Best Of Web
Best Of The Web
INFOSECURITY MAGAZINE
Hacker Halted: Government Needs To Embrace Bug Bounty Incentive
Jeremiah Grossman, founder and CTO of WhiteHat Security told Hacker Halted attendees that governments have nothing to lose in using bug bounties and much to gain
THE REGISTER
Israeli Cops Penetrated By Army Of Fake Generals With Trojans
Israeli police departments went offline last Thursday after finding a Trojan especially targeted at law enforcement networks there
THREAT POST
Final Report On DigiNotar Hack Shows Total Compromise of CA Servers
Dutch CA DigiNotar's eight digital certificate-issuing servers were under complete control of the attacker who hacked them last year and may also have issued some rogue certificates that have not yet been identified
THREAT POST
California Attorney General Puts Mobile App Developers On Notice
California is cracking down on mobile application developers and companies that haven't posted privacy policies where users can easily find them
THE REGISTER
One Million Facebook Users' Names And Email Addresses: $5
A Czech blogger says he found name and email addresses of Facebook users for sale online for as low as $5 per million of them
PC MAGAZINE
Windows 8 Security: What's New?
Microsoft has made one significant security updates o Windows, including support for Hyper-V, BitLocker, a virtual private network client and group policy support, and Windows RT for ARM-powered devices
FORBES
Government-Funded Hackers Say They've Already Defeated Windows 8's New Security Measures
Vupen researchers say they have created an exploit that could take over a Window 8 machine running Internet Explorer 10, cheating security upgrades Microsoft built into the latest version of Windows
EWEEK
Sybase Adaptive Server Enterprise Security Patches Fail To Fix Flaws
Sybase will issue new patches to replace updates to its Adaptive Server Enterprise product that did not fully fix 10 vulnerabilities
NEXTGOV
Pentagon Cyberthreat-Sharing Program Lost Participants
Five of the initial 17 members of the Defense Industrial Base Enhanced Cybersecurity Services group have dropped out of the program and are looking at other options
THREAT POST
FBI Moves To Identify More Hackers
The FBI says it���s ramping up its efforts to go after the people behind phishing, credit card fraud and other campaigns
SOFTPEDIA
Anonymous Hacks Greek Ministry Of Finance To Protest Against Austerity Measures
Anonymous has dumped confidential documents and user credentials the say they stole from the systems of Greece’s Ministry of Finance
NORMAN BLOGS
New Norman Video Series Features Corporate Leaders And Security Experts To Raise Awareness During Cyber Security Awareness Month
SCADA and industrial control systems are not synonymous: SCADA is just one type of ICS, and focusing on just SCADA threats is just one piece of the puzzle
COMPUTER WEEKLY
Cyber Security At US Energy Agency Found Wanting
The U.S. Energy Dept. Inspector General says the government���s largest power transmission agency used a default password to protect its electricity scheduling database and regularly failed to update security software
THE REGISTER
Hackers Crack Texan Bank, Experian Credit Records Come Flooding Out
Hackers stole login credentials for Experian's credit scoring reports after they broke into the systems of Abilene Telco Federal Credit Union last year
ZDNET
Google, Yahoo And Microsoft Fix Email Security Flaw
The three companies have added longer keys to sign emails from their domains after spoofing risk exposed
THE REGISTER
'Huawei Partner' Tried To Sell U.S. Tech To Iran
Huawei supplier offered to sell American-made equipment to Iran in a deal that would have broken sanctions, Reuters report says
ECOMMERCE TIMES
Feds Find Email Encryption Can Backfire
Encryption of outbound email can create a false sense of security since DLP and email inspection gateways can't inspect encrypted email
THREAT POST
Attorneys Warn Of Increased Risk Of Big Data Breach Lawsuits
'Big data' and cloud computing are raising the level of risk for companies hit by breaches
SOFTPEDIA
DOS Vulnerability Found in Wireless Chips Used By Apple, HTC, Samsung, Ford, Others
Researchers from Core Security's Core Impact team have uncovered a remotely exploitable vulnerability in Broadcom BCM4325 and BCM4329 wireless chipsets that could used to launch a denial-of-service attacks
THE WASHINGTON POST
China Blocks New York Times Web Site After Report On Leader's Wealth
Article about the massive wealth accumulated by the family of Prime Minister Wen Jiabao prompted the Chinese government to block The New York Times website
ARS TECHNICA
Backdoor In Computer Controls Opens Critical Infrastructure To Hackers
CoDeSys software used to manage equipment in power plants, military environments, and nautical ships contains an undocumented backdoor that could allow malicious hackers to access sensitive systems
