Best Of Web
Best Of The Web
MICROSOFT
'Critical' PowerPoint Vulnerability To Be Patched
Microsoft next Tuesday will issue a security fix for a bug in PowerPoint that could allow an attacker to execute code remotely on the victim's machine
SPAMFIGHTER
Four Held In Charges of Spamming U.S. Universities
A federal court has charged three U.S. residents and one Chinese man of phishing attacks that experts say hit nearly every U.S. university and college
CNET
Women More Affected By ID Fraud, Study Finds
Nearly 30 percent of U.S. women have been victimized by identify theft versus 21 percent of men
THE REGISTER
Data-Sniffing Attack Costs Heartland $12.6M
Electronic payments processor Heartland Payment Systems has allocated $12.6 million to cover its data breach that exposed card holder data
THE NEW YORK TIMES
E.U. To Consider More Stringent Reporting Of Data Breaches
The European Commission plans to crack down on businesses, agencies, and organizations in Europe to notify consumers when they lose sensitive customer data
THE TIMES/SOUTH AFRICA
Hackers Target Confed Cup Fans
Soccer fans should beware of cybercriminals targeting them with ads for cheap tickets and accommodations for the upcoming FIFA Confederation Cup and the 2010 World Cup
ESET
ESET's Global Threat Trends Report For April 2009
Conficker and AutoRun were the top two threats last month
TECHWORLD
Researchers Renege On Security Flaw Promise
Indian security researchers release proof-of-concept code that can be used to take control of a Windows 7 machine after they promised not to release it for fear it would be abused by bad guys
DAILY TECH
New Mac Virus Is A Worm, But Can't Pose Threat Due To Amateur Mistake
Trojan attacking Apple machines via pirated iWork software proves insignificant, but may be a sign of things to come
SEARCH FINANCIAL SECURITY
Organization Aims To Develop Encryption Standard For Card Data
A standards group is developing an open standard for encrypting cardholder data at the point of sale terminal and keeping it encrypted as it is sent to the payment processing system
CSO
New Cyber-Security Standards For N. American Power System
The North American Electric Reliability Corp.'s board of trustees has approved changes that make cybersecurity compliance for the electric industry more stringent
AP
Va. Gov Says State Won't Pay Hacker Ransom
Virginia Governor Tim Kaine says the state won't pay a $10 million ransom to the hacker or hackers who accessed millions of personal records from the state's prescription drug database
NETWORK WORLD
Microsoft Lays Off 3,000, Won't Be Done Until June, 2010, Says Ballmer
Ballmer says Microsoft will monitor economic downturn and possibly eliminate more jobs later
SOFTPEDIA
Grid Computer Vendor Offers DDoS Testing
Parabon offers on-demand distributed denial-of-service attacks to help companies test their networks
MX LOGIC
May 2009 Threat Forecast: Mega-Botnet Could Emerge
Conficker has been getting periodic updates from rival botnet gang Waledac, suggesting the two may be working together
SLASHDOT
McAfee Sites Vulnerable To XSS Attack
ReadWriteWeb discovered a security hole on several McAfee Websites that allows an attacker to abuse the company's reputation and brand in order to distribute malware, Trojans, etc.
