Best Of Web
Best Of The Web
TECHEYE
Microsoft's Security Software Fails Certification
Microsoft's free Security Essentials software failed its certification tests by AV-Test
QUALYS BLOG
Clickjacking: An Overlooked Web Security Hole
New research finds that 70 percent of the top 10 websites, 30 percent of the top 10 banking websites, and 20 percent of the most popular open source Web applications are taking necessary precautions to prevent clickjacking
THREAT POST
Malicious Browser Add-On Guides Victims To Phishing Sites
An attack using a typosquatted domain name designed to mimic the URL of a popular e-commerce destination to lure their victims to a malicious website prompts visitors to download a malicious add-on that will guide users to phishing sites
SECURITY WEEK
Hackers Target Indian Minister In Free-speech Fight
India's IT minister website was hacked and defaced today in protest to a law governing online comments that has been condemned by free-speech advocates
SECURELIST
A Targeted Attack Against The Syrian Ministry Of Foreign Affairs
This type of attack is common for governments and governmental institutions
WIRED
Bank Agrees To Reimburse Hacking Victim $300K In Precedent-Setting Case
People's United Bank will pay Patco Construction Company the money it lost to hackers in 2009 plus $45,000 in interest for a breach that stole the company's online banking credentials
IC3
Citadel Malware Continues To Deliver Reveton Ransomware In Attempts To Extort Money
The latest version of the ransomware uses the name of the Internet Crime Complaint Center to frighten victims into sending money
KREBS ON SECURITY
Online Service Offers Bank Robbers For Hire
Cyber underground service offers accomplices to help empty bank accounts, steal tax refunds and intercept fraudulent purchases
WALL STREET AND TECHNOLOGY
Can Banks Prevent The Next Cyber Attack?
Banks knew September DDoS attacks were coming, but were powerless to stop them. What can be done against the next attack?
INFO SECURITY
FBI Explores $150,000 Hack At Wisconsin School
Payroll disbursement is rerouted by unknown hackers
SC MAGAZINE
Massive Romanian Credit Card Ring Busted
Police arrest gang accused of Australia's largest credit card fraud ring
THREAT POST
PayPal Fixes Trio Of Remote-Access Vulnerabilities
Online payment giant fixes security flaws found through its Bug Bounty Program
WIRED
Judge Gives Bradley Manning Permission To Plead Guilty For WikiLeaks Dumps
Terms of plea would allow Manning to plead guilty in seven of the 22 charges he currently faces for leaking hundreds of thousands of government documents
SECURITY AND DEFENSE AGENDA
Cyber Honeytraps To Entice Attackers
European Union's cybersecurity agency launches in-depth study of 30 honeypots
GOVERNMENT SECURITY NEWS
As Leadership Changes, Cyber Security Remains Critical Issue For Congress
Departing Homeland Security Committee chairman says protection of critical infrastructure is the most important issue for the next Congress
THREAT POST
Hardcoded Password Enables Remote Attacks On Samsung Printers
US-CERT is warning that Samsung printers, including some Dell printers manufactured by Samsung, include a hardcoded password could enable remote code execution
SEARCHSECURITY
Unrealistic Expectations, Skills Gap Mire Market For IT Security Jobs
IT security job market faces unrealistic HR and hiring manager expectations, rapid commoditization of technologies, and a lack of security professionals that can communicate IT security and risk to business executives
NEXTGOV
Pentagon Exempts Cyber Weapons From Collateral Damage Directive
The U.S. Department of Defense does not mandate computer vendors use the same safeguards that traditional arms providers use to prevent collateral damage
WIRED
Geek Researcher Spends Three Years Living With Hackers
Anthropologist Gabriella Coleman went to San Francisco to live among hacker communities and to study them -- she has now authored a book based on her research
THREAT POST
Update: Attack On Romanian TLD Register Led To Google, Yahoo Defacements And DNS Redirects
The DNS hijacking attacks against the home pages of Google, Yahoo, and other websites in Romania were traced to an attack on the Romanian Top Level Domain Register, researchers at Kaspersky Lab say
BUSINESSWEEK
China Mafia-Style Hack Attack Drives California Firm To Brink
For three years, hackers from China cyber-harrassed Solid Oak Software in the wake of the firm's allegations that China used its CYBERsitter parent-filtering software for Internet censorship purposes
HELP NET SECURITY
Go Daddy Says DNS Records Hijacking Was Due To Phishing
Attackers targeted the DNS records of Go Daddy-hosted websites so that they would redirect victims to malicious sites hosting the Cool exploit kit and install ransomware
THE NEXT WEB
Google Security Glitch Restores Webmaster Tools, Possibly Analytics Access To Revoked Accounts
For several hours yesterday a small set of Webmaster Tools accounts were incorrectly reverified for people who previously had access. We've reverted these accounts and are investigating ways to prevent this issue from recurring
