Best Of Web
Best Of The Web
SYMANTEC
Symantec Intelligence Report: September 2012
How attackers administer the Web servers they use to spread spam and malicious code
MASHABLE
3G Security Flaw Could Let Anyone Track Your Phone
Attackers could use rooted femtocell device to perform man-in-the-middle attacks
THREAT POST
Dorkbot Now Worming Its Way Through Skype
Worm that fooled many Facebook and Twitter users is now scamming Skype
SC MAGAZINE
U.S. Banks Could Be Bracing For Wave Of Account Takeovers
RSA warns that attackers are planning to raid the bank accounts of customers at some 30 U.S. banks
ZDNET
Adobe And Microsoft Release Flash Security Updates In Sync
Flash Player and Air get quick updates to close security holes
INFOSECURITY MAGAZINE
Microsoft Will Reject 'Weak' Digital Certificates From Tomorrow
Starting tomorrow, Microsoft will enforce the use of longer-length encryption keys for digital certificates
SECURITY WEEK
Former Verizon Engineer Sentenced For Cisco Equipment Scam
Michael W. Baxter, a former network engineer for Verizon Wireless, abused his access to a procurement system and used an extended warranty contract from Cisco to obtain parts that were valued at $40,000 per item or more
SYMANTEC BLOG
The Russian Mastermind Behind Backdoor.Proxybox
Symantec researchers found the that the man behind a recent backdoor proxy attack is someone with a Ukrainian name living in Russia
HITMANPRO.BLOG
New TDL4 Strain Very Successful In Hiding From AV
HitManPro has found binary samples of yet another version of the TDL4 rootkit that has infected many Fortune 500 companies
THE HACKER NEWS
Universal Cross-Site Scripting
A cross-site scripting vulnerability in Opera browser was revealed today on a Russian forum rdot.org
THE WASHINGTON POST
Report: Iran Blocks Cyberattack On Its Oil Drilling Platforms
Iran says it has stopped cyberattack on the computer network of its offshore drilling platforms, and the IT head of Iran's state offshore oil company blames Israel for the attack, according to an Iranian news agency
GFI BLOG
Skype Users Targeted With Ransomware And Click Fraud
A worm spreading to Skype users is employing ransomware and click fraud
SC MAGAZINE
Only One Critical Patch Among Seven Expected From Microsoft Next Week
Next week's Patch Tuesday contains only one critical fix -- for vulnerabilities in Microsoft Word
THREAT POST
Malware Signed By Adobe Certificate Only Used In Limited Targeted Attacks
Adobe"s now-revoked code-signing certificate that had been used by attackers to sign several malicious utilities has only been used in targeted attacks, Microsoft says
SOFTPEDIA
TinKode Gets 2-Year Suspended Jail Term, Ordered To Pay $120,000
Cernaianu Manole Razvan, who goes by the hacker handle TinKode and was arrested in January in connection with breaching systems at the European Space Agency, NASA, and the Royal Navy, was given a two-year suspended sentence and a fine of $120,000 by a Romanian court
DAILY MAIL
Google Admits Middle Eastern Governments Could Be Spying On Its Users As It Warns Of 'State-Sponsored' Hacking Attacks
Google's new effort to warn its users that they could be the victims of cyberattacks from hostile governments is under way
THE LOCAL.SE
New Attack Knocks Out Government Sites
Several Swedish government agency websites were taken down in an apparent attack by Anonymous
MEDIAPOST
Cybercriminals Are Becoming Sophisticated Marketers
Cybercriminals are increasing relevancy and personalization to improve the success of their targeted spearphishing, and often legitimate marketers themselves fall for these highly targeted and intelligent attacks
CONSTANT CONTACT
Your Income Tax Payment Didn't Fail: It's A Scam
A new scam posing as an IRS email says your federal tax bank transfer failed and urges you to read the attached Word file, which contains malware
INFOSECURITY MAGAZINE
Cybercriminality Moves From Guerilla To Blitzkrieg
RSA has spotted a plot by cybercriminals to recruit 100 botnets for a coordinated criminal campaign against 30 American banks
REUTERS
Cyber Attackers Disrupt Internet In Iran: Official
Unidentified adversaries target Iranian infrastructure and communications companies
DAILY MAIL
Google Admits Middle Eastern Governments Could Be Spying On Its Users
Search engine giant warns of "state-sponsored" hacking attacks
H ONLINE
New Oracle Hacks Revealed
Security researchers present range of attacks at DerbyCon 2.0 conference
THREAT POST
Swedish Sites Attacked In Retaliation For Police Raid On Web Host
Nation's central bank and two government affiliates are among those hit, possibly by Anonymous
INFOSEC ISLAND
No Surprise -- Ransomware On The Rise
