Best Of Web
Best Of The Web
CLOUDMARK
Severe Surge In SMS Phishing Attacks
SMS attacks were up 913 percent in the first week of September, researchers say
WASHINGTON POST
Security Lapses At Nuclear Complex Identified Two Years Before Break-In
Problems at Oak Ridge were reported but never fixed, report says
ZDNET
Taliban Pose As Pretty Women On Facebook, Dupe Soldiers
Taliban are posing as attractive women: to lure Australian troops into giving up military secrets
ABC NEWS
Emma Watson Named Dangerous Cyber-Celebrity
McAfee said searcing online for "Harry Potter" star Emma Watson gives you a one-in-eight chance of landing on a malicious website
THE GUARDIAN
My Life After Anonymous: 'I Feel More Fulfilled Without The Internet'
�Topiary� writes of how it�s been being barred from the Internet and how he wears an electronic tag on his ankle
THE NEXT WEB
GoDaddy Goes Down, Taking Countless Websites Offline; Anonymous Claims Responsibility
A hacker associated with Anonymous claims to have taked down GoDaddy with a massive distributed denial-of-service attack
HELP NET SECURITY
Data Breaches Expose 94 Million Records In The Government Sector
New data from Rapid7 shows that the government sector reported 268 incidents of data breaches from Jan. 1, 2009, to May 31, 2012, which exposed more than 94 million records containing personally identifiable information
THE WASHINGTON POST
White House Drafting Standards To Guard U.S. Against Cyberattack, Officials Say
The Obama administration has drafted an executive order that would create voluntary standards for companies to protect themselves against cyberattacks, and includes setting up a special council of key government agencies to identify threats to critical infrastructure
THREAT POST
Saudi Aramco Says Networks Back Online, But No Results From Malware Investigation Yet
Saudi Aramco issued a statement today saying the malware attack that infected tens of thousands of its workstations last month never endangered the company's oil production capabilities and that all of the affected systems have been brought back online and restored
COMPUTERWORLD BLOG
Why Google Bought VirusTotal
Google may be looking to integrate VirusTotal into and beefing up Android and Chrome security
REUTERS
China's Huawei Negotiating Conditions To Join U.S. Hearing
China's Huawei Technologies Co Ltd. telecommunications equipment manufacturer says it�s negotiating the conditions under which it would agree to take part in a U.S. congressional hearing into alleged security threats posed by Chinese telecom firms
REUTERS
Exclusive: Insiders Suspected In Saudi Cyber Attack
One or more insiders with high-level access are suspected of assisting the hackers who hit Saudi Arabia's computers, sources familiar with the investigation say
ARS TECHNICA
Botnet Master Gets 30-Month Prison Term For Renting Out Infected PC�s
A man who ran a botnet of 72,000 computers and rented out command-and-control access to others was sentenced to 30 months in prison today
THE HILL
Official: Congress Must Establish Electric Grid Cybersecurity Authority
Federal Energy Regulatory Commission Chairman Jon Wellinghoff called on Congress to approve new federal authority to manage cybersecurity on the electric grid
NAKED SECURITY BLOG
Fingerprint Scanner Maker Cries Foul Over Russian Firm's Security Warning
Biometric scanner maker Authentec shot down claims by the Russian security firm Elcomsoft that its management software has a flaw that stores Windows passwords insecurely
THREAT POST
Two Microsoft Security Updates Await In Advance Of Certificate Key Length Changes
Microsoft's September Patch Tuesday will include an automatic updater function that will call out any certificates with RSA key lengths shorter than 1024 bits
SANS INTERNET STORM CENTER BLOG
Keeping An Eye On Those BYODs With DHCP
The Dynamic Host Configuration Protocol (DHCP) provides device data that can be helpful security-wise for managing mobile devices plugging into the network
COMPUTERWORLD
Security Researchers To Present New 'CRIME' Attack Against SSL/TLS
A feature in SSL/TLS can be abused to decrypt HTTPS session cookies, researchers say
LIFEHACKER
Why You Should Start Using A VPN (And How To Choose The Best One For Your Needs)
A look at some of the top VPN service providers and how to evaluate them
REUTERS
Security Startup CrowdStrike Hires One Of FBI's Top Lawyers
Attorney will advise customers on how far they can go in fighting back against bad guys
CYBER WARZONE
Just Out! New Anonymous Operation #OpISIGK
Hacktivist group releases new video about the level of monitoring the government is doing on its citizens
FOREIGN POLICY
Is The 'Holy Grail' Of Cybersecurity Within Reach?
