Best Of Web
Best Of The Web
WASHINGTON POST
Microsoft Scrambling To Close Stubborn Security Hole
Software giant may be preparing out-of-cycle patches, sources say
NETWORK WORLD
America's Ten Most Wanted Botnets
Zeus tops list of botnets we'd love to bust
US-CERT
Adobe Reader, Acrobat, And Flash Player Vulnerability
Users encouraged to disable Flash in Adobe Reader 9
PC ADVISOR
Twenty-Five Percent Of Firms Suffer Social-Network Phishing Attacks
Web 2.0 trend could expose companies to additional security threats, study says
GLOBAL SECURITY MAGAZINE
Imperva: Twitter Email Account Hack Was Multi-Vectored But Tapped Into Poor Security Safeguards
Data loss might have been prevented, security vendor says
FORBES
Obama's Unwilling Cyber Czars
Heavy focus on economy makes position less desirable, experts say
BANK INFO SECURITY
Incident Response For Data Breaches
Interview with forensics expert at PricewaterhouseCoopers offers insights on most popular attack vectors
ALIBABA.COM
What Obama's Cyberplan Means For Business
Cyber czar may be coming, but regulatory change doesn't appear on the horizon
SKYNEWS
Exposed: Repair Shops Hack Your Laptops
Investigation finds some computer repair shops illegally access personal data on customers' hard drives, and hack into their bank accounts
INFORMATIONWEEK
NSA Using Cloud Model For Intelligence Sharing
The National Security Agency is building a cloud-based environment that will link disparate intelligence databases
MCAFEE
Financial Fraud And Internet Banking Threats And Countermeasure
Clickjacking, other threats make online banking increasingly risky
SEARCHSECURITY
Hackers To Award Most Over-Hyped Bug, Epic Fail
Conficker is one of three nominees for most overhyped bug for the annual hacker-judged Pwnie Awards
EWEEK
Smart Grid Security In The Spotlight At Black Hat
Researchers say the energy industry has work to do in security
THE REGISTER
Open-Source Firmware Vuln Exposes Wireless Routers
A critical vulnerability in open-source firmware for Linksys and other wireless routers makes them prone to hijacking
USA TODAY
Report: Shortage Of Cyber Experts May Hinder Government
The U.S. federal government is facing a severe shortage of computer specialists, according to a new study, and agencies today typically go their own way and work at "cross purposes"
TREND MICRO BLOG
New KOOBFACE Upgrade Makes It Takedown-Proof
Even if C&C domains are shut down, bots can stay alive by hosting C&C updates themselves
NEW YORK TIMES
Deutsche Bank Fires Two Accused Of Privacy Breach
Internal investigation of 2008 scandal leads to terminations
TECH WORLD
Adobe Tries To Explain Acrobat Patch Woe
Acrobat Reader update is built into new version, software giant says
NEW YORK TIMES
New Technology To Make Digital Data Self-Destruct
'Vanish' makes email messages disappear after a defined time period
AZ CENTRAL
FTC Ready To Set Data Safeguards
'Red Flag' rules require companies to protect identity data
GOVERNMENT INFO SECURITY
Can Cloud Defend Against DDOS Attacks?
