Best Of Web
Best Of The Web
THREAT POST
Apple Adds Two-Factor Authentication To iTunes Accounts
Apple is now offering a new two-factor authentication system for iTunes and App Store using verification codes sent via SMS
SECURITY LEDGER
Messy And Loud Hack In South Korea Doesn't Look State Sponsored
Expert says the attack was more about making big media impact and political impact, not cyberespionage
SECURITY WEEK
DARPA Hopes Machine Learning Technologies Can Improve Security
A new Defense Advanced Projects Agency program combines new programming techniques with machine-learning
THE REGISTER
Ubuntu Tapped By China For National Operating System
Ubuntu will become the reference architecture for a Linux distribution backed and developed by the Chinese government
NETWORK WORLD
Cisco Inadvertently Weakens Password Encryption In Its IOS Operating System
The password encryption algorithm used in some new versions of the Cisco IOS is weaker than the algorithm it was created to replace
REUTERS
BBC Twitter Accounts Hacked By Pro-Assad Online Group
The BBC's weather service Twitter account was hacked on Thursday by a group of pro-Assad hackers and online activists that previously disrputed the Facebook page of Barack Obama
REUTERS
Cyber-Attack On South Korea May Not Have Come From China After All: Regulator
South Korean officials now say the attack on banks and media outlets there may not have originated from China after all -- the IP address tied to China was traced to a victim bank
NEXGOV
Military Cyber Strike Teams Will Soon Guard Private Networks
Pentagon officials say the Cyber Command by September will deploy all 13 cyberwarrior teams capable of striking adversary networks to deflect assaults on U.S. private computers
SOFTPEDIA
Flaw In T-Mobile's Wi-Fi Calling Service Allowed Hackers To Eavesdrop On Calls
Researchers identify vulnerability in calling feature that could lead to man-in-the-middle attacks
CIO
Taiwan Security Official Warns Of Crippling Chinese Cyberattacks
Chinese cyberattacks could disrupt Taiwan's infrastructure, says top security official
WIRED
Tone Down The Cyber Warfare Rhetoric, Expert Urges Congress
RAND Corp. expert says government should be careful about how it responds to cyberattacks
SOFTPEDIA
New Jersey IT Administrator Admits Hacking Mayor's Email Account
Incident in Hoboken is classic example of insider-driven data breaches
GOVERNMENT COMPUTER NEWS
Next-Generation Firewalls Are Actually Getting Better
Testing company NSS Labs offers new round of tests on latest firewall technology
COMPUTERWORLD
Experts: Iran And North Korea Are Looming Cyberthreats To U.S.
The two countries may lack some capabilities, but they have strong intentions to do harm, experts say
GOVERNMENT INFO SECURITY
Top ID Theft Risks For 2013
Medical ID theft, mobile device attacks are leading concerns
HELP NET SECURITY
Strategies Of A World-Class Computer Security Incident Response Team
A look at 10 fundamental qualities of an effective CSIRT
COMPUTERWORLD
Google Fully Implements Security Feature On DNS Lookups
Google will validate signatures on DNSSEC-enabled records
THE CHRONICLE
DOE Reveals Data Disclosure Involving 12,000 Workers
The Department of Energy is investigating a security breach in which personal information from at least 12,000 Savannah River Site workers was compromised
RT.COM
NATO Cyberwar Directive Declares Hackers Military Targets
NATO defines hacktivist as 'a private citizen ho on his or her own initiative engages in hacking for, inter alia, ideological, political, religious or patriotic reasons'
HERALD ONLINE
C Bill: Protect Credit For 10 Years
South Carolina's state Senate will vote on a bill that would offer credit-fraud protection for 10 years to taxpayers and others after hackers stole information belonging to 6.4 million consumers, children and businesses from the S.C. Department of Revenue last fall
NAKED SECURITY BLOG
Chameleons, Botnets And Click Fraud
Spider.io says it discovered a botnet that can generate more than $6 million a month through bogus clicks on online ads
THREAT POST
Vulnerabilities Continue To Weigh Down Samsung Android Phones
Italian researcher Roberto Paleari has found six exploitable bugs on older devices such as the Galaxy Tab and the newer Galaxy S3
EWEEK
Microsoft Finds Ramnit Botnet Refocuses On Managing Zombie Computers
The creators of the Ramnit botnet have stripped out its infection routines so that the malware focuses on building a better botnet and stealing financial credentials
THE WASHINGTON POST
US Treasury's Lew Presses China Over Hacking Allegations, Asks For More Help On North Korea
U.S. Treasury Secretary Jacob Lew pressed Chinese leaders over computer hacking and for help with North Korea during two days of talks
COMPUTERWORLD
Researcher Hijacks Unsecure Embedded Devices En Masse For Internet Scanning Project
Research highlights the potential for abuse of poorly configured embedded systems
HUFFINGTON POST
NATO Group To Publish Rules For Cyber Warfare
Even cyberwar has rules, and one group of experts is putting out a manual to prove it
SOFTPEDIA
Connection Found Between Attacks Against Brian Krebs, Ars Technica, And Matt Honan
"Phobia" is connected to all three attacks, according to research by Krebs
SOPHOS
Is It Ever Acceptable For A Journalist To Hack Into Somebody Else's Email?
