Best Of Web
Best Of The Web
TMZ
Game Show Contestants Sue Over Answer To Question About Common Passwords
"Million Dollar Money Drop" accused of tinkering with answer to avoid paying out $580K prize
FIERCE CIO
Transit System Flaws Can Give Hackers Unlimited Subway Rides
'Contactless' ticketing systems could have unwittingly opened the door to hackers, researchers say
CHICAGO TRIBUNE
White House Said To Plan Executive Order On Cybersecurity
White House will direct agencies to develop voluntary security guidelines for owners of critical infrastructure
KREBS ON SECURITY
Espionage Hackers Target 'Watering Hole' Sites
Commonly-visited websites may have been used as stepping stones to attack a host of targets
NETWORK WORLD
Iran Denies Launching Cyberattacks On U.S. Banks
Iran's Civil Defense Organization shot down accusations by unnamed sources in the media that it was behind cyberattacks against U.S.-based banks that include Bank of America, JPMorgan Chase, and Citigroup
THREAT POST
Hotmail Limits Passwords To 16 Characters
Hotmail says it will accept the first 16 characters of an existing, longer password, indicating that the company may have been storing users' passwords in plaintext
SECURITY WEEK
Syria Information Ministry Email Hacked: TV
Syria's ministry of information said an email announcement claiming the firing of the Syrian Ambassador to Lebanon was a result of an email hack an was not a legitimate announcement
ABC NEWS
94 Million Exposed: The Government's Epic Fail On Privacy
Rapid7's finding that 94 million Americans have had their personal information has been exposed at government agencies, and that's a conservative count
NAKED SECURITY BLOG
Microsoft Warns Of Flash Vulnerability On IE 10 And Windows 8
Microsoft has already released a security advisory affecting its new software platforms, even before they have been released
EWEEK
Software Code Sandboxes A Bright Spot As Security Flaws Trend Higher
While major software makers have tamed many of the vulnerabilities in their software, disclosed code flaws will peak in 2012, IBM finds in its latest report. Yet technologies for making exploitation harder, such as sandboxing, are paying off
THREAT POST
Tiny Evil Maid CHKDSK Utility Can Steal Passwords
A Canadian developer has written a tool that impersonates the CHKDSK utility and can lift a user's password without the user's knowledge
INFOSECURITY MAGAZINE
Malware Writers Turn To Google Go Language
Google's Go programming language appears to have won over the hearts and minds of cybercriminals using it for writing botnets, Trojans, and worms
SECURITY WEEK
ICS-CERT Roadmap Outlines Security Strategy For Transportation Sector
Plan provides details for voluntarily improving industrial control systems cybersecurity across aviation, highway, maritime, pipeline, and surface transportation, among others
COMPUTERWORLD
U.S. Banks On High Alert Against Cyberattacks
The Financial Services Information Sharing and Analysis Center (FS-ISAC) has warned U.S. banks of cybercriminals trying to steal employee network login credentials to conduct extensive wire transfer fraud
TECHWORLD
Sophos Antivirus Glitch Causes False Positive Chaos
Security firm Sophos has been had to issue an embarrassing apology after its antivirus program suddenly started classifying every software update � including the company's own �as malware
SYMANTEC
Blackhole 2.0 Exploited To Push Advertisements
New version of popular exploit kit is bait to lure users to ad scam
INFOSECURITY MAGAZINE
NullCrew: The Principled Hacker Group?
Null, the leader of the NullCrew hacking group, in an online interview says his gang is not part of Anonymous, but supports many of the hacktivist group's causes
THE REGISTER
Oil And Gas Giants' PCs Polluted By New Cyber-Spy Trojan
Cyberespionage attackers have infiltrated a large oil company in the Philippines, an energy company in Canada and a military organization in Taiwan among others, Dell SecureWorks researchers say
NBC NEWS
61 Percent Of IT Security Professionals Fear Anonymous, Hacktivist Attacks
Cybercriminals finish second on list of worries; nation-states third
ZDNET
Japan Confirms Cyberattacks Over Island Dispute
At least 19 Japanese websites hit by cyberattacks, reportedly from China
IT PRO PORTAL
Cyberattacks On U.S. Banks Raise Threat Alert
Spate of cyberattacks forces industry body to raise threat level from elevated to high
ASSOCIATED PRESS
Panetta Talks Computer Hacking Issues With Chinese
Despite escalating diplomacy and warnings, U.S. makes little headway in tamping down aggressive Chinese cyberattacks
RAPID7
Free Scanner For MySQL Authentication Bypass CVE-2012-2122
ScanNow enables users to check their networks for newly-discovered vulnerability
SECURITY WEEK
RSA Acquires Malware Detection Firm Silicum Security
Canadian company develops endpoint monitoring technology that helps detect advanced malware
SECURITY WEEK
Why Google Acquired VirusTotal
Search engine giant will use free scanning capability to build community-based reputation feed
INFOSEC ISLAND
Network Surveillance Devices Discovered Via Shodan
Researchers found via Shodan surveillance devices like BlueCoat Proxy and PacketShaper boxes, Cisco routers running Lawful Intercept code
NETWORK WORLD
5 Win Government Grants To Help 'Get Rid Of Passwords'
The National Strategy for Trusted Identities in Cyberspace (NSTIC) initiative has picked five projects to find alternatives to passwords
SECUREWORKS
Dell Secureworks CTU Discovers New Cyber Espionage Campaign Launched Against Philippine Oil Company And Energy Company In Canada
Targets of the new attacks include a large oil company in the Philippines, an energy company in Canada, a military organization in Taiwan and other entities. (yet to be identified) in Brazil, Israel, Egypt and Nigeria.
