Best Of Web
Best Of The Web
INFOSEC ISLAND
Potential Collateral Damage From An Israeli First Strike On Iran
Concern over how the plan if employed would affect other parts of the world, as well as fiber infrastructure
KREBS ON SECURITY
New Adobe Flash Player Update Fixes 6 Flaws
Adobe has pushed a critical security update for its Flash Player software that comes one week after the company rushed out a fix for a flaw that attackers were exploiting in the wild
SC MAGAZINE
GAO Scolds EPA For Poor Security
Audit finds Environmental Protection Agency failing to employ strong passwords, least user privileges, and encrypting sensitive data, among other issues
NAKED SECURITY BLOG
Apple Zombie Malware 'Netweird' Rummages For Browser And Email Passwords
NetWeird malware is not in the wild yet, but it�s being sold in the black market as a Mac malware tool
EWEEK
Google Recruiting Privacy, Security Specialist In Wake Of FTC Fines
Google is looking to hire a new data privacy engineer to boost its data security practices in the wake of a $22.5 million fine for allegedly bypassing privacy settings for the Safari browser
THREAT POST
Which Browser Offers The Most Secure Password Storage?
Firefox is the most secure browser for password storage because of its built-in master password feature that encrypts passwords
SECURITY WEEK
Grum Botnet: Down One Month, No Impact On Spam
The spam botnet Grum was shut down more than a month ago, but spam experts say it didn't make a noticeable impact on global spam volume
GARTNER BLOG
On SIEM Deployment Evolution
SIEMs can get stuck in "nonproductive" phases, such as inefficient log collection or "check-box" compliance
PC MAGAZINE
8 Simple Tips for Mac Security
Back up your data with Time Machine, run antivirus, disable JavaScript, and other tips for keeping Macs safe
SOFTPEDIA
Bogus Speeding Tickets Point To Malicious Russian Websites
Avira has discovered a new Trojan variant that poses as police sending traffic tickets via email -- this one uses a malicious link
THE REGISTER
Mainstream Antivirus Software Only Has Small Window For Detecting And Blocking Attacks, According To A Controversial New Study
Host-based intrusion prevention firm Carbon Black says it found in a study that if an antivirus package does not detect a piece of newly discovered malware within six days of its first being detected by another firm, it isn�t likely to detect the sample 30 days later -- but AV expert says study methodology may have made it misleading
SECURITY WEEK
Today's Cyber-War Is A Cold War, Some Say
"Cyber war" today is mostly a cold war of espionage and theft of intellectual property, expert says
THREAT POST
Aramco Threatened With New Attack
The hacker group that claimed responsibility for allegedly destroying data on thousands of machines at Saudi Aramco and took the company's Web presence offline says that it will launch a second attack on Saturday in order to prove its abilities and the fact that it's not relying on help from an Aramco insider.
SOFTPEDIA
Niroo Research Institute Of Iran Hacked, 673 User Accounts Leaked
An Israeli hacker called Yourikan has taken credit for hacking the website of an Iranian organization affiliated to the Ministry of Energy that focuses on the development of new technologies for the industry
MICROSOFT TECHNET BLOG
Microsoft Unveils A New Look
After 25 years, Microsoft updates its logo amid the release of Windows 8 and other new products
BUSINESS INSIDER
The Fight For Control Of The Internet Has Become Critical
Governments for years have trying to scale back freedoms on the Internet and the upcoming international meeting on the future of Net could put cyberspace under the authority of an obscure UN agency
FORBES
Is An International Cyber Regulatory Agency Needed?
No short-term resolution to an international agreement to restrict cyberarms, and meanwhile there will be an escalating arms race and cyber weapons incorporated into arsenals
COMPUTERWORLD
Siemens Works To Fix Vulnerability In Critical Control Networks
Vulnerability due to hard-coded RSA SSL private key in RuggedCom's Rugged Operating System that could let attackers decrypt traffic between an end user and the router
V3
Cyber Weapons Do Not Exist, Claims F-Secure
Businesses are being distracted with focusing on complex malware like Flame, Stuxnet, and Gauss, when they should be more worried about regular cybercrime
NAKED SECURITY BLOG
Naked Prince Harry Pics -- Be Careful What You Click On!
