Best Of Web
Best Of The Web
GOVERNMENT COMPUTER NEWS
3 Basic Steps To Thwart Most Cyberattacks, Courtesy Of NSA
Best practices, proper configurations, and network monitoring can help systems fight 80 percent of attacks, National Security Agency information assurance director says
PC WORLD
Microsoft Settles Employee Spying Case
Microsoft has settled a lawsuit with a former employee it had charged with fraud, misappropriation of trade secrets, and breach of contract
CYVEILLANCE BLOG
Google Search Results Significantly Poisoned
Hundreds of thousands of links leading to malware found in Google results
COMPUTERWORLD
Yahoo! Jobs Site In SQL Attack Worry
Vulnerability could have exposed customer data, search giant says
ARMY TIMES
Data Breach Could Affect 60,000 GIs, Civilians
Loss of external hard drive by Corps of Engineers puts personal data at risk
V3.CO.UK
Companies Still Lacking In Data Management Policies
Few companies have systems in place to order their data, and many have trouble finding it again, IDC report says
KETV
Hackers Breach State Database
Several thousand could be affected in compromise of Nebraska Worker's Compensation database
CSO
The Botnet Hunters
An in-depth look at Internet security's equivalent of storm chasers
PC WORLD
Shadowserver To Take Over As Mega-D Botnet Herder
Effort under way to clean up tens of thousands of computers infected with spam-churning malware
INTERNET NEWS
McAfee Outlines Growing Cyber Warfare Threat
Politically motivated attacks are on the rise internationally, security company says
FINEXTRA
It Isn't Safer To Check Your Account Often Online
Security expert says frequent account access actually increases the risk of a compromise
ADD/XOR/ROL
Why Most Researchers Are Not Fans Of Standards For 'Responsible Disclosure'
Most researchers are more interested in research than in rules, security expert Halvar Flake says
MICROSOFT
Vulnerability In Windows SMB Could Allow Denial Of Service
Investigation could lead to out-of-cycle patch, software giant says
CNET
Hackers Create Tools For Disaster Relief
"Random Hacks of Kindness" event helps develop means of information sharing in disasters
FOREIGN POLICY JOURNAL
Brazil's Next Battlefield: Cyberspace
Following blackouts and reports of hacks, Brazil retrenches around IT security
FEDERAL TIMES
At Department Of State, More IT Security, Less Cost
New vulnerability reporting technology is speeding up the process at agency
GOVERNMENT INFO SECURITY
White House Must Lead: Part 2 Of An Interview With Melissa Hathaway
Former White House cybersecurity policy review coordinator offers insights on government's future directions
GOVERNMENT INFO SECURITY
Little To Show For $45 Million Security Investment
GAO report says Los Alamos National Laboratory still has security vulnerabilities despite big spending
PC WORLD
Researchers Set Their Sites On iPhones, Mobile Malware
NSF gives $450,000 grant to security team at Georgia Tech
SC MAGAZINE
ISF Releases Report On Cloud Security
Report outlines five key steps to take before moving into the cloud
McAFEE LABS BLOG
The McColo Effect -- One Year Later
A year after the infamous, spam-carrying ISP was brought down, impact can still be felt
SCHNEIER ON SECURITY
Security In A Reputation Economy
Reputation can help identify suspect data sources, but it's far from perfect
WEBROOT THREAT BLOG
Phishing Scheme Targets E-Payment Processor NACHA
A closer look at the scams targeting the financial transaction market
BANK INFO SECURITY
Creatively Securing IT: Melissa Hathaway, White House Cybersecurity Policy Review Leader
Hathaway offers a look into the future of cybersecurity technology
GOVERNMENT COMPUTER NEWS
Survey Reinforces Growing Insecurity About IT Security
PhoneFactor study shows decreasing confidence in authentication schemes
HOMELAND SECURITY NEWSWIRE
Cyber Threats Now Targeting Traditional Companies
Even small and midsize businesses should have a plan for cyber attacks, defense experts say
TECHNOLOGY REVIEW
Breaking the Botnet Code
University of California at Berkeley and Carnegie Mellon University researchers create way to automatically reverse-engineer communications between bots and their controllers
CHANNEL INSIDER
Is HP Finally A Security Vendor?
HP gets TippingPoint's IPS line, as well as 3Com's firewalls, UTM, and wireless tools in the acquisition
COMPUTERWORLD
Unpatched SMB Bug Crashes Windows 7, Researcher Says
New bug in Windows 7 and Server 2008 R2 when exploited locks up the system; Microsoft says it's investigating
ESECURITY PLANET
Config Errors Create Big Security Headaches
Yankee Group report says one of the biggest challenges is managing the configurations and security settings on thousands of network devices spread over global infrastructures
SC MAGAZINE
Zeus Botnet Sends Out Spam That Encourages Recipients To Update Their Myspace Account And Download A Trojan
Spam is similar to Facebook-related spam seen last week, with the user "required to update" account with a link
INFOSECURITY MAGAZINE
Cyberterrorism: A Look Into The Future
The (ISC)2 US Government Advisory Board Executive Writers Bureau talks about what cyberterrorists of the future will go after and how we can defend ourselves
THE REGISTER
Britney's Twitter Feed Hacked Again
Britney Spears' Twitter profile was taken over by hackers again this week
RSA
Deep Inside A Reshipping Scam: Mules Victimized By "Air Parcel Express"
RSA FraudAction Research Lab exposes inner workings of a phony reshipping service that is really a front for recruiting money mules
ARS TECHNICA
Bot Herders Turn To The Cloud For Command-And-Control
Arbor Networks discovers botnet code from Google's AppEngine feeding URLs to a botnet
FAST COMPANY
Facebook Hijackers Speak Out About...School Project?
Hundreds of Facebook groups were taken over Tuesday by a group called Control Your Info that exploited a design flaw in Facebook's groups feature
TECHSPOT
The Computer Virus Turns 26 Today
The first known proof-of-concept code for a computer virus was demonstrated in a public venue 26 years ago today
INFOWORLD
How A Botnet Gets Its Name
There's no uniform way botnets get named, so there's often a long list of names for the same botnet, causing confusion among potential victim companies
NETWORK WORLD
Drowning In Passwords: Tips To Stay Safe And Sane
Tools such as Roboform and deleting saved passwords and forms can help, as well as using saved password features in browsers
THREAT POST
Online Ad Site Hacked, Rigged To Serve Exploits
An online advertising site, media-servers.ne, has been infected to serve multiple exploits to Windows users with unpatched third-party software
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
- Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-3496 (vipnet_client, vipnet_coordinator, vipnet_personal_firewall, vipnet_safedisk)
Infotecs ViPNet Client 3.2.10 (15632) and earlier, ViPNet Coordinator 3.2.10 (15632) and earlier, ViPNet Personal Firewall 3.1 and earlier, and ViPNet SafeDisk 4.1 (0.5643) and earlier use weak permissions (Everyone: Full Control) for a folder under %PROGRAMFILES%\Infotecs, which allows local users to gain privileges via a Trojan horse (1) executable file or (2) DLL file.
CVE-2013-2849 (chrome)
Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome before 27.0.1453.93 allow user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) drag-and-drop or (2) copy-and-paste operation.
CVE-2013-2848 (chrome)
The XSS Auditor in Google Chrome before 27.0.1453.93 might allow remote attackers to obtain sensitive information via unspecified vectors.
CVE-2013-2847 (chrome)
Race condition in the workers implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via unknown vectors.
CVE-2013-2846 (chrome)
Use-after-free vulnerability in the media loader in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2013-2840.