IT managers can thank North Korean attackers for helping to make the business case for cloud security
CIO
Chinese News Sites Go Down After Reports On Government Scandal
Technology news sites may have been pulled down for antigovernment reporting
ZDNET
BT To Resell Microsoft's Business Cloud Suite
Offerings to include security capabilities, partners say
SEARCH FINANCIAL SECURITY
Proposed Expansion Of Top-Level Security Domains Generates Security Concerns
ICANN's proposed expansion could lead to additional phishing attacks, experts say
MOZILLA
Milw0rm 9158 'Stack Overflow' Crash Not Exploitable
A recently revealed bug in Firefox related to handling of certain very long Unicode strings can crash some versions of Firefox, but it's not exploitable, Mozilla says
CNET
Symbian Admits Trojan Slip-Up
The Symbian Foundation says its process for keeping malicious applications off Symbian OS-based phones needs improvement
TECH CENTRAL
Security Experts Hit Hard
The number of security professionals looking for work jumps 17 percent, according to research from IT recruitment firm Barclay Simpson
MYFOXPHILLY.COM
Nude Erin Andrews Video Actually Virus
Sophos says many sites with links to the alleged video of ESPN reporter also include malware
DATABREACHES
Computer Admin Sentenced For Hacking Lifegift
Former IT director at the nonprofit organ and tissue donation center gets two years in prison for hacking into her former employer's network
COMPUTERWORLD
Report: Hacker Broke Into Twitter E-Mail With Help From Hotmail
Hacker Croll tells how he cracked into Twitter's documents
MIS ASIA
IMPACT, ITU Calls For Concerted, Borderless Effort To Fight Cyber-Attacks
The International Multilateral Partnership Against Cyber Threats and International Telecommunication Union call for cooperation in the wake of recent attacks
SIGNON SAN DIEGO.COM
Hotline For UCSD Patients Swamped
A hacker breaks into computers at the University of California San Diego's Moores Cancer Center, compromising Social Security numbers and other personal patient data
THREAT POST
Mozilla, Google Plug Critical Browser Holes
Mozilla has patched the new zero-day flaw in Firefox, while Google patched flaws in Chrome
ADOBE
Adobe Launches Digital Signature Trust Program for Reader, Acrobat
Trust list will let users create digital signatures that are trusted whenever the signed document is opened in Acrobat or Reader 9.0 and above
THE NEW YORK TIMES
Internet's Anonymity Makes Cyberattack Hard To Trace
Despite initial assertions North Korea was behind recent attacks, most computer security say the attackers could be located anywhere in the world
COMPUTERWORLD
Microsof t Sues Mobile Ringtone Company For Phishing, Spam
Lawsuit claims that Funmobile phished customers and spammed their contacts via Live Messenger
SANS INTERNET STORM CENTER
OWC Exploits Used In SQL Injection Attacks
Attackers have begun exploiting the still unpatched Office Web Components vulnerability as part of a wave of SQL injection attacks
SC MAGAZINE
Oracle Issues Security Patches In Seven Product Lines
Oracle this week patched 30 security vulnerabilities in seven of its product lines
FEDERAL COMPUTER WEEK
DHS: Give Us Info On Cybersecurity Products
The U.S. Department of Homeland Security has issued an RFI for information on technical solutions for protecting the ".gov" cyber domain used by federal civilian agencies
SEARCHSECURITY
Conficker Conficker Authors Prepping For Next Stage, Researcher Says
F-Secure researcher Mikko Hypponen says the lack of activity of Conficker recently could mean trouble to come
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- Endpoint Security: End user security requires layers of tools and training as employees use more devices and apps.
- Security Isn't A Piece Of Cake: It's time we rethink the conventional wisdom about security layering.
- BYOD Is Here To Stay: Trying to keep employees' devices off the network is futile.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-1612
Buffer overflow in secars.dll in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1.x before 12.1.3, and Symantec Endpoint Protection Center (SPC) Small Business Edition 12.0.x, allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2013-2866
The Flash plug-in in Google Chrome before 27.0.1453.116 does not properly determine whether a user wishes to permit camera or microphone access by a Flash application, which allows remote attackers to obtain sensitive information from a machine's physical environment via a clickjacking attack, as demonstrated by an attack using a crafted Cascading Style Sheets (CSS) opacity property.
CVE-2013-2969
Cross-site scripting (XSS) vulnerability in IBM Sterling Control Center (SCC) 5.2 before 5.2.0.9, 5.3 before 5.3.0.4, and 5.4 through 5.4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving invalid characters.
CVE-2013-2968
An unspecified buffer-read method in IBM Sterling Control Center (SCC) 5.2 before 5.2.0.9, 5.3 before 5.3.0.4, and 5.4 through 5.4.0.1 allows remote authenticated users to cause a denial of service via a large file that lacks end-of-line characters.
CVE-2013-4622 (droid_incredible)
The 3G Mobile Hotspot feature on the HTC Droid Incredible has a default WPA2 PSK passphrase of 1234567890, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area.