Hack by Sky news journalist Gerard Tubb raises questions about ethics and law
THE REGISTER
FinFisher Spyware Goes Global, Mobile, And Undercover
Report claims to have found command-and-control servers in 25 countries
COMPUTERWORLD
U.S. Defense Scientist Bought Pirated Software From Russians And Chinese, DoJ Says
Pirated software was used to design components for military helicopters, including the president's Marine One fleet
XINHUANET
China's Cyber Security Under Severe Threat: Report
Hacks on Chinese websites -- particularly government sites -- are up significantly, CERT team says
BBC NEWS
South Korea Investigates Computer "Attack"
Suspected cyberattack has paralyzed computer networks at broadcasters and banks
THREAT POST
Ramnit Malware Back And Better At Avoiding Detection
Ramnit has been upgraded with new anti-detection capabilities, a troubleshooting module, enhanced encryption, and malicious payloads
ARS TECHNICA
Puzzle Box: The Quest To Crack The World's Most Mysterious Malware Warhead
Researchers thus far have been unable to decrypt one of the main components of Stuxnet cousin Gauss, raising speculation that it may deliver a warhead that's more destructive than Stuxnet
VENTURE BEAT
Subway Sandwich Chain Hit Again With Point Of Sale Hack
District Court of Massachusetts indicted another two hackers for stealing up to $40,000 from the company via LogMeIn
INVINCEA BLOG
Defense Contractor Website As A Watering Hole -- Sweet Orange EK
Defense contractor Femme Comp, Inc.'s website is serving up malware in a possible watering hole attack
THE HUFFINGTON POST
Andrew 'Weev' Auernheimer Sentenced To Over Three Years In Prison For Hacking AT&T Servers
Convicted hacker was sentenced to 41 months in prison for collecting thousands of email addresses from AT&T's servers and leaking them to a journalist
NBC NEWS
Cyberattack On Florida Election Is First Known Case In US, Experts Say
An attempt to illegally obtain absentee ballots in Florida last year is the first known case in the U.S. of a cyberattack against an online election system, according to computer scientists and lawyers
NEWS IN ENGLISH
Telenor Reports Industrial Espionage
Norwegian telecommunications company Telenor says cyberattackers infiltrated Telenor's network and stole information from top executives' personal computers
THREAT POST
Java Code, Details Released For Potential Sandbox Bypass Issue
More details and code demonstrating a possible security bug in Java were released by a Polish security research company
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- How Hackers Fool Your Employees: People are your most vulnerable endpoint. Make sure your security strategy addresses that fact.
- Not All Or Nothing: Effective security doesn't mean stopping all attackers.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-3342 (acrobat_reader)
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 do not properly handle operating-system domain blacklists, which has unspecified impact and attack vectors.
CVE-2013-3341 (acrobat_reader)
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, and CVE-2013-3340.
CVE-2013-3340 (acrobat_reader)
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, and CVE-2013-3341.
CVE-2013-3339 (acrobat_reader)
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3340, and CVE-2013-3341.
CVE-2013-3338 (acrobat_reader)
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.