Best Of Web
Best Of The Web
GLOBAL POST
Anonymous Targets The New York Times
Hacktivist group releases email correspondence after criticizing media coverage of TrapWire
SECURELIST
Brazilian Trojan Bankers Now Digitally Signed
Cybercriminals buy valid digital certificates from certificate authorities using fake data and then sign Trojan bankers with them
SOFTPEDIA
Anonymous Hacks Siemens And Fujitsu Websites In Operation Coltan
The latest victims of OpColtan and OpGreenRights are Fujitsu General Brazil (fujitsugeneral.com.br) and Siemens Switzerland (siemens.ch) websites, apparently hit via SQL injection attacks
SOFTPEDIA
Java Users Still Not Safe, Experts Report New Vulnerability To Oracle (Exclusive)
Researchers Security Explorations who first reported to Oracle the bugs used in the recent attacks have just reported another similar bug to Oracle
NETCRAFT
Governments And Banks Still Using Weak MD5-Signed SSL Certificates
More than 1,000 websites including several government sites are still using SSL certificates with weak signature algorithms
THREAT POST
Info Of 55K Patients Stolen From Indianapolis Cancer Practice
The Cancer Care Group in Indianapolis says it will improve its storage and data security practices in the wake of a stolen laptop containing the sensitive information of about 55,000 of its patients
THE NEW YORK TIMES
Software Meant To Fight Crime Is Used To Spy On Dissidents
The FinSpy spyware tool has been linked to servers in more than a dozen countries, including Turkmenistan, Brunei and Bahrain, although no government acknowledges using the software for surveillance purposes
CNET
A Who's Who Of Mideast-Targeted Malware
RasGas is the latest company to be hit by a virus -- a look at the litany of malware designed to steal secrets, wipe data, shut down corporate computers, and even sabotage nuclear power plants
THE FIREWALL
Trustwave Discovers Malware Infected With Even More Malware
The Sality family of malware infects other samples -- case of malware being infected by other malware
BANK INFO SECURITY
Hackers Exploit Payments Infrastructure
Targeting transactions to access intellectual capital
NETWORK SECURITY BLOG
Put Up Or Shut Up: Lead With Action, Not With Words
Oracle exec's comments that information sharing is lacking in security industry may be myopic, expert says
THREAT POST
Report: Advanced Malware Targeting Organizations Up Nearly 400 Percent
Huge jump in Web-based infections that target companies, FireEye report says
ISS SOURCE
Shady RAT: Trillions Stolen, Response Weak
A year later, corporations' efforts are still loosely coordinated and mostly ineffective
THREAT POST
Mozilla Releases Firefox 15 With New Invisible Updater
New browser features silent updater and optimized memory management
GOVERNMENT INFO SECURITY
Obama Urged To Take Unilateral Action On Cybersecurity
Presidential action couldn't fully protect businesses from liability
SECURITY WEEK
Radware Discovers New Trojan Keylogger Used In Targeted Attack
Admin.HLP steals sensitive data and attempts to export it to remote site
NEWSMAX
DHS Issues Alert For Malware Impersonating FBI
US-CERT says malware disguises itself as originating from federal law enforcement or other government agencies
US-CERT
Malware Campaigns Impersonating U.S. Government Agencies
US-CERT says malware campaigns are under way impersonating multiple U.S. government agencies, including the United States Cyber Command (USCYBERCOM) and the FBI
CNET
Feds: Power Grid Vulnerable To 'Fast-Moving Cybersecurity Threats'
The Federal Energy Regulatory Commission warned Congress that existing law may not protect "against fast-moving cybersecurity threats"
WIRED
'Degrade, Disrupt, Deceive': U.S. Talks Openly About Hacking Foes
The U.S. military can't seem to stop talking about its offensive hacking plans, including a recent U.S. Air Force RFP that calls for methods "to destroy, deny, degrade, disrupt, deceive, corrupt, or usurp the adversaries [sic] ability to use the cyberspace domain for his advantage"
BUSINESS WEEK
SEC Guidance On Cyber-Disclosure Becomes Rule For Google
The Securities and Exchange Commission guidelines on when companies should disclose cyberattacks have become de facto rules for Google and Amazon, among others, agency letters reveal
THE REGISTER
'FIRST Ever' Linux, Mac OS X-Only Password Sniffing Virus Spotted
Security researchers have discovered a Linux and Mac OS X cross-platform Trojan that steals passwords and other sensitive information typed by victims
SOFTPEDIA
Shanghai Police Arrest 50 Individuals Suspected Of Selling Personal Details
Authorities in Shanghai have arrested 50 people in connection with 200 million pieces of stolen personal information stored on their computers
THREAT POST
Analysis Shows Traces Of Wiper Malware, But No Links To Flame
