Best Of Web
Best Of The Web
GLOBAL POST
Anonymous Targets The New York Times
Hacktivist group releases email correspondence after criticizing media coverage of TrapWire
SECURELIST
Brazilian Trojan Bankers Now Digitally Signed
Cybercriminals buy valid digital certificates from certificate authorities using fake data and then sign Trojan bankers with them
SOFTPEDIA
Anonymous Hacks Siemens And Fujitsu Websites In Operation Coltan
The latest victims of OpColtan and OpGreenRights are Fujitsu General Brazil (fujitsugeneral.com.br) and Siemens Switzerland (siemens.ch) websites, apparently hit via SQL injection attacks
SOFTPEDIA
Java Users Still Not Safe, Experts Report New Vulnerability To Oracle (Exclusive)
Researchers Security Explorations who first reported to Oracle the bugs used in the recent attacks have just reported another similar bug to Oracle
NETCRAFT
Governments And Banks Still Using Weak MD5-Signed SSL Certificates
More than 1,000 websites including several government sites are still using SSL certificates with weak signature algorithms
THREAT POST
Info Of 55K Patients Stolen From Indianapolis Cancer Practice
The Cancer Care Group in Indianapolis says it will improve its storage and data security practices in the wake of a stolen laptop containing the sensitive information of about 55,000 of its patients
THE NEW YORK TIMES
Software Meant To Fight Crime Is Used To Spy On Dissidents
The FinSpy spyware tool has been linked to servers in more than a dozen countries, including Turkmenistan, Brunei and Bahrain, although no government acknowledges using the software for surveillance purposes
CNET
A Who's Who Of Mideast-Targeted Malware
RasGas is the latest company to be hit by a virus -- a look at the litany of malware designed to steal secrets, wipe data, shut down corporate computers, and even sabotage nuclear power plants
THE FIREWALL
Trustwave Discovers Malware Infected With Even More Malware
The Sality family of malware infects other samples -- case of malware being infected by other malware
BANK INFO SECURITY
Hackers Exploit Payments Infrastructure
Targeting transactions to access intellectual capital
NETWORK SECURITY BLOG
Put Up Or Shut Up: Lead With Action, Not With Words
Oracle exec's comments that information sharing is lacking in security industry may be myopic, expert says
THREAT POST
Report: Advanced Malware Targeting Organizations Up Nearly 400 Percent
Huge jump in Web-based infections that target companies, FireEye report says
ISS SOURCE
Shady RAT: Trillions Stolen, Response Weak
A year later, corporations' efforts are still loosely coordinated and mostly ineffective
THREAT POST
Mozilla Releases Firefox 15 With New Invisible Updater
New browser features silent updater and optimized memory management
GOVERNMENT INFO SECURITY
Obama Urged To Take Unilateral Action On Cybersecurity
Presidential action couldn't fully protect businesses from liability
SECURITY WEEK
Radware Discovers New Trojan Keylogger Used In Targeted Attack
Admin.HLP steals sensitive data and attempts to export it to remote site
NEWSMAX
DHS Issues Alert For Malware Impersonating FBI
US-CERT says malware disguises itself as originating from federal law enforcement or other government agencies
US-CERT
Malware Campaigns Impersonating U.S. Government Agencies
US-CERT says malware campaigns are under way impersonating multiple U.S. government agencies, including the United States Cyber Command (USCYBERCOM) and the FBI
CNET
Feds: Power Grid Vulnerable To 'Fast-Moving Cybersecurity Threats'
The Federal Energy Regulatory Commission warned Congress that existing law may not protect "against fast-moving cybersecurity threats"
WIRED
'Degrade, Disrupt, Deceive': U.S. Talks Openly About Hacking Foes
The U.S. military can't seem to stop talking about its offensive hacking plans, including a recent U.S. Air Force RFP that calls for methods "to destroy, deny, degrade, disrupt, deceive, corrupt, or usurp the adversaries [sic] ability to use the cyberspace domain for his advantage"
BUSINESS WEEK
SEC Guidance On Cyber-Disclosure Becomes Rule For Google
The Securities and Exchange Commission guidelines on when companies should disclose cyberattacks have become de facto rules for Google and Amazon, among others, agency letters reveal
THE REGISTER
'FIRST Ever' Linux, Mac OS X-Only Password Sniffing Virus Spotted
Security researchers have discovered a Linux and Mac OS X cross-platform Trojan that steals passwords and other sensitive information typed by victims
SOFTPEDIA
