-transitive grant, which allows local guest administrators to cause a denial of service (host crash), obtain sensitive information, or possible have other impacts via unspecified vectors.