WSAZ.COM
W.Va. Bar Says Internal Network, Web Site Hacked
The West Virginia State Bar has warned its members of potential identity theft after someone hacked into the organization's Web site and internal computer network
WASHINGTONPOST.COM
Equifax Outage Halts Credit Freezes, Fraud Alerts
A computer outage at Equifax that began during the weekend is still wreaking havoc on the online credit reporting bureaus operations
ZDNET
Critical Security Hole In Google Chrome
Google has patched a pair of vulnerabilities in Chrome
THE REGISTER
Firefox Users Caught In Crossfire Of Warring Add-Ons
NoScript's developer had admitted, and apologized for, adding code that worked around the EasyList filter used by Adblock Plus in order for ads on his Websites to display on browsers using Adblock
IBM ISS Frequency X Blog
Image Spam Reborn
IBM ISS says 15 to 22 percent of all spam in April was image spam
WIKILEAKS.ORG
Over 8M Virginia Patient Records Held To Ransom
Hacker encrypts data and backup, asks $10M for the decryption key
INTERNET NEWS
Cyber Threats To Health IT, Smart Grid All Too Real
Experts tell Congress that attacks on public health and safety could happen
NETWORK WORLD
USA (And IE) Number One For Botnet Mayhem
Finjan study indicates that half of U.S. PCs are botnet-infected, and most are running IE
H ONLINE
Study Says Silent Updates Enhance Security
Automatic browser updates that don't involve users are the way to go, security experts say
STOCKPOINT
Consumer Reports Survey: One In Five Consumers Has Fallen Victim To Cybercrime
Losses total $8 billion over the past two years, report says
OTAGO DAILY TIMES
Teens Lax Over Online Security
In survey, most say they don't believe attacks will happen to them
NETWORK WORLD
In The Trenches, As The Threats Evolve
Researcher offers recollections of exploits and shifts in attacker strategies
CIO
Security Worries Hinder Plans For Social Networks
Half of organizations are delaying plans for collaborative technology due to security worries, report says
DAILY NEWS SRI LANKA
Sri Lankan Army Site Hacked
Attack causes Sri Lankan military to pull the plug on site for several hours
TMCnet
South Korea, U.S. Agree To Join Forces To Fight Cyberterrorism
Pact will enable countries to exchange cybersecurity information
TIMES OF INDIA
Interpol Warns Against Cybercriminals Trying To Cash In On H1N1 Flu
Traditional spam, phishing scams branching into offers of fake drugs
REUTERS
EU Urges Internet Governance Revamp
ICANN should be separated from its U.S. government roots, European Union says
MARSHAL8e6
Spam Traffic Spikes
Heavy increase in spam is showing up across the Web, researcher says
FORBES
Cybersecurity's Twitter-Fast Shifts
After several attacks, microblogging site may not be as harmless as it seems
MSN.COM
Twitter Security Breach Hits Barack Obama's Account
Hacker posts private details of president's account
THE STAR MALAYSIA
Beware, Your Data Is On Sale
Simple experiment results in surprising amount of personal data on consumers
NEMESIS
Multiple Bugs Found On McAfee Website
Hacker outlines potential vulnerabilities on security vendor's site
eWEEK
Lawmakers Move To Secure Electric Grid
New law would expand authority of Homeland Security and utility regulators to set security standards
NETWORK WORLD
From Computers To Crime Busting
Mild-mannered CIO helps authorities nab the bad guys
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
- Three Principles to Improve Data Security and Compliance
- Aligning IT with strategic business goals: A proactive approach to managing IT risk to your business
- Connecting the Dots: Are You Seeing the Complete Big Data Picture?
- How crowdsourced testing has changed the game for innovative software companies
- Ensuring Your Apps Work in the Real World
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
- Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-3562
Multiple integer signedness errors in the tvb_unmasked function in epan/dissectors/packet-websocket.c in the Websocket dissector in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (application crash) via a malformed packet.
CVE-2013-3561
Multiple integer overflows in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (loop or application crash) via a malformed packet, related to a crash of the Websocket dissector, an infinite loop in the MySQL dissector, and a large loop in the ETCH dissector.
CVE-2013-3560
The dissect_dsmcc_un_download function in epan/dissectors/packet-mpeg-dsmcc.c in the MPEG DSM-CC dissector in Wireshark 1.8.x before 1.8.7 uses an incorrect format string, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
CVE-2013-3559
epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.8.x before 1.8.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (integer overflow, and heap memory corruption or NULL pointer dereference, and application crash) via a malformed packet.
CVE-2013-3558
The dissect_ccp_bsdcomp_opt function in epan/dissectors/packet-ppp.c in the PPP CCP dissector in Wireshark 1.8.x before 1.8.7 does not terminate a bit-field list, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.