Be on the lookout for phony links purporting to be photos of Prince Harry's alleged night of "strip poker" in Las Vegas
SOFTPEDIA
DARPA Wants To Dominate Cyber Battlespace With Plan X
The U.S. Defense Advanced Research Projects Agency (DARPA)�s new Plan X is for developing technologies to better understand, manage, and plan cyberwarfare -- not to build cyberweapons
SYMANTEC BLOG
Crisis For Windows Sneaks Onto Virtual Machines
Crisis malware can spread to four different environments: Mac, Windows, virtual machines, and Windows Mobile
IOACTIVE BLOG
One Mail To Rule Them All
Don't rely on your software or online vendors to protect you, take precautions of your own such as destroying emails, minimizing your details online
THREAT POST
Gamecock Data Breach Affects 34,000
The University of South Carolina was hacked in and the personal information of some 34,000 individuals associated with the school's College of Education could have been affected, including data as far back as 2005
STOREFRONTBACKTALK
IKEA Kills Self-Checkout In The U.S. For An Unusual Reason: It Was Too Secure And, Therefore, Too Slow
IKEA Group's U.S. operations is closing its self-checkout point-of-sale systems due to the required oversight and staff time -- the systems also were slow because they were more secure
BBC
U.S. Seizes Android App Piracy Sites In Copyright Crackdown
U.S. authorities have blocked three websites offering pirated copies of Android apps in what the Justice Department calls the first time domains "involving cell phone app marketplaces have been seized"
THREAT POST
AMD 'Hackette' Serves As Warning To Patch, Patch, Patch
Web administrators using WordPress should pay attention to the hack of microprocessor maker AMD, which was hacked by a hacker gange called r00tBeer Security Team
BANK INFOSECURITY
ABA's Take On '.Bank'
The American Bankers Association and Financial Services Roundtable has filed an application for oversight of the .bank domain
CNN SECURITY BLOG
Executives Advocate A Military Approach To Cybersecurity
A new study by CounterTack found that 80 percent of IT people believe taking a more military-minded approach to the cyberwar could benefit business
INFOSECURITY MAGAZINE
r00tbeer Strikes Again -- Twice
Hacking group r00tbeer security now has hacked Dutch electronics giant Philips and the UK�s Student Room
TECHWORLD
Hackers Blamed After Database Of 1,300 Children Exposed On Internet
An educational consultancy suffered a data breach that left detailed personal records of more than 1,300 children exposed on its website for an unknown period of time
INTERNET SOCIETY
Proposals For New Interconnection Model Comes Up Short (PDF)
Proposed new interconnection model for the Internet risks fragmenting the Internet, Internet society says in new white paper
THE REGISTER
McAfee Puts Barnaby Jack On Car-Jacking Hackers' Case
A team of elite researchers from McAfee will investigate how to protect automobile systems from next-generation hacking attacks
THREAT POST
AMD 'Hackette' Serves As Warning To Patch, Patch, Patch
Web administrators using WordPress should pay attention to the hack of microprocessor maker AMD, which was hacked by a hacker gange called r00tBeer Security Team
BANK INFOSECURITY
Zeus Variant Targets U.S. Accounts
The FBI has warned banks that they should take action to defend against a wave of targeted ransomware attacks
FORBES
Hotel Lock Firm's Security Fix Requires Hardware Changes For Millions Of Keycard Locks
Onity will fix a security flaw that could allow thieves to insert a homemade device into its keycard locks and open them in seconds
EXTREME TECH
Hackers Backdoor The Human Brain, Successfully Extract Sensitive Data
Researchers at the Usenix Security conference demonstrated how it's possible to hack someone's brain and reveal information using a commercial off-the-shelf brain-computer interface
THREAT POST
Wright-Patt Officials Discipline Those Connected To Misplaced Notebook
The Air Force is taking disciplinary action against members of the 88th Medical Group in Ohio who left a notebook storing sensitive data in a conference room following a blood drive on base
SECURITY WEEK
Resilient "SMSZombie" Exploits China Mobile's Payment System -- Over 500,000 Android Devices Infected, Firm Says
Researchers from TrustGo discovered a mobile threat targeting Android phones that is said to have infected roughly 500,000 devices, mainly in China
SECURITY FAQS.COM
How Can I Detect If My Computer Is Part Of A Botnet?
An updated antivirus package can help, but if your computer is using resources when you are not on it that is a good indicator that something is wrong -- also, the free Botnet Checker tool can help
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- Endpoint Security: End user security requires layers of tools and training as employees use more devices and apps.
- Security Isn't A Piece Of Cake: It's time we rethink the conventional wisdom about security layering.
- BYOD Is Here To Stay: Trying to keep employees' devices off the network is futile.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-2866
The Flash plug-in in Google Chrome before 27.0.1453.116 does not properly determine whether a user wishes to permit camera or microphone access by a Flash application, which allows remote attackers to obtain sensitive information from a machine's physical environment via a clickjacking attack, as demonstrated by an attack using a crafted Cascading Style Sheets (CSS) opacity property.
CVE-2013-2969
Cross-site scripting (XSS) vulnerability in IBM Sterling Control Center (SCC) 5.2 before 5.2.0.9, 5.3 before 5.3.0.4, and 5.4 through 5.4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving invalid characters.
CVE-2013-2968
An unspecified buffer-read method in IBM Sterling Control Center (SCC) 5.2 before 5.2.0.9, 5.3 before 5.3.0.4, and 5.4 through 5.4.0.1 allows remote authenticated users to cause a denial of service via a large file that lacks end-of-line characters.
CVE-2013-4622 (droid_incredible)
The 3G Mobile Hotspot feature on the HTC Droid Incredible has a default WPA2 PSK passphrase of 1234567890, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area.
CVE-2013-0484 (cognos_tm1)
The server process in IBM Cognos TM1 10.1.x before 10.1.1 FP1 allows remote attackers to cause a denial of service (daemon crash) via an undocumented API call that triggers the transmission of unexpected data.