Technology for attribution is becoming much better, government experts say
ZDNET
New Shamoon Malware Variant In The Wild
Symantec has released a new warning after finding that an updated variant of malware Shamoon is in the wild
FUTURITY
Quantum Step Toward Trickier Cybersecurity
New quantum processor can factor a composite number into its prime factors, offering new potential for cryptography
CNET
Spam From 'Friends' Is Actually Result Of Facebook Hole
Facebook fixes problem and says spammers are using friend lists they scraped before the fix
THREAT POST
Apple Fixes Flaws, Updates Java 6 For OS X
Apple pushes out a security update for Snow Leopard, Lion, and Mountain Lion operating systems
THREAT POST
New Attack Uses SSL/TLS Information Leak To Hijack HTTPS Sessions
The new attack works much like the BEAST attack -- with a man-in-the-middle, they can sniff HTTPS traffic and launch the attack
READWRITEWEB
Java Is No Longer Needed. Pull The Plug-In
Disable Java plug-ins in all browsers, whether Firefox, Chrome or Internet Explorer
TECHCRUNCH
Apple Says It Didn't Provide UDIDs To FBI
An Apple spokesperson told All Things D that it was not the source of any UDID information to the FBI or any other organization, nor had the FBI requested it from Apple
NAKED SECURITY BLOG
Free-Press Organizations Targeted In Malware Attack
A cybercriminal posing as a member of the World Press Freedom Committee targeted the head of the Committee to Protect Journalists
ZDNET
Huawei In Cybersecurity Pledge: 'We're Not Chinese Spies'
Chinese telecommunications vendor Huawei has published a report promising not to ever cooperate with spying or espionage
ARS TECHNICA
Secret Account In Mission-Critical Router Opens Power Plants To Tampering
ICS-CERT warns that mission-critical routers manufactured by GarrettCom contains an undocumented account with a default password that gives unprivileged users access to advanced options and features
H ONLINE
Google Suspicious Sign-In Alert Contains A Trojan
A new email purportedly from "accounts-noreply@google.com" with the subject "Suspicious sign in prevented" claims a hacker has attempted to access the mail recipient's Google Account
THREAT POST
Qubes OS Release Enhances Security Via Domain Isolation
Researcher Joanna Rutkowska and Invisible Things Lab have released an open-source OS that isolates VMs for different uses
THE HILL
Democratic Platform Diverges With GOP On Cybersecurity
Democratic platform touts "unprecedented steps" Obama administration has taken to protect the United States from cyberattack
TECH WORLD
Cybersecurity Manual Examines How International Law Applies To Cyberwarfare
Cyberattacks pose a range of legal questions for nations
TRUSTWAVE SPIDER LABS
How Antivirus Saved The Day ... Sort Of
Old Trojan contains new virus that antivirus software could not clean
FEDERAL COMPUTER WEEK
DISA Strategic Plan Focuses On Enterprise, Cybersecurity, And Efficiencies
New Defense Information Systems Agency strategic plan reflects shifting priorities
SYDNEY MORNING HERALD
Virus Origin In Gulf Computer Attacks In Question
Crippling of computer systems at Saudi Aramco and RasGas highlight new threat to energy supplies
FORBES
Beware Fake Microsoft And Amazon Emails Exploiting Java Security Vulnerability
Oracle's half-baked fix of Java security flaw is an invitation for cybercriminals to exploit its users, experts say
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
- Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-3562
Multiple integer signedness errors in the tvb_unmasked function in epan/dissectors/packet-websocket.c in the Websocket dissector in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (application crash) via a malformed packet.
CVE-2013-3561
Multiple integer overflows in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (loop or application crash) via a malformed packet, related to a crash of the Websocket dissector, an infinite loop in the MySQL dissector, and a large loop in the ETCH dissector.
CVE-2013-3560
The dissect_dsmcc_un_download function in epan/dissectors/packet-mpeg-dsmcc.c in the MPEG DSM-CC dissector in Wireshark 1.8.x before 1.8.7 uses an incorrect format string, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
CVE-2013-3559
epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.8.x before 1.8.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (integer overflow, and heap memory corruption or NULL pointer dereference, and application crash) via a malformed packet.
CVE-2013-3558
The dissect_ccp_bsdcomp_opt function in epan/dissectors/packet-ppp.c in the PPP CCP dissector in Wireshark 1.8.x before 1.8.7 does not terminate a bit-field list, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.