Best Of Web
Best Of The Web
FORBES
Bug That Helped Enable Skype Account Takeovers Reported By A User Months Earlier
Skype disabled all password resets for users while it fixed a vulnerability that appeared on several Russian Web websites showing how anyone can take over another user's Skype account just by knowing the email address linked with that account
THE WASHINGTON POST
Federal Agencies, Private Firms Fiercely Compete In Hiring Cyber Experts
Government agencies and contractors are competing heavily for cybersecurity talent in what one expert called 'fratricide on the parkway'
THREAT POST
How-To Video: Facebook Privacy
How to implement some simple, built-in features on Facebook for the most privacy
COMPUTERWORLD
Microsoft Patches Critical Flaws In Windows 8, Windows RT
Update that addresses 19 vulnerabilities in Windows, IE9, Excel, and .Net, including four bugs in Windows 8 and RT
TECHCRUNCH
With 50M Users In Tow, OpenDNS Looks To Bring Enterprise Security Into The Mobile Era
OpenDNS Umbrella extends its service and content browsing policies to mobile employees and adds visibility into roaming devices, regardless of how they connect -- cellular network, WiFi
THE WASHINGTON POST
Obama Signs Secret Cybersecurity Directive, Allowing More Aggressive Military Role
Presidential Policy Directive 20 establishes standards to guide the operations of federal agencies in cyberthreats, according to several U.S. officials who have seen the classified document and are not authorized to speak on the record
HOT FOR SECURITY
Backdoors, Password-Stealers Most Common Threats to Windows 8 Security, Bitdefender Test Reveals
Fifteen percent of well-known pieces of malware can bypass security mechanisms built into Windows 8
TREND
Iranian Hacker Arrested For Hacking U.S., Israeli Websites
Professional hacker said to have cracked more than 1,000 websites
ZDNET
Yes, The FBI And CIA Can Read Your Email. Here's How
"Petraeus-gate" didn't involve a ton of slick surveillance gear -- just a court order. And it could happen to anybody
BGR
How A Real-Life Computer Virus Inspired The Latest James Bond Film "Skyfall"
Stuxnet played a role in creation of newest 007 adventure, producer says
WIRED
Murder Suspect John McAfee: I'm Innocent
Former antivirus pioneer: "They will kill me if they find me"
MICROSOFT SECURITY RESPONSE CENTER
Verifying Update Hashes
Software giant provides sha1 and sha2 hashes to help verify authenticity of downloaded updates
COMPLIANCEX
SEC Employees Used Government Computers For Music Downloads And More
Agency employees used government-issued computers for personal activities, report says
NEW MATILDA
The Future Of Hacktivism
After some high-profile arrests, hacktivist groups changing the way they work, former member says
TECH TARGET
Huawei Security Chief Says Vendor Supports U.S. Cyberespionage Defense
Huawei CSO says his firm will work with U.S. to solve cybersecurity issues
TECH HIVE
DVRs Are Being Targeted By Hackers, Says Security Expert
Thousands of digital video recorders (DVR) have been hacked in the U.S. alone
BANK INFOSECURITY
Citadel Trojan Tough For Banks To Beat
Experts say the best way for financial institutions to help protect their customers against it is to offer them a crash course in Trojan-intrusion defense
GIZMODO
Exclusive: John McAfee Wanted For Murder
Antivirus pioneer John McAfee is on the run from murder charges, according to Belize police officials, after murder of American expatriate Gregory Faull, who was gunned down
THE WASHINGTON POST
Iran Prosecutor Confirms Blogger Died In Police Custody, Had Wounds On Body
Blogger Sattar Beheshti was detailed Oct. 30 for alleged cybercrimes and found dead on Nov. 3, the day he was handed over to cyberpolice for interrogation
ITPRO
Image Snatching Malware Poses New Security Threat
New Trojan program steals image files from Windows machines and sends them to a remote server
CSO ONLINE
China Could Be Behind Twitter Password Reset
Twitter sent notices of an attempted hacking to China-based foreign journalists and analysts just hours before apologizing for resetting the passwords of more users than necessary in a recent break-in of accounts
CNN BLOG
Fake Tech Gear Has Infiltrated The U.S. Government
Numerous tech products used by the U.S. military and other federal agencies are fake--the number of counterfeiters in the federal government's supply chain has increased by 63% over the past decade, according to a new study released by HIS
CNET
HootSuite Flub Reveals Users' E-Mail Addresses To Other Users
HootSuite inadvertently sent thousands of e-mails to users that included the names and e-mail addresses of other users
SOFTPEDIA
QRishing Study: Curiosity Is The Largest Motivating Factor For Scanning QR Codes
