Best Of Web
Best Of The Web
REUTERS
Unhackable Telecom Networks Come A Step Closer
Researchers have created a way to protect networks using quantum cryptography and without the need for dedicated optical fiber links
COMPUTERWORLD
South Carolina Faults IRS Standard In Massive Data Breach
Sc Gov. Nikki Haley sends missive to IRS emphasizing importance of encrypting Social Security numbers
THE REGISTER
BT: Olympics Cyber Attackers Were Amateurs
Young hacktivists and journalists with infected laptops were the biggest security threats to the London 2012 Games, according to British Telecom
IT SECURITY PRO
German Government IT Agency Advises Windows Users To Patch More And Swerve Java
Germany's government�s office for information security issued an advisory asking Windows users to keep their machines updated and patched and using multiple browsers, and avoiding Java wherever possible
NAKED SECURITY BLOG
Prince William Photos Accidentally Reveal RAF Password
Prince William's official website released a series of photographs yesterday of a day in his life as an RAF search and rescue helicopter pilot -- and inadvertently exposed username and easy-to-guess password
THREAT POST
Mozilla Releases Firefox 17 With Click-To-Play, Updates Firefox For Android
Firefox 17 includes a new click-to-play blocklisting feature to ensure users update vulnerable versions of plug-ins or extensions
NATIONAL DEFENSE MAGAZINE
More Reporting Of Cyber Attacks Would Aid FBI, Official Says
Assistant director of the FBI's cyberdivision urged businesses to report network intrusions they experience
INFOSEC ISLAND
Emailing Passwords -- Practice What You Preach
Users shouldn't email their passwords -- and neither should their security departments
CSO AUSTRALIA
The Threat Landscape: The Next Trends In Cybersecurity
A look at some of the top security threats developing over the next year
WEBSENSE
The Strange Case Of The Inte1sat Domain Name
This exploit is not your everyday typosquatting scam
SYDNEY MORNING HERALD
Unhackable Telecom Networks A Step Closer
Researchers find way to protect telecom networks using quantum cryptography -- and without dedicated fiber optic links
PC WORLD
Security Team Finds Malware That Hijacks USB Smart Cards
Proof-of-concept malware can give attackers control of USB smart card readers attached to infected Windows PCs over the Internet
THE REGISTER
Sacre Bleu! US Fingered For Flame Attack On Elysee Palace
Reports from France say May attack was covered up by Sarkozy team
CSO ONLINE
Facebook Praised For Encrypting Web Access By Default
Move to HTTPS will protect users accessing the social network via public Wi-Fi networks
WORD PRESS
Create And Implement A Vulnerability Management Program
A detailed description of how to implement a vuln management program in your enterprise
THE REGISTER
Georgian Police Chiefs Cuffed In Cyber Spy Plot
Senior police officials and the former deputy interior minister of Georgia were arrested for allegedly spying on former opposition leaders and attempting to influence the result of October's parliamentary elections
NAKED SECURITY BLOG
Nintendo Fixes Wii U Network After Claims Of Accidental Hack
A Wii U user came across a flaw in Miiverse that gave him access to a Japanese language list of administrators, with what appeared to be the ability to regenerate passwords and delete access rights of admins
VENTUREBEAT
Advertisers Reach Out To Security Experts To Create A New Research Council
The new Security Advisory Council made up of high-profile security experts will research bots for the advertising community
DUTCH NEWS
DigiNotar Hack Made Possible As 30 Software Updates Were Ignored
Last year's hack of certificate authority DigiNotar was due to aging software that was at least 30 updates out of date, reports say
THREAT POST
More Flame Modules Could Be Lurking
there may be other modules related to Stuxnet and Flame that have yet to be discovered and may never will be, Roel Schouwenberg, senior security researcher at Kaspersky Lab, said in a talk at the Cyber Security for the Next Generation conference
FORBES
Preparing For Cyberwar: An Interview With Art Coviello
RSA Executive Chairman Art Coviello in an interview with Forbes says some sort of disruptive cyberattack by hackers, terrorists, or criminal gangs is likely to occur in the next 12 to 18 months that disrupts critical infrastructure
DFI NEWS
One Man's Crusade To End The Hysteria Over Cyberwar
Bruce Schneier is having trouble convincing the world that the threat of cyberwar is overstated
