Best Of Web
Best Of The Web
VIRTUAL STRATEGY MAGAZINE
Improving Cybersecurity With Auditing And Metrics
TASC cyberexperts say industry standard needed
GIZMODO
Hackers, Angered By 'Sacriligeous Movie,' Target Bank Of America And NYSE
Hacker group claims responsibility for taking down Bank of America's website
CYBERWARZONE
Cyber Warfare Is Warfare Against All Of Us
U.S.-made Stuxnet may have been targeted, but it's now a headache for all security pros, author observes
SECURITY WEEK
NullCrew Posts Data Taken From Cambridge University
NullCrew has published a 4,000 names and some passwords allegedly stolen from the University of Cambridge�s Press portal � the university disputes claims there was a breach
FIERCE GOVERNMENT
Chinese Telecom Officials Say Spying Would Undermine Business
Chinese telecom giants Huawei and ZTE told a Sept. 13 House panel under oath that coding backdoors into their equipment would jeopardize their ability to conduct business
THE HILL
White House Confirms Cybersecurity Order In The Works
National Security Adviser John Brennan confirmed that the White House is drafting an executive order to encourage companies to better protect critical computer systems.
THREAT POST
Latest IE Zero-Day Flaw Tied To Nitro Hackers And Recent Java Zero-Day Exploits
Active exploits have been discovered in the wild and are being linked to Nitro, the group of Chinese hackers exploiting two Java zero-days last month
COMPUTERWORLD
Two Romanians Plead Guilty In Subway Hack
Two Romanian men have pleaded guilty to participating in a $10 million scheme to hack into the computers of hundreds of Subway restaurants in the U.S. and steal payment card data
RAPID7 BLOG
Metasploit 0-Day Exploit For IE 7, 8 & 9 On Windows XP, Vista, And 7
Metasploit has released an exploit module for a new zero-day vulnerability targeting IE that exploits the user-after-free bug
NBC NEWS
Microsoft Urges Customers To Install Security Tool
Microsoft recommended today that Windows users on Monday install its Enhanced Mitigation Experience Toolkit to protect against attacks against a newly discovered bug in Internet Explorer
NEXGOV
India, United States Kick Off Cyber Drills
Indian Computer Emergency Response Team and the U.S. are engaging in a two-day joint offensive cybersecurity exercise where the two will launch phishing, network-probing, spam, and malware attacks against each other
NAKED SECURITY BLOG
U.S. Schools Track Teens By Putting Chips Into Students' ID Cards
A Texas school district is putting tracking chips into new, mandatory student IDs to keep tabs on students' whereabouts
BBC
Chip And Pin 'Weakness' Exposed By Cambridge Researchers
Researchers said cards could effectively be cloned by exploiting the security flaw
INFOSECURITY MAGAZINE
Microsoft Kills Most Of Forefront Portfolio
Microsoft is eliminating several of its Forefront products as of Dec. 1 -- Forefront Protection 2010 for Exchange Server (FPE), Forefront Protection 2010 for SharePoint (FPSP), Forefront Security for Office Communications Server (FSOCS), Forefront Threat Management Gateway 2010 (TMG), and Forefront Threat Management Gateway Web Protection Services (TMG WPS)
ALIENVAULT LABS BLOG
Tracking Down The Author Of The PlugX RAT
AlienVault has gleaned new intelligence from payloads of the RAT attacks and used that information to track the author of the RAT who they say is likely involved in the attacks as well
SECURITY WEEK
Amid US Probe, China Telecom Firms Defend Record
Congressional intelligence committee chair has been "disappointed" that Huawei and ZTE have provided little evidence to prove they are not being used by the Chinese government for espionage or cyberattacks on the U.S.
NETWORK WORLD
Botnet Masters Hide Command And Control Server Inside The Tor Network
New botnet is controlled from an IRC server that runs as a hidden service inside the Tor network, researchers from G Data Software say
WIRED
Anonymous' Barrett Brown Raided By FBI During Online Chat
Barrett Brown was raided for the second time by the FBI this year after posting a YouTube video in which he talked about taking drugs and retaliating against an FBI Agent named Robert Smith after he learned that his mother might be hit with obstruction of justice charges
HELP NET SECURITY
Worldwide Security Infrastructure Market Will Grow 8.4 Percent
Despite economic pressures, security is expected to remain a high priority, Gartner says
TREND MICRO
The Tinba/Tinybanker Malware
Information-stealing malware is remarkably small in size, taking up just 20 KB
THE REGISTER
Prof Casts Doubt On Stuxnet's Accidental "Great Escape" Theory
How DID the super-weapon flee Iran's nuclear plant?
