Best Of Web
Best Of The Web
COMPUTERWORLD
Ransomware Leverages Victims' Browser Histories For Increased Credibility
Visited websites are listed as source of illegal material in order to make bogus police messages more believable
CNET
Russian Government Selectively Blocks Site Access
New law requires major websites to restrict material that officals find objectionable
GITHUB
IDA Pro Script To Add Some Useful Runtime Info To Static Analysis
Script records function calls (and returns) across an executable using IDA debugger API
THE REGISTER
Call Centers Under Attack In Targeted Cyber-Blackmail Scheme
Crooks blasting public safety phone lines with calls, Department of Homeland Security says
NETWORK WORLD
Authorities Bust Global Credit Card Fraud Network Targeting POS Terminals And ATMs in Europe
Europol says criminal group rigged POS devices in European shopping centers with rogue card readers and malware
THE NEW YORK TIMES
Cyberattacks Seem Meant to Destroy, Not Just Disrupt
American Express's website was taken offline for two hours in latest of DDoS attacks against American financial institutions that began last fall
THE WALL STREET JOURNAL
Cyber Attack Thought To Originate In Russia
DDoS attack on Spamhaus appears to have been launched by a gang of hackers from Russia and neighboring countries, says the head of a Russian firm
CSO ONLINE
New U.S. Law Tightens Screws On Chinese Cyberespionage
Obama signs law requiring NASA, Justice and Commerce departments get clearance from the FBI before buying IT systems from China-related firms
ARS TECHNICA
When Spammers Go To War: Behind The Spamhaus DDoS
The Spamhaus blacklist is widely used and successfully blocks a lot of unwanted e-mail and occasional good email, but Spamhaus' users willing to take that risk
SECURITY WEEK
Anonymous Supporter Charged With DDoS Attack On Koch Industries
Wisconsin man is charged alleged role in DDoS attacks against Koch Industries during Anonymous' OpWisconsin in 2011
REUTERS
Quarter Of U.S. Firms In China Face Data Theft: Business Lobby
Some 26 percent of the American Chamber of Commerce in China say their proprietary data or trade secrets had been compromised or stolen from their China operations
THREAT POST
Phishing Campaign Using Military, Illicit Attachments
New spam campaign with attachments offering better sex tips and news about newly developed Chinese stealth frigates loaded with malware
WIRED
Anonymized Phone Location Data Not So Anonymous, Researchers Find
New research found that anonymized mobile phone data actually emits a GPS fingerprint that can be used to ID a user
THREAT POST
Critical Flaw Threatens Millions of BIND Servers
Several several current versions of the BIND name server software contain flaws that could allow an attacker to knock vulnerable DNS servers offline or compromise other applications running on those machines
FAST COMPANY
U.S. Government Cracks Down On Importing Chinese-Made Digital Products
New legislation written by Congress would limit federal procurement of Chinese-made equipment
THE ECONOMIST
The Digital Arms Trade
Nearly all well-financed intelligence agencies purchase exploits
CNET
Wells Fargo Site Hit By Denial-Of-Service Attack
Bank���s website hit by DDoS attack this week, but branches and ATMs not affected
CSO
Evernote Account Used To Deliver Instructions To Malware
New malware uses the note-taking service Evernote as a place to pick up new instructions and commands
BARRACUDA LABS BLOG
Spammers Disguise Links Using Google Translate
Spammers are now hiding links using Google Translate as a way to evade detection
THE WASHINGTON POST
Egypt: Naval Forces Capture 3 Divers Trying To Cut Undersea Internet Cable
Three scuba divers were caught trying to cut an undersea Internet cable in the Mediterranean on Wednesday
SECURITY WEEK
Exclusive: New Malware Targeting POS Systems, ATMs Hits Major US Banks
New malware targeting point-of-sale systems and ATMs has stolen payment card information from several US banks, researchers say. The author behind the malware appears to have links to a Russian cybercrime gang
HACKREAD
AVG South Africa Hacked, 10,000+ Product Keys Leaked by Over-X from Algeria
AVG South Africa Hacked, 10,000+ Product Keys Leaked by Over-X from Algeria
RAPID7 BLOG
There's A Hole In 1,951 Amazon S3 Buckets
A misconfiguration in Amazon's Simple Storage Service exposes more than 28,000 PHP source files were with database usernames, passwords, and API keys, as well as log backups and other sensitive information
SECUREWORKS BLOG
Stels Android Trojan Malware Analysis
New Android Trojan steals text messages, including two-factor authentication information
COMPUTERWORLD
Victim Of $440K Wire Fraud Can't Blame Bank For Loss, Judge Rules