THREAT POST
FreeBSD Servers Compromised; Third-Party Software Packages Could be Impacted
Two servers owned by the open-source UNIX-like operating system project were breached, providing the attackers access to third-party software using the OS
SECURITY LEDGER
U.S. Government Also Targeted By Malware Used In Attacks On Israelis, Palestinians
Congressional employees, the U.K. government, and other government workers in other countries have also been hit by the same targeted attacks that hit Israeli police recently
THE REGISTER
Anonymous Attacks Israeli Websites Over Gaza Bombings
Hackers acting on behalf of Anonymous are launching DDoS attacks and defacing websites in protest of Israel's recent military action in the Gaza Strip
GCN
Supply Chain Threats 'Hard To Detect, Expensive To Fix'
Georgia Tech report says supply chain threats as "hard to detect, expensive to fix, and a policy nightmare,”"with few good solutions
THREAT POST
Adequate Attack Data And Threat Information Sharing No Longer A Luxury
Organizations are still hamstrung by legal constraints and other business factors that prevent an adequate flow of actionable threat intelligence
THREAT POST
VMware Security Update Fixes Dos, Other Vulnerabilities
VMware has issued an update for its vSphere API yesterday that remedies a denial of service vulnerability in ESX and ESXi, as well as adding a number of open source security updates to the ESX Service Console
BUSINESSWEEK
Why Congress Hacked Up A Bill To Stop Hackers
Legislation gets bogged down in arguments over the details, such as broad powers DHS would be granted under the proposed law
WIRED
Kill The Password: Why A String Of Characters Can't Protect Us Anymore
Even complex and unique passwords can’t always protect you
NETWORK WORLD
Proof-Of-Concept Malware Can Share USB Smart Card Readers With Attackers Over Internet
Researchers have created a proof-of-concept piece of malware that can give attackers control of USB smart card readers attached to an infected Windows computer
THREAT POST
Planned Cyberattacks On U.S. Banks On Hold
Hacker holds off on exploits after media reports
BLOOMBERG
Cybersecurity Bill Killed, Paving Way For Executive Order
Obama-backed legislation voted down by Republicans; White House may implement some of the bill’s provisions through executive order
THE REGISTER
Sophos To Axe 35 Developer Posts, Shifts Gaze To Mobile, Networks
Security vendor says it will beef up SaaS, UTM offerings in wake of Astaro acquisition
REUTERS
Laptop With NASA Workers' Personal Data Is Stolen
Thousands of workers' and contractors' data at risk following theft from locked car
TORRENT FREAK
DDoS Takes Down RLSLOG And Bitsnoop
Both file sharing sites offline following attacks from Zeiko Anonymous
MOBILE MARKETING WATCH
Can Mobile Ad Networks Slow The Spread Of Mobile Malware?
As hackers increasingly set their sights on mobile devices, ad networks under pressure to step up their game
CYBER WARZONE
Anonymous Warns Israel: "No One Cuts Internet On Our Watch!"
Following Israel's threat to sever Internet and other telecommunications, hacktivist group registers protest
THE REGISTER
Adobe Shuts Down Connect User Forum, Confirms Passwords Raided
Database compromised, exposing password information about users of its conferencing technology
SEARCH SECURITY
Adobe Investigates Zero-Day That Bypasses Reader X Sandbox
Reports of a critical zero-day exploit being sold in the criminal underground that targets a zero-day flaw in Adobe Reader X is under investigation by the software firm
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- Endpoint Security: End user security requires layers of tools and training as employees use more devices and apps.
- Security Isn't A Piece Of Cake: It's time we rethink the conventional wisdom about security layering.
- BYOD Is Here To Stay: Trying to keep employees' devices off the network is futile.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-3744
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2400.
CVE-2013-3743
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 45 and earlier and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT.
CVE-2013-2473
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, and CVE-2013-2472.
CVE-2013-2472
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, and CVE-2013-2473.
CVE-2013-2471
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2469, CVE-2013-2470, CVE-2013-2472, and CVE-2013-2473.