Carnegie Mellon University's CyLab reveals new information on phishing attacks that rely on QR (Quick Response) codes
FORBES
Meet The Texas Lawyer Suing Hundreds Of Companies For Using Basic Web Encryption
TQP have launched suits against hundreds of firms since 2008 alleging that their use of a common cryptographic protocol in their HTTPS websites violates the patent acquired by TQP in 2006�among the sued companies are Apple, Google, Intel, Dell, Hewlett-Packard, major bank and credit card companies
THREAT POST
Memory Bug Fixed In Tor Client
The Tor Project has fixed a vulnerability in its anonymization software that leaked information from memory on some machines running Tor and could give an attacker access to sensitive information stored in the cache
NAKED SECURITY BLOG
HR Departments At Risk Of Malware Infection After Unemployment Benefits Email Spammed Out
Warnings of a wave of spam emails purporting to be from the Massachusetts Division of Employment and Training that say the recipient must supply information in order to pay benefits to a former employee
THE WALL STREET JOURNAL
Stuxnet Infected Chevron's IT Network
Stuxnet also infected Chevron's network in 2010, said Mark Koelmel, general manager of the earth sciences department at Chevron
THE REGISTER
Scotland Yard Officers Arrested A 45-Year-Old Woman This Morning Over Alleged Breaches Of Privacy
Woman arrested for allegedly conspiring to commit offences under Sections 1 and 3 of the Computer Misuse Act 1990, and Sections 1 and 2 Regulation of Investigatory Powers Act 2000
INFOWORLD
Update: Cisco Recommends McAfee Switch For Ironport Customers Hit By Sophos Flaws
Cisco IronPort Email Security Appliances and Cisco IronPort Web Security Appliances include versions of Sophos Anti-Virus that contain multiple vulnerabilities that could allow an unauthenticated, remote attacker to gain control of the system, escalate privileges, or cause a denial-of-service (DoS) condition, according to a Cisco advisory
THREAT POST
First Windows 8 And Windows RT Security Updates Due Next Week
Microsoft’s next Patch Tuesday will include six bulletins covering 19 vulnerabilities, including patches Windows 8 and Windows RT
FIERCE GOVERNMENT IT
FBI Looks For Mobile Biometric Capture Software
Agency says it is in the market for software that would permit mobile devices to capture biometric data, including fingerprints, iris prints, and faces
GOVERNMENT COMPUTER NEWS
NIST Spells Out Baseline Security Requirements For Next-Gen Mobile Devices
Government agencies now being forced to accept security risks inherent in BYOD technology
AOL DEFENSE
Cyber Chief Issues Call For Action, Not More Talk; Alexander Outlines Who Does What
Top cyber commander offers his version of how government and military agencies are likely to work together
FIERCE GOVERNMENT IT
State Department Still Vulnerable To WikiLeaks-Style Breach, Say Auditors
Net-Centric Diplomacy system has logical access control weaknesses, report says
CSO ONLINE
Google Follows Apple's Lead With Android App Security Screening
Android 4.2 "Jelly Bean" uses trusted third-party to vet applications
MICROSOFT
Microsoft To Issue Six Security Updates On Patch Tuesday
Four of the updates considered critical, software giant says
KREBS ON SECURITY
Experts Warn Of Zero-Day Exploit For Adobe Reader
Software vendor says it is investigating previously-unknown hole in its widely used PDF Reader
REUTERS
Twitter Mistakenly Resets Passwords Of Large Number Of Users
Social networking site made error while conducting routine security screening, officials say
ZDNET
Pizza Hut Hacked, Customer Info Lost, Credit Card Details Safe
Pizza Hut Australia denies that 240,000 customer credit card details were stolen, but hackers gained access to customer information
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- How Hackers Fool Your Employees: People are your most vulnerable endpoint. Make sure your security strategy addresses that fact.
- Not All Or Nothing: Effective security doesn't mean stopping all attackers.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-3342 (acrobat_reader)
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 do not properly handle operating-system domain blacklists, which has unspecified impact and attack vectors.
CVE-2013-3341 (acrobat_reader)
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, and CVE-2013-3340.
CVE-2013-3340 (acrobat_reader)
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, and CVE-2013-3341.
CVE-2013-3339 (acrobat_reader)
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3340, and CVE-2013-3341.
CVE-2013-3338 (acrobat_reader)
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.