Choice Escrow and Title LLC failed to follow its bank's recommended security procedures and so only had its self to blame, court says
THREAT POST
Spear Phishing Cause of South Korean Cyber Attack
F-Secure says a spearphishing email started the attacks on South Korean banks and media outlets
Mobile phone a more accurate identifier of individuals than their own fingerprints, MIT researchers say
SQL Injection In The Wild
Unorthodox SQL Injection attempt tries to subvert a traffic monitoring system via a novel vehicle license plate
UCONN DAILY CAMPUS
Harvard Email-Hacking Sparks Information Security Debate
The recent email-hacking controversy at Harvard University has led to the questioning of information security policies at Harvard and other universities nationwide
SECURITY LEDGER
Mobile Phone Use Patterns: The New Fingerprint
Mobile phone a more accurate identifier of individuals than their own fingerprints, MIT researchers say
THE WASHINGTON POST
Chinese Citizen Sentenced In Military Data-Theft Case
Sixing Liu, who worked in L-3's space and navigation division, was sentenced in federal court here to five years and 10 months for taking thousands of files a disk resonator gyroscope and other defense systems to China in violation of a U.S. arms embargo
THREAT POST
LinkedIn Patches XSS And CSRF Vulnerabilities
LinkedIn patched multiple flaws that could have led to phishing attacks, malware infections and stolen credentials
SECURELIST
Android Trojan Found In Targeted Attack
Targeted phishing attack against activists and human rights advocates came with an APK attachment, a malicious program for Android
PC WORLD
McAfee Warns Of Malware Targeting Point-Of-Sale Systems
New malware dubbed vSkimmer is for sale on the black market is being used to steal payment card data from point-of-sale (POS) systems
LENNY ZELTSER BLOG
Two-Step Authentication For Apple ID Consistent With Trends
To activate it, sign into My Apple ID and go to the Password and Security area, where you can specify which devices associated with your Apple ID to use as the second authentication token
THE WASHINGTON TIMES
U.S.-Israeli Cyberattack On Iran Was 'Act Of Force,' NATO Study Found
Stuxnet, which crippled Iran's nuclear program by sabotaging plant systems, constituted 'an act of force' and was likely illegal under international law, according to NATO's cyber defense center
FORTIGUARD BLOG
Digital Attack On Korean Networks: Wipers, Time-Bombs And Roman Soldiers
The attack made use of two different droppers, in charge of dropping wipers
PC WORLD
Security Experts Warn About Iran And North Korea Hackers
Iran and North Korea may be driven to attack the U.S. out of desperation to maintain their political regimes in the face of global isolation, the director of the Homeland Security Policy Institute says
THREAT POST
XSS Flaw in WordPress Plugin Allows Injection of Malicious Code
Newly disclosed vulnerability in a plugin that displays ad banners on WordPress sites lets an attacker to inject malicious JavaScript or HTML code
REUTERS
Top China College In Focus With Ties To Army's Cyber-Spying Unit
Several papers on computer network security and intrusion detection were co-authored by researchers at PLA Unit 61398 and faculty at Shanghai Jiaotong University
CNET
GSA Breach Highlights Dangers Of SSNs As IDs
A recent security breach at the U.S. General Services Administration demonstrates the dangers of using your Social Security Number for identification
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
- Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-3496 (vipnet_client, vipnet_coordinator, vipnet_personal_firewall, vipnet_safedisk)
Infotecs ViPNet Client 3.2.10 (15632) and earlier, ViPNet Coordinator 3.2.10 (15632) and earlier, ViPNet Personal Firewall 3.1 and earlier, and ViPNet SafeDisk 4.1 (0.5643) and earlier use weak permissions (Everyone: Full Control) for a folder under %PROGRAMFILES%\Infotecs, which allows local users to gain privileges via a Trojan horse (1) executable file or (2) DLL file.
CVE-2013-2849 (chrome)
Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome before 27.0.1453.93 allow user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) drag-and-drop or (2) copy-and-paste operation.
CVE-2013-2848 (chrome)
The XSS Auditor in Google Chrome before 27.0.1453.93 might allow remote attackers to obtain sensitive information via unspecified vectors.
CVE-2013-2847 (chrome)
Race condition in the workers implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via unknown vectors.
CVE-2013-2846 (chrome)
Use-after-free vulnerability in the media loader in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2013-2840.