Best Of Web
Best Of The Web
BUSINESSWEEK
The Battle To Protect Confidential Data
A CEO's guide to securing intellectual property
COMPUTERWORLD
Security Flaws Exposed At Washington, D.C. Airports
Metropolitan Washington Airport Authority published document containing security data to its website
SOPHOS
Japan Rolls Out Stiff Fines And Jail Times For Illegal Downloads
Country cracks down hard on file sharing by punishing downloaders of pirated material
INFOSEC ISLAND
Five Ways BYOD Can Harm Your Company
A look at the key risks in allowing employees to use their own devices at work
REUTERS
Iran Unblocks Google Email Again After Officials Complain
Iranian authorities have reopened access to Google Gmail email service a week after blocking it after members of parliament complained about the shutdown
KREBS ON SECURITY
In A Zero-Day World, It's Active Attacks That Matter
IE users were exposed to active attacks against unpatched, critical vulnerabilities for months at a time, but is that really reason to switch browsers?
SECURITY WEEK
US Scholarships Aim To Close Cybersecurity Gap
The feds are offering full tuition, expenses, and a stipend at any of dozens of universities for students to get specialized cybersecurity training, in exchange for an equal number of years working for a federal agency
THREAT POST
New Android Malware App Turns Phone Into Surveillance Device
Researchers have created a new exploit that makes the Android's phone's camera to surreptitiously take photographs, and send that data off to a command and control server where an attacker could build a 3D model of the victim's environment
NAKED SECURITY BLOG
How Millions Of DSL Modems Were Hacked In Brazil, To Pay For Rio Prostitutes
Kaspersky Labs researcher says more than 4.5 million home DSL routers in Brazil were found to have been silently hacked by cybercriminals last year
QUALYS BLOG
CRIME: Information Leakage Attack Against SSL/TLS
A new attack against SSL/TLS focuses on how the encryption technology is used in browser
EWEEK
Cloud Security Vendor Qualys Goes Public
Qualys hopes to raise more than $98 million to invest in people, capital, sales and R&D
SOFTPEDIA
Databases Of 6 Spanish Government Websites Leaked By Anonymous
Anti-austerity protesters have hit several Spanish government websites, including the National Police, and now have leaked databases of he Group of the European People's Party (gppeuropeo.eu), Party of Zamora (ppzamora.com), Party of Aragon (pparagon.es), Council of State (consejo-estado.es), City of Alovera (alovera.es), and the Spanish Socialist Workers Party in Guaro (psoeguaro.es)
OODALOOP
State Sponsored Cyber Threats -- The Long View
When critical infrastructure and high-value targets are compromised not for espioinage or stealing intellectual propert, but to establish a foothold to diminish the operation of those infrastructures in the event of future hostilities
NCSU
Researchers Unveil New Technique To Detect Bots In Casual Online Games
NC State researchers came up with a way to detect bot accounts in online gaming without alerting the account holders
TOFINO SECURITY BLOG
Shamoon Malware And SCADA Security -- What Are The Impacts?
If this group behind Shamoon indeed are hacktivists, then this would be the first time a group of hobbyists and hacktivists have achieved results similar to what allegedly government's cyberwarfare teams have done in terms of destruction
RADWARE
Radware's ERT Analyzes 'Operation Ababil' And Wonders Who Was Really Behind The Attacks
The actual attack traffic didn't contain the attack tool that was published for use
THREAT POST
Attack On SCADA Vendor Telvent Raises Concerns
Dale Peterson of Digital Bond, a SCADA security consultancy, said that the attack is only one element of a larger campaign aimed at the ICS energy sector
FOREIGN POLICY
Pentagon Expanding Public-Private Cyber Information Sharing Program
The Defense Industrial Base Cybersecurity and Information Assurance (DIBCIA) program has opened up to a broader audience of companies and is now working with the Department of Homeland Security to develop a similar program for banks, utilities, Internet service providers, etc. to share information on cyberthreats with DHS
THE NEW YORK TIMES BLOG
Hackers May Have Had Help With Attacks On U.S. Banks, Researchers Say
The Izz ad-Din al-Qassam Cyber Fighters, which took credit for the attacks in online posts, likely had the backing of a nation-state or botnet
AMERICAN MEDICAL NEWS
Large Settlement For Data Breach Sends Message To Lock Up Laptops And Smartphones
The $1.5 million settlement agreement over a stolen laptop with the Massachusetts Eye and Ear Infirmary is a signal from the Dept. of Health and Human Services that a violation of the Health Insurance Portability and Accountability Act comes with consequences
ONESTOPCLICK
Mobile Malware Continues To Rise
Unique variants grew by a whopping 2180 percent between Q1 2011 and Q2 2012, study says
INFOSEC ISLAND
Surviving A Public Infrastructure Or Energy Grid Attack
What would you do if the lights suddenly went out? Organizations should have a plan
GOVERNMENT COMPUTER NEWS
The 20 Most Common Words In Phishing Attacks
Study offers a list of the most common file names and extensions used in phishing
TOFINO
Shamoon Malware And SCADA Security -- What Are The Impacts?
