Best Of Web
Best Of The Web
INFORMATION WORLD REVIEW
Recession Raises Info Security Risks
PricewaterhouseCoopers study says most enterprises not fully aware of the dangers
eSECURITY PLANET
Microsoft Says Most File Exploits Avoidable
More than 90 percent of attacks exploit a single vulnerability that was patched two years ago
COMPUTER WEEKLY
Police E-Crime Unit Collars Ex-Soviet Gang In First Strike
Nine suspects allegedly used a Trojan aimed at banks
IT SECURITY PORTAL
Majority Of Consumers Use Same One Or Two Passwords For All Websites
Gartner study says poor password choices may increase risks for users
FORBES
The Feds' Timely Cyber Alarm
Reports on vulnerabilities in electrical grid are no surprise, but the fact that some feds are talking about them is
SC MAGAZINE
Warnings Made To Smartphone Users Over Sexy View Worm
Social engineering exploit uses contacts in phone to spread
CSO
Federalizing Cybersecurity: Necessary Or Nitwitted?
Proposed law would increase oversight of critical infrastructure, but anything more would likely be a mistake
TECH RADAR
Spammers Recovering From McColo Shutdown
Spam levels back on the rise, Symantec study says
UPI
Italian Cops Close Quack Quake Website
Bogus science site predicted another major earthquake for Italy
ZDnet
Paul McCartney's Official Site Serving Malware
Breach may have occurred through stolen FTP accounting data
ENTERPRISE SECURITY TODAY
High-Tech Heists A Risk For Banks
Breaches of payment processors could net millions of dollars for savvy criminals
SC MAGAZINE
Security Policies Should Now Include Twitter
Sharing of links between groups of followers could present significant threat, report says
TMCnet
South Korean Finance Ministry Penetrated By Chinese Hackers
Attackers reportedly gained access to classified information and financial policies
SITE NAME HERE
Black Hat Promises News Of Major Security Flaw
Black Hat Europe organizations say one of the presentations could affect anyone using the Internet, but wouldn't give details
COMPUTERWORLD
FBI Claims ISP Stole Millions From AT&T, Verizon
After raiding a Dallas collocation facility last week, FBI is investigating whether AT&T and Verizon were allegedly duped into providing more than 120 million minutes of telephone service to criminals
CNET
Pentagon Spends Over $100 Million On Cyberattack Cleanup
The U.S. military spent more than $100 million in the past six months in the wake of Internet attacks and network problems
TECHWORLD
HED HERE
BLURB HERE
CISCO SECURITY ADVISORY
Multiple Vulnerabilities In Cisco ASA Adaptive Security Appliance, Cisco PIX Security Appliances
Denial-of-service and authentication bypass bugs found in Cisco devices
CIO
Researcher's Death Casts Pall Over Major TCP Fix
Jack Louis, the security researcher who discovered a major networking flaw in TCP, died recently in a fire at his home
KPMG
U.S. Consumers Believe Mobile Banking Is Important, But Security, Privacy, Cost Cited As Major Barriers To Mass Adoption
More than 90 percent of U.S. respondents said they have never tried banking via a mobile device
THE TECHNOLOGIZER
Spybot S&D Claims Other Anti-Malware Providers Playing Dirty
Spybot creators say Trend Micro, Kaspersky Labs, and McAfee's setup applications conflict with SS&D's TeaTimer.exe and cause the app to become unstable
INFORMATION WARFARE MONITOR
Greenpeace Targeted By Sophisticated Cyber-Espionage
New evidence implies cyber-espionage attack against Greenpeace was wider than thought
THE REGISTER
Realtors Charged With Glengarry Glen Ross-Style Rival Hack
Three RE/MAX real estate agents in North Carolina allegedly hacked into a competitor's Webmail account
MED PAGE TODAY
Physicians Under Gun To Comply With 'Red Flag' Identity Theft Rules
Hospitals and doctors' offices have to comply with FTC's identity theft rules in less than a month -- or else face fines of $2,500 per violation
VNUNET
Twitter Downplays Google Purchase Rumors
In response to reports of Google purchasing Twitter, Twitter co-founder Biz Stone says his company talks with other companies "regularly" on "variety" of topics
GOVERNMENT COMPUTER NEWS
How NIST Put DNSSEC Into Play
Digital signing of the .gov top-level domain was step one for DNS Security Extensions adoption by the feds; next is for agencies to sign their second-level domains by the end of 2009
THE SEATTLE TIMES
6,000 UW Workers' Personal Information At Risk
University of Washington employees are notified their names and Social Security numbers were on a hacked parking-management computer system
FINEXTRA
London Card Cloning Gang Accused Of Stealing ��3.5M
Global credit card cloning ring steals ��3.5 million in just a few days
ZDNET BLOG
Microsoft Will Allow Windows 7 Users To Downgrade To XP
Microsoft and partners will let Windows 7 users downgrade to both Vista and XP, Microsoft officials say
NEXTGOV
White House To Oversee Coordination Of Cybersecurity Efforts
Officials in Obama administration confirmed that the White House plans to oversee the coordination of securing networks governmentwide but will play more of a guidance role
COMPUTERWORLD
Conficker Copycat Prowls For Victims, Says Microsoft
An older worm called Neeris has copied some of Conficker's attack strategies, Microsoft researchers say
THE WASHINGTON POST
Report Says Interior Dept. Failed To Secure Network
Vulnerabilities weren't fixed years after experts warned the U.S. Dept. of Interior that its network was wide open to hacking, making it difficult to determine if it had since been hacked, according to a new internal report
ALL BUSINESS
Former U.S. Secretary Of Homeland Security Michael Chertoff To Lead Security And Risk Management Firm
The Chertoff Group will advise businesses and government clients
CBCNEWS
Smartphone Viruses Can't Spread Well -- Yet
No smartphone operating system is pervasive enough to allow the spread of a virus, but at some point that could all change, according to a new study
MX LOGIC
MX Logic Threat Forecast & Report
Healthcare scams top spam messages, and Waledac used Geo-IP to localize spam
TRUST DEFENDER BLOG
New Nearly Undetectable Version Of Mebroot/Sinowal/MBR/Torpig In The Wild
New version of dangerous Trojan Mebroot/Sinowal/MBR/Torpigt defeats all detection tools and methods, researchers at TrustDefender say
ZDNET BLOG
Microsoft Delays Stirling Security Suite Until Late 2009/Early 2010
Customer requests for interoperability between Stirling and other vendors' security tools, plus a new zero-day prevention feature, has delayed rollout
PC WORLD
IBM Sees Conficker Hitting 4 Percent Of PCs
IBM's Internet Security Systems says Conficker has infected 4 percent of the IP addresses it has scanned
SEARCHSECURITY
HIPAA Enforcement Getting Stronger
So far HIPAA has resulted in only two organizations being sanctioned, but all that is changing
SILICON.COM
Google 'Poised To Buy Twitter'
Google is in "late stage" talks to acquire Twitter, according to a report on TechCrunch
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
- Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-3270 (vnx_control_station, celerra_control_station)
EMC VNX Control Station before 7.1.70.2 and Celerra Control Station before 6.0.70.1 have an incorrect group ownership for unspecified script files, which allows local users to gain privileges by leveraging nasadmin group membership.
CVE-2013-1014 (itunes)
Apple iTunes before 11.0.3 does not properly verify X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate.
CVE-2013-1011 (itunes)
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
CVE-2013-1010 (itunes)
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
CVE-2013-1008 (itunes)
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.