YAHOO! NEWS
U.N. Atom Agency Says Stolen Information On Hacker Site
U.N. nuclear watchdog says data from former server was posted on Internet
IT PRO PORTAL
Serious BT Security Flaw Revealed
Telecommunications giant slammed for porous security on its website
SOPHOS
Spy Agency Employees Caught Oversharing On LinkedIn And Facebook
Belgium's state security agency employees discovered promoting themselves on social nets
COMPUTERWORLD UK
Antivirus Software So Ineffective It's A Waste Of Money, Report Suggests
Poor detection means that free programs offer better value
REUTERS
FBI Uses Twitter, Social Media To Look For Securities Fraud
Agency sees social media as potential breeding ground for insider trading
PROPERTY CASUALTY 360
Cyber Threat Not Number One Method Of Identity Theft
No. 1 cause of ID theft turns out to be old-fashioned loss of personal effects, Travelers study says
CSO ONLINE
LulzSec Hacker Faces 30 Years To Life
Jeremy Hammond is denied bail, placed on terrorist watch list for role in Stratfor hack
THE SECURITY LEDGER
Chrome Zero-Day A No-Show At Security Con
Planned talk that would have revealed new vulnerability canceled due to speaker's visa difficulties
SECURITY WEEK
At Least 28,000 Affected In Breach At Nationwide Insurance
A portion of the network used by Nationwide and Allied Insurance agents was hacked in October and information was stolen
FORBES
Security Flaw In Common Keycard Locks Exploited In String Of Hotel Room Break-Ins
A man has been arrested for a series of hotel room break-ins that hotel franchisee says were executed via a device that exploits a bug in keycard locks built by the lock company Onity -- the flaw was demonstrated at Black Hat this summer
PC WORLD
Xtreme RAT Malware Targets US, UK, Other Governments
The Xtreme RAT malware is now targeting governments in the U.S., U.K., and other countries, according to Trend Micro
INFOSECURITY MAGAZINE
European Parliament Passes A Resolution Condemning Any Internet Takeover By The ITU
It is widely believed that at the December ITU conference in Dubai will attempt to take control of the Internet
THE REGISTER
Google, Apple, And Microsoft Downed In Pakistan
Some 300 websites in Pakistan, including Google.com.pk, Microsoft.pk, Apple.pk, and Yahoo.pk, were hacked and defaced by what appears to be a combination of Pakistani and Turkish attackers
H ONLINE
EU Plans To Implement Mandatory Cyber Incident Reporting
The European Union is considering making it mandatory for businesses to report cyberattacks
NAKED SECURITY BLOG
Hacker Selling $700 Exploit That Hijacks Yahoo Email Accounts
A hacker is selling a $700 zero-day exploit for Yahoo Mail that lets an attacker leverage a cross-site scripting flaw to steal cookies and hijack accounts
THREAT POST
Researcher Finds Nearly Two Dozen SCADA Bugs In A Few Hours' Time
A researcher with Exodus Intelligence found more than 20 flaws in SCADA packages from some of the same vendors and other manufacturers in a few hours
WIRED
Hacker Found Guilty of Breaching AT&T Site To Obtain iPad Customer Data
Andrew Auernheimer, 26, was found guilty in federal court of one count of identity fraud and one count of conspiracy to access a computer without authorization for accessing personal data of more than 100,000 iPad owners from AT&T's website
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- Endpoint Security: End user security requires layers of tools and training as employees use more devices and apps.
- Security Isn't A Piece Of Cake: It's time we rethink the conventional wisdom about security layering.
- BYOD Is Here To Stay: Trying to keep employees' devices off the network is futile.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-2866
The Flash plug-in in Google Chrome before 27.0.1453.116 does not properly determine whether a user wishes to permit camera or microphone access by a Flash application, which allows remote attackers to obtain sensitive information from a machine's physical environment via a clickjacking attack, as demonstrated by an attack using a crafted Cascading Style Sheets (CSS) opacity property.
CVE-2013-2969
Cross-site scripting (XSS) vulnerability in IBM Sterling Control Center (SCC) 5.2 before 5.2.0.9, 5.3 before 5.3.0.4, and 5.4 through 5.4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving invalid characters.
CVE-2013-2968
An unspecified buffer-read method in IBM Sterling Control Center (SCC) 5.2 before 5.2.0.9, 5.3 before 5.3.0.4, and 5.4 through 5.4.0.1 allows remote authenticated users to cause a denial of service via a large file that lacks end-of-line characters.
CVE-2013-4622 (droid_incredible)
The 3G Mobile Hotspot feature on the HTC Droid Incredible has a default WPA2 PSK passphrase of 1234567890, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area.
CVE-2013-0484 (cognos_tm1)
The server process in IBM Cognos TM1 10.1.x before 10.1.1 FP1 allows remote attackers to cause a denial of service (daemon crash) via an undocumented API call that triggers the transmission of unexpected data.