Shanghai Police Arrest 50 Individuals Suspected Of Selling Personal Details
Authorities in Shanghai have arrested 50 people in connection with 200 million pieces of stolen personal information stored on their computers
THREAT POST
Analysis Shows Traces Of Wiper Malware, But No Links To Flame
Kaspersky Lab researchers say the Wiper malware that erased data on machines in Iran and led them to discover Flame has no connection to Flame, but has some links to Duqu and Stuxnet
SECULERT BLOG
New Mahdi Updates, New C2 Server
Mahdi is still active, with some targets in the U.S. -- there now have been some 1,000 total infections worldwide
CYBER WARZONE
DDoS Attacks: So Simple, So Dangerous
An analysis of denial-of-service attacks, explaining how the technique is used for different purposes
HELP NET SECURITY
BYOD Is Not For Every Company, Or Every Employee
Sometimes the security risks of bring-your-own-device policies outweigh the benefits, experts say
NORMAN
The Many Faces Of Gh0st Rat
Open-source backdoor Trojan has been used in a large number of exploits
TO INFORM IS TO INFLUENCE
The Cyber Money Train
The U.S. government is scheduled to spend $13 billion on cybersecurity in 2012, but one estimate says spending would have to increase by 1,800 percent to provide adequate protection
INFOWORLD
Doomsday Malware: It's Only A Matter Of Time
The most destructive malware hasn't made it into the wild yet, but when it does, it'll put today's "supermalware" to shame
INFOSEC ISLAND
Why Data Security And Enterprise Risk Management Are Important
Management can prepare for adversity by implementing an enterprise risk management framework
CSO
Dropbox Going Two-Factor, Becoming De Facto
Move comes four weeks after popular online file sharing services was hit by embarrassing spam attack
THREAT POST
Second LulzSec Member Arrested For Sony Pictures Attack
Arizona man arrested for alleged role in June 2011 attack on Sony
NEWSTALK
Ulster Bank Confirms Security Breach Outside Offices
The bank has confirmed that a staff member accidentally dropped folder containing customer information outside one of its offices
TECHWORLD
Swiss Army Knives To Lose USB Drive Security Features
Swiss Army knife firm Victorinox is dropping the security software used by its combined knife-and-USB stick products
SOFTPEDIA
ENISA: Unreported Cybersecurity Incidents Bad For Consumers And Policymakers
European Network and Information Security Agency (ENISA) report says many breach incidents remain undetected or unreported
SECURITY WEEK
Cybercrime Crackdown Yields 357 Arrests In Philippines
Sweep was aimed at stopping a scam that initiated in China and told victims their bank accounts were being used to launder money, or other terrorist funding, and be advised to move their funds to a safe account provided by "the police"
KREBS ON SECURITY
New Adobe Flash Player Update Fixes 6 Flaws
Adobe has pushed a critical security update for its Flash Player software that comes one week after the company rushed out a fix for a flaw that attackers were exploiting in the wild
COMPUTERWORLD
Macs At Risk From 'Super Dangerous' Java Zero-Day
Unpatched bug can be exploited through any browser running on any operating system, from Windows and Linux to OS X, that has Java installed
THREAT POST
Looking To Bolster Security, Dropbox Adds Two-Factor Authentication
Dropbox announced it has added a two-step authentication to better protect user accounts
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
- Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-2059
OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API, which allows remote authenticated users to retain access via the token.
CVE-2013-2007
The qemu guest agent in Qemu 1.4.1 and earlier, as used by Xen, when started in daemon mode, uses weak permissions for certain files, which allows local users to read and write to these files.
CVE-2013-2006
OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the (1) admin_token and (2) LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file.
CVE-2013-1977
OpenStack devstack uses world-readable permissions for keystone.conf, which allows local users to obtain sensitive information such as the LDAP password and admin_token secret by reading the file.
CVE-2013-1964
Xen 4.0.x and 4.1.x incorrectly releases a grant reference when releasing a non-v1, non-transitive grant, which allows local guest administrators to cause a denial of service (host crash), obtain sensitive information, or possible have other impacts via unspecified vectors.