Kaspersky Lab researchers say the Wiper malware that erased data on machines in Iran and led them to discover Flame has no connection to Flame, but has some links to Duqu and Stuxnet
SECULERT BLOG
New Mahdi Updates, New C2 Server
Mahdi is still active, with some targets in the U.S. -- there now have been some 1,000 total infections worldwide
CYBER WARZONE
DDoS Attacks: So Simple, So Dangerous
An analysis of denial-of-service attacks, explaining how the technique is used for different purposes
HELP NET SECURITY
BYOD Is Not For Every Company, Or Every Employee
Sometimes the security risks of bring-your-own-device policies outweigh the benefits, experts say
NORMAN
The Many Faces Of Gh0st Rat
Open-source backdoor Trojan has been used in a large number of exploits
TO INFORM IS TO INFLUENCE
The Cyber Money Train
The U.S. government is scheduled to spend $13 billion on cybersecurity in 2012, but one estimate says spending would have to increase by 1,800 percent to provide adequate protection
INFOWORLD
Doomsday Malware: It's Only A Matter Of Time
The most destructive malware hasn't made it into the wild yet, but when it does, it'll put today's "supermalware" to shame
INFOSEC ISLAND
Why Data Security And Enterprise Risk Management Are Important
Management can prepare for adversity by implementing an enterprise risk management framework
CSO
Dropbox Going Two-Factor, Becoming De Facto
Move comes four weeks after popular online file sharing services was hit by embarrassing spam attack
THREAT POST
Second LulzSec Member Arrested For Sony Pictures Attack
Arizona man arrested for alleged role in June 2011 attack on Sony
NEWSTALK
Ulster Bank Confirms Security Breach Outside Offices
The bank has confirmed that a staff member accidentally dropped folder containing customer information outside one of its offices
TECHWORLD
Swiss Army Knives To Lose USB Drive Security Features
Swiss Army knife firm Victorinox is dropping the security software used by its combined knife-and-USB stick products
SOFTPEDIA
ENISA: Unreported Cybersecurity Incidents Bad For Consumers And Policymakers
European Network and Information Security Agency (ENISA) report says many breach incidents remain undetected or unreported
SECURITY WEEK
Cybercrime Crackdown Yields 357 Arrests In Philippines
Sweep was aimed at stopping a scam that initiated in China and told victims their bank accounts were being used to launder money, or other terrorist funding, and be advised to move their funds to a safe account provided by "the police"
KREBS ON SECURITY
New Adobe Flash Player Update Fixes 6 Flaws
Adobe has pushed a critical security update for its Flash Player software that comes one week after the company rushed out a fix for a flaw that attackers were exploiting in the wild
COMPUTERWORLD
Macs At Risk From 'Super Dangerous' Java Zero-Day
Unpatched bug can be exploited through any browser running on any operating system, from Windows and Linux to OS X, that has Java installed
THREAT POST
Looking To Bolster Security, Dropbox Adds Two-Factor Authentication
Dropbox announced it has added a two-step authentication to better protect user accounts
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- Endpoint Security: End user security requires layers of tools and training as employees use more devices and apps.
- Security Isn't A Piece Of Cake: It's time we rethink the conventional wisdom about security layering.
- BYOD Is Here To Stay: Trying to keep employees' devices off the network is futile.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-1612
Buffer overflow in secars.dll in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1.x before 12.1.3, and Symantec Endpoint Protection Center (SPC) Small Business Edition 12.0.x, allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2013-2866
The Flash plug-in in Google Chrome before 27.0.1453.116 does not properly determine whether a user wishes to permit camera or microphone access by a Flash application, which allows remote attackers to obtain sensitive information from a machine's physical environment via a clickjacking attack, as demonstrated by an attack using a crafted Cascading Style Sheets (CSS) opacity property.
CVE-2013-2969
Cross-site scripting (XSS) vulnerability in IBM Sterling Control Center (SCC) 5.2 before 5.2.0.9, 5.3 before 5.3.0.4, and 5.4 through 5.4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving invalid characters.
CVE-2013-2968
An unspecified buffer-read method in IBM Sterling Control Center (SCC) 5.2 before 5.2.0.9, 5.3 before 5.3.0.4, and 5.4 through 5.4.0.1 allows remote authenticated users to cause a denial of service via a large file that lacks end-of-line characters.
CVE-2013-4622 (droid_incredible)
The 3G Mobile Hotspot feature on the HTC Droid Incredible has a default WPA2 PSK passphrase of 1234567890, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area.