Industry will have achieved an estimated total of 100 million malware samples by Q3
SECURITY WEEK
U.S. Needs Offensive Weapons In Cyberwar, Says General Alexander
Totally defensive strategy can never be successful, U.S. Cyber Command chief says
SYDNEY MORNING HERALD
Identities Ripe For The Taking
Thousands of thieves are working full-time to steal Australians' identities, Biometrics Institute says
THE HACKER NEWS
Universal Man In The Browser Attacks
Researchers find new type of MitB attack that is website independent, and does not target specific sites, but instead collects data submitted to all sites
THE ATLANTIC
Hacktivist's Advocate: Meet The Lawyer Who Defends Anonymous
Lawyer Jay Leiderman says DDoS attacks are a form of global civil-rights protest and that the law should be changed on DDoS
ZDNET
Regulators Smash Global Phone Tech Support Scam Operation
The FTC announced a crackdown on a massive international computer tech support scam that allegedly swindled tens of thousands of consumers in six countries
THE HACKER NEWS
Cyberattack On Iran's Internet System Distrupts Iran Internet
Iranian officials said traffic 'of several gigabytes' slowed the country?s Internet service on Tuesday
NEW YORK TIMES BLOG
Google Warns Of New State-Sponsored Cyberattack Targets
Tens of thousands more Google users will begin to see a warning message in Gmail, Chrome, or Google's home page that t heir account may be under attack from "state-sponsored attackers," and Google says it has caught thousands more attempts than it expected since it began alerting users this summer
NAKED SECURITY BLOG
SHA-3 Hash Competition Concludes, And The Winner Is...Keccak!
Get ready for a new hash algorithm that replaces SHA-2
CNET
Swedish ISP Confirms Police Raid Targeted Illegal File-Sharing
Authorities raided Web hosting provider PRQ and seized three of its servers in search of piracy and copyright infringement sites
THREAT POST
New Strain Of Man-In-The-Browser Malware Refines Data Sent To Attacker In Real Time
Researchers at Trusteer have spotted a new type of man-in-the-browser attack that allows attackers to get real-time parsing of stolen data
COMPUTERWORLD
Cyberattacks On Banking Websites Subside -- For Now
DDoS defense vendor Prolexic says attackers have done their homework on victim networks and found "many weak spots"
SOFTPEDIA
Hackers Protest Against Mohammed Video By Defacing Australian Emergency Sites
Turkish hacker makes protest against infamous Innocence of Muslims video
EWEEK
White House Network Attack Highlights Need For Stronger Defenses
Security experts say U.S. should take more steps to defend its networks
THREAT POST
'Historic' DDoS Attacks Against Major U.S. Banks Continue
PNC Bank is the latest victim of hacktivists conducting campaign against major financial institutions
ARS TECHNICA
DSL Modem Hack Used To Infect Millions With Banking Fraud Malware
Even when PCs are locked down, modems and routers can still be compromised
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
- Three Principles to Improve Data Security and Compliance
- Aligning IT with strategic business goals: A proactive approach to managing IT risk to your business
- Connecting the Dots: Are You Seeing the Complete Big Data Picture?
- How crowdsourced testing has changed the game for innovative software companies
- Ensuring Your Apps Work in the Real World
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
- Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-3661
The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not check whether linked-list traversal is continually accessing the same list member, which allows local users to cause a denial of service (infinite traversal) via vectors that trigger a crafted PATHRECORD chain.
CVE-2013-3660
The EPATHOBJ::pprFlattenRec function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly initialize a pointer for the next object in a certain list, which allows local users to obtain write access to the PATHRECORD chain, and consequently gain privileges, by triggering excessive consumption of paged memory and then making many FlattenPa...
CVE-2013-3634
The SNMPv3 functionality on Siemens Scalance X200 IRT switches with firmware before X-200IRT 5.1.0 does not properly validate credentials, which allows remote attackers to execute arbitrary SNMP commands by leveraging knowledge of a username.
CVE-2013-3633
The web interface on Siemens Scalance X200 IRT switches with firmware before X-200IRT 5.1.0 relies on client-side privilege checks, which allows remote authenticated users to execute arbitrary commands via unspecified vectors.
CVE-2013-1022 (quicktime)
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted mvhd atoms in a movie file.