Best Of Web
Best Of The Web
NSS LABS BLOG
The Targeted Persistent Attack (TPA) -- When The Thing That Goes Bump In The Night Really Is The Bogeyman
Misconceptions abound that "advanced" attacks are the big risk, but it's really those attacks targeted against a specific organization and are designed not to stop until the attackers have achieved their goal
THE NEWS.COM
India Accuses Pakistan of Cyber Warfare, Workers' Exodus
The Indian government is blaming the panic that ensued in the northeast on Pakistan as 76 websites were blocked and text messaging banned temporarily
SOFTPEDIA
MyAgent Trojan Targets Aerospace, Chemicals, Technology And Defense Industries
Trojan.MyAgent is targeting defense, chemicals, technology, and aerospace industries and spreading via an email attachment
THREAT POST
Researcher Finds iPhone Bug Allows SMS Spoofing
The iPhone's SMS app has a flaw that could allow an attacker to message a victim and appear to come from any number that the sender specifies
THREAT POST
Twitter To Update API To Require Authentication
Twitter is is now requiring app develoeprs to use authentication with its new API to prevent malicious use of the API
NEW YORK TIMES BLOG
Company Denies Role In Recently Uncovered Spyware
Gamma Group, a British company that sells surveillance technologies including FinFisher, said a spyware program running on servers in 11 countries is not part of its product family
EWEEK
U.S., China Talks Address Cyber-Weapons, Not Cyber-Spying
The U.S. and China have participated in informal talks on restricting cyberattacks, better crisis communication and mitigating the risk of attacks by third parties, but they aren't talking about cyberespionage
THE WASHINGTON POST
Stepped-Up Computer Monitoring Of Federal Workers Worries Privacy Advocates
The WikiLeaks scandal and concerns about leaks has federal agencies more closely monitoring employees in real time
INFOSECURITY MAGAZINE
AT&T DDoS'ed By Unkown Attackers
AT&T business customers suffered distrupted service this week while AT&T DNS servers came under DDoS attack from an unknown source
MASHABLE
10 Online Security Tips For Gen Y
Just 31% of Gen Y users say security is a top consideration when making decisions about their computer, while most ranked entertainment and community higher
TELEGRAPH
Olympics Was Threatened With Cyberattack
Hackers attempted to disrupt London games with attack on power supply, according to reports
CREDIT UNION TIMES
As Tide Of Fraud Rises, Prevention Still Remains A Cure
High cost of fraud and subsequent litigation forces financial institutions to invest more heavily in detection, prevention
NEXTGOV
Cyber Command Struggles To Define Its Place On A Shifting Battlefield
Security organization is becoming more open about the military's capabilities in cyberspace
LAW.COM
Cybersecurity Becoming No. 1 Concern For General Counsels And Directors
Writer Mat Honan's detailed account of his own identity theft causes many to rethink security dangers
HELP NET SECURITY
Provisioning Is Not Access Governance
Provisioning is only part of the governance problem, expert says
COMPUTERWORLD
iCloud: Security Risk?
Security may be the key piece missing in not-so-seamless service
REUTERS
Saudi Aramco Says Virus Shuts Down Its Computer Network
Oil firm says it has cut off external access as a precaution
NETWORK WORLD
New NIST Encryption Guidelines May Force Federal Agencies To Replace Old Websites
NIST's updated Transport Layer Security Standard requires number of security changes
COMPUTERWORLD
Walmart, Target Others Team To Offer Mobile Payments Network
Retailers including Best Buy, Walmart, Target, and 7-Eleven have formed the Merchant Customer Exchange (MCX), a mobile-payments network that will compete with Google and Isis
FARS NEWS
Official: Iran To File Lawsuits Against Cyber Terrorists
The head of Iran's Presidential Center for International Legal Affairs Majid Jafarzadeh said Tehran is plans to file a lawsuit against the cyberattackers who targeted Iran's infrastructures
TORRENT FREAK
RUTracker Taken Over By Hackers
Russian BitTorrent tracker RUTracker was hit by a cyberattack where attackers gained control over its domain name and updated the Whois information
NEXT WEB
Hackers Steal 500,000 Credit Card Details From Australian Business, Damage Expected To Top $25M
In what Australian police say was "a disaster waiting to happen," cyberthieves have stolen information on some 500,000 credit cards in Australia after hacking into a poorly secured database of an unnamed business
THE REGISTER
Microsoft, Adobe Throw Fire Blanket Over Blaze Of Security Flaws
Microsoft has fixed 26 security flaws, at least five of which are critical, and at least one bug is being actively exploited by hackers to compromise machines
REUTERS
Reuters Blogging Platform Hacked, False Saudi Blog Posted
Reuters News' blogging platform was breached on Wednesday and rigged with a phony post saying Saudi Arabia's Foreign Minister Prince Saud al-Faisal had died
HELP NET SECURITY
Google Ups Prizes In Chromium Bug Bounty Program
A noticeable decline in externally reported security issues for Chromium has indicated taht bugs are becoming harder to find in the Google platform, so Google has restructured its reward system for researchers
NAKED SECURITY BLOG
Google To Demote Websites With Pirated Content
After receiving some 4.5 million URL takedown requests in the past month, Google is now planning to push sides with alleged copyright-infringement content further down its ranked search results