NAKED SECURITY BLOG
Over 9 Million PCs Infected -- ZeroAccess Botnet Uncovered
SophosLabs says the current version of ZeroAccess has been installed on computers more than 9 million times -- with the current number of active infected PCs numbering around 1 million
WEBSENSE BLOG
Watch Out For Malicious UPS/Fedex Notifications When Waiting For IPhone 5
Phony UPS notification emails play off of Apple iPhone 5 deliveries
THREAT POST
Think Differently On Cybersecurity Or Fall Farther Behind, Former FBI Lawyer Says
Former FBI lawyer and chief of the FBI's Cyber Intelligence Section Steven Chabinsky, now with CrowdStrike, says vulnerability mitigation doesn't deliver good return on your investment -- a focus on real-time information sharing is crucial
SECURITY WEEK
Grum Botnet Attempts A Comeback -- Dies Quick Death
FireEye recently detected two new Grum command servers, but the servers were taken offline within hours
NETWORK WORLD
FBI Warns Financial Institutions Are Being Highly Targeted By Fraudsters
The FBI says cybercriminals have recently stepped up efforts to steal money and gain access to financial institutions using spam, phishing emails, keystroke loggers, and Remote Access Trojans
TECHNET BLOG
Additional Information About Internet Explorer And Security Advisory 2757760
Microsoft says it will release a fix it in the next few days to address a zero-day bug in Internet Explorer -- only a few attempts have been made to exploit the flaw thus far
ZDNET
Mobile Pwn2Own: iPhone 4S Hacked By Dutch Team
Dutch research team won $30,000 cash prize by hacking into Apple's iPhone 4S from scratch via a WebKit vulnerability
WASHINGTON POST
Cybersecurity Should Be More Active, Official Says
U.S. federal government has taken a "failed approach" by focusing on vulnerabilities rather than deterring attackers, Chabinksy says
COMPUTERWORLD
Microsoft Confirms Hackers Exploiting Critical IE Bug, Promises Patch
Suggests temporary defenses, but others urge users to switch to Chrome or Firefox
THREAT POST
Developer Warns Millions Of Virgin Mobile Subscribers About Authentication Flaw
Texas developer says subscribers are at risk after mobile provider failed to respond with a fix
ONLINE POKER.NET
Hacker Steals $140K From Lock Poker Account
Online attacker transfers $54,000 of his own account, dumps another $80,000 worth of chips
WALL STREET JOURNAL
Report: Eastern European Hackers More Sophisticated Than Asian Counterparts
Trend Micro report says hackers in Russia and nearby countries work in a more nimble, mercenary fashion
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
- Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-3562
Multiple integer signedness errors in the tvb_unmasked function in epan/dissectors/packet-websocket.c in the Websocket dissector in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (application crash) via a malformed packet.
CVE-2013-3561
Multiple integer overflows in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (loop or application crash) via a malformed packet, related to a crash of the Websocket dissector, an infinite loop in the MySQL dissector, and a large loop in the ETCH dissector.
CVE-2013-3560
The dissect_dsmcc_un_download function in epan/dissectors/packet-mpeg-dsmcc.c in the MPEG DSM-CC dissector in Wireshark 1.8.x before 1.8.7 uses an incorrect format string, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
CVE-2013-3559
epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.8.x before 1.8.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (integer overflow, and heap memory corruption or NULL pointer dereference, and application crash) via a malformed packet.
CVE-2013-3558
The dissect_ccp_bsdcomp_opt function in epan/dissectors/packet-ppp.c in the PPP CCP dissector in Wireshark 1.8.x before 1.8.7 does not terminate a bit-field list, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.