New type of attack poses new risks for critical infrastructure
SOPHOS
SourceForge Serves Up Malware-Infected phpMyAdmin Toolkit
MySQL administration tool could create big risks for enterprises
THE NEWS
U.S., Russian Experts Turn Up Volume On Cyber Security Alarms
Uncontrolled threats could return planet to an era without electricity or automatic transportation, experts say
SEATTLE TIMES
Biggest U.S. Banks Fail To Repel Cyber Threat
Well-organized Middle East hacker group has disrupted electronic banking operations of America's largest financial institutions
NEW YORK TIMES
Cyberwarfare Emerges From Shadows For Public Discussion By U.S. Officials
American cyberattack strategy is becoming a topic officials are willing to talk about
CSO ONLINE
Phony Facebook Application Security Tests? Say It Ain't So, Zuckerberg
A look at the Federal Trade Commission (FTC) report that Facebook operated a for-profit application security testing service that was "false and misleading� and basically a sham
COMPUTERWORLD
Wells Fargo Recovers After Site Outage
The bank may be latest victim in a string of cyberattacks on U.S. financial institutions
CSO ONLINE
Phony Facebook Application Security Tests? Say It Ain't So, Zuckerberg
A look at the Federal Trade Commission (FTC) report that Facebook operated a for-profit application security testing service that was "false and misleading� and basically a sham
SOFTPEDIA
Bank of America Website Reveals Details Of Random Users, Experts Find
Researchers from privateinternetaccess.com found that when they entered the transfer interface on the bank�s website, they were presented with the name, bank account, balance, email address and other details of an individual named Watson
THREAT POST
Google Releases Chrome 22 And Pays Out Nearly $30K In Rewards
Version 22 of the Chrome browser fixes multiple security flaws, and Google says it awarded close to $30,000 in rewards to security researchers who discovered the bugs
BETA BEAT
The Pakistan Cyber Army May Be Coming For Your Small Business Website
A hacktivist known as Sizzling Soul who says he�s with the Pakistan Cyber Army claims to have DDoS�ed 80 websites in protest of the recent anti-Muslim film
THE VERGE
Remote Wipe Attack Not Limited To Samsung Phones, Android Dialer May Be To Blame
The dialer used in some Android phones may be the culprit behind a flaw that could allow an attacker to remotely wipe a user�s phone
KREBS ON SECURITY
Chinese Hackers Blamed for Intrusion At Energy Industry Giant Telvent
Telvent Canada Ltd. said its internal firewall and security systems were breached and that attackers stole project files on one of its SCADA products for energy firms that integrates older systems with new smart grid technologies
REUTERS
Iran Sees Cyberattacks As Greater Threat Than Actual War
Country is prepared to defend itself, Revolutionary Guard commander says
CNET
Researcher Says 100,000 Passwords Exposed On IEEE Site
Info on workers at Apple, Google, and NASA was easily accessible, computer scientist says
SOPHOS
Twitter DMs From Your Friends Can Lead To Facebook Video Malware Attack
Scam attempts to fool twitter users into checking out contaminated Facebook video
TECHWORLD
Facebook Denies Reports Of Major Privacy Breach Despite User Complaints
Older private messages between Facebook Users suddenly appear on viewable Timelines, reports say
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- Endpoint Security: End user security requires layers of tools and training as employees use more devices and apps.
- Security Isn't A Piece Of Cake: It's time we rethink the conventional wisdom about security layering.
- BYOD Is Here To Stay: Trying to keep employees' devices off the network is futile.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-3927
Unspecified vulnerability in the client library in Siemens COMOS 9.2 before 9.2.0.6.10 and 10.0 before 10.0.3.0.4 allows local users to obtain unintended write access to the database by leveraging read access.
CVE-2013-3647
The WebView class in the Cybozu Live application before 2.0.1 for Android allows attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL. NOTE: this vulnerability exists because of a CVE-2012-4009 regression.
CVE-2013-3646
The Cybozu Live application before 2.0.1 for Android allows remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site. NOTE: this vulnerability exists because of a CVE-2012-4008 regression.
CVE-2013-3644
Unspecified vulnerability in JustSystems Ichitaro 2006 through 2013; Ichitaro Pro through 2; Ichitaro Government 6, 7, and 2006 through 2010; Ichitaro Portable with oreplug; Ichitaro Viewer; and Ichitaro JUST School through 2010 allows remote attackers to execute arbitrary code via a crafted document.
CVE-2013-4616 (iphone_os)
The WifiPasswordController generateDefaultPassword method in Preferences in Apple iOS 6 and earlier relies on the UITextChecker suggestWordInLanguage method for selection of Wi-Fi hotspot WPA2 PSK passphrases, which makes it easier for remote attackers to obtain access via a brute-force attack that leverages the insufficient number of possible passphrases.