ARS TECHNICA
Crack In Internet's Foundation Of Trust Allows HTTPS Session Hijacking
Hackers could hijack Web browser sessions even when they're encrypted, researchers say
HELP NET SECURITY
Best Practices For Mobile Software Developers
PCI Security Standards Council issues best practices for mobile payment acceptance security
CNET
New Test Results Highlight Windows Security Struggles
Latest results from independent consumer security suite tester AV-Test are in, but not good
THE ONION
Prevent Identity Theft By Changing Identity Every Three Years
Don�t change your passwords -- change your whole identity, 'expert' argues
WEBSENSE
Blackhole Exploit Kit Updates To 2.0
Infamous attack kit gets an upgrade, could be even more dangerous
THE REGISTER
Apple's Soon-To-Be-Slurped Securo Firm Shrugs Off Crypto Warning
AuthenTec, the target of an $356 million acquisition by Apple, has denied reports that possible cryptographic weaknesses in its fingerprint scanner software pose a risk to laptop security
THREAT POST
Black Hole Exploit Kit 2.0 Released
The Black Hole crimeware kit has been updated with a new version that includes new features designed to prevent security researchers from getting access to new exploits or reverse-engineering the kit's inner workings.
IMPERVA BLOG
What The IPS Didn't See
Many security teams falsely believe that IPS can block or mitigate application attacks and IPS vendors increasingly claim application security features
WIRED
Five Epic Hacks That Never Happened
In the wake of yesterday's GoDaddy incident where someone on Twitter claimed to have DDoS'ed the company, a look at five great hacks that never happened despite how they were reported
COMPUTERWORLD
Experts Urge Prep For Microsoft's Cert-Blocking Update
Microsoft customers should use the next month to audit their networks for soon-to-be-crippled digital certificates, and to test changes that take effect via Windows Update on Oct. 9
HELP NET SECURITY
Etsy Starts Its Own Bug Bounty Program
Online marketplace for handcrafted and vintage goods Etsy has launched a vulnerability bounty program that pays a minimum of $500 for qualifying vulnerabilities
HEALTHCARE INFOSECURITY
Inside A HIPAA Breach Investigation
CSO at the Alaska Department of Health and Social Services shares his lessons learned from the $1.7 million settlement following a HIPAA compliance investigation triggered by a small breach incident
SECURITY WEEK
Terrorists Pose Cyber Security Threat, Former Defense Secretary Says
Former U.S. Secretary of Defense Robert Gates said the threat of of cyberwar waged by nation-states in somewhat less problematic than attacks from nonstate actors
GODADDY
GoDaddy Site Outage Investigation Completed
Outage was not a hack and was not caused by external influences, company says
ADOBE
Security Update Released For ColdFusion 10 And Earlier
Adobe closes vulnerabilities in popular software
TECH REPUBLIC
Inside Your Users' Brains: Where They Get Security Advice
Study says users learn best by storytelling
RT
Mole Hack? 30,000 Computers Of World's Biggest Oil Company Hit
Insiders said to have played a role in breach at Saudi Aramco
THE HACKER NEWS
Anonymous Hackers Take Down GoDaddy With IRC Bots
Report says hacker used script to DDoS popular Internet registration site
HELP NET SECURITY
Every Third Computer In North America Attacked While Online
Kaspersky report says 33.4 percent of machines are attacked while browsing the Web
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- Endpoint Security: End user security requires layers of tools and training as employees use more devices and apps.
- Security Isn't A Piece Of Cake: It's time we rethink the conventional wisdom about security layering.
- BYOD Is Here To Stay: Trying to keep employees' devices off the network is futile.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-1612
Buffer overflow in secars.dll in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1.x before 12.1.3, and Symantec Endpoint Protection Center (SPC) Small Business Edition 12.0.x, allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2013-2866
The Flash plug-in in Google Chrome before 27.0.1453.116 does not properly determine whether a user wishes to permit camera or microphone access by a Flash application, which allows remote attackers to obtain sensitive information from a machine's physical environment via a clickjacking attack, as demonstrated by an attack using a crafted Cascading Style Sheets (CSS) opacity property.
CVE-2013-2969
Cross-site scripting (XSS) vulnerability in IBM Sterling Control Center (SCC) 5.2 before 5.2.0.9, 5.3 before 5.3.0.4, and 5.4 through 5.4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving invalid characters.
CVE-2013-2968
An unspecified buffer-read method in IBM Sterling Control Center (SCC) 5.2 before 5.2.0.9, 5.3 before 5.3.0.4, and 5.4 through 5.4.0.1 allows remote authenticated users to cause a denial of service via a large file that lacks end-of-line characters.
CVE-2013-4622 (droid_incredible)
The 3G Mobile Hotspot feature on the HTC Droid Incredible has a default WPA2 PSK passphrase of 1234567890, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area.