CNBC
Lockheed, Intel, Others Team Up To Tackle Cyber Challenges
New nonprofit research consortium Cyber Security Research Alliance (CSRA) will also include Advanced Micro Devices, Honeywell International and EMC Corp.'s RSA Security division as founding members
VOICE OF AMERICA
Saudi Cyber Attack Seen As Work Of Amateur Hackers Backed By Iran
Methods used by Iranian attackers to damage Saudi Aramco pose new challenges to other companies in the region
BCS
Britain Faces Hourly Cyber Attacks
Foreign secretary says not an hour goes by when the U.K. is not under attack
THREAT POST
Verizon DBIR Analysis: Opportunistic Attacks Crushing Certain Industries
Hospitality, retail industries under the gun from attacks that more opportunistic than targeted, study says
ARS TECHNICA
Phony Certificates Fool Faulty Crypto In Apps From AIM, Chase, And More
Researchers conclude "SSL certificate validation is completely broken" in many places
PERIMETER E-SECURITY
Rising Mac And Public Wi-Fi Use Poses New Risks To Businesses
More heterogeneous, mobile work environments could put data in jeopardy, study says
NSS LABS
Browser Security Comparative Analysis: Socially Engineered Malware
Some browsers are better at blocking malware than others, test lab says
TEAM SHATTER
Sybase: Disclosed But Unpatched Vulnerabilities
Database company releases urgent notice announcing patches for 12 vulnerabilities
BLOOMBERG
Hacker Attack Warnings Don't Budge Opposing Sides On Cyber Bill
White House, U.S. Chamber of Commerce dig in to opposing positions on cybersecurity legislation
THE NEW YORK TIMES
In Cyberattack On Saudi Firm, U.S. Sees Iran Firing Back
Someone with privileged access to Saudi Aramco computers planted the destructive virus that erased data on three-quarters of Aramco?s corporate PCs and replaced it with an image of a burning American flag
COMPUTERWORLD
Adobe Patches Six Critical Flaws In Shockwave Player
Adobe fixed six critical vulnerabilities in Shockwave Player, including buffer overflow vulnerabilities and an out-of-bounds array flaw
THREAT POST
Judge Rules Against Consumers' Claims In PlayStation Hack Lawsuit
A Southern California judge shot down a class-action lawsuit filed in response to Sony's handling last year of a data breach that left millions of users at risk
SECURITY WEEK
Huawei Says It Would Offer Access To Its Source Code Via Independent Testing Center
Chinese telecommunications vendor Huawei offered Australia a way to verify its source code and equipment to allay fears
INFOSECURITY MAGAZINE
Sony PS3 Hacked Again
A hacking group called the Three Muskateers has leaked the PS3's LVO decryption keys
MOBILE BURN
T-Mobile To Pre-Load Lookout Mobile Security On Android Smartphones And Tablets
Security app will first be packaged with LG Optimus L9 and Samsung Galaxy Tab 2 10.1
WIRED
How A Google Headhunter's E-Mail Unraveled A Massive Net Security Hole
A mathematician found in a phishing email that Google was using a weak cryptographic key to certify its email domain
THE REGISTER
Microsoft Has No Plans For A Second Windows 7 Service Pack
Sources close to Microsoft say there will be no second Windows 7 SP but rather patches released each month until support for Windows 7 comes to an end
NEXTGOV
Retired OMB IT Chiefs Urge Federal Cyber Policy Rewrite
Veteran IT leaders press Obama to overhaul federal policy now, without legislation
TECH NEWS WORLD
Standing Your Ground Against Cybermuggers
Users know not to open attachments from strangers, but most don't know to take the same precautions on social networks or Skype
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
- Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-3562
Multiple integer signedness errors in the tvb_unmasked function in epan/dissectors/packet-websocket.c in the Websocket dissector in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (application crash) via a malformed packet.
CVE-2013-3561
Multiple integer overflows in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (loop or application crash) via a malformed packet, related to a crash of the Websocket dissector, an infinite loop in the MySQL dissector, and a large loop in the ETCH dissector.
CVE-2013-3560
The dissect_dsmcc_un_download function in epan/dissectors/packet-mpeg-dsmcc.c in the MPEG DSM-CC dissector in Wireshark 1.8.x before 1.8.7 uses an incorrect format string, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
CVE-2013-3559
epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.8.x before 1.8.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (integer overflow, and heap memory corruption or NULL pointer dereference, and application crash) via a malformed packet.
CVE-2013-3558
The dissect_ccp_bsdcomp_opt function in epan/dissectors/packet-ppp.c in the PPP CCP dissector in Wireshark 1.8.x before 1.8.7 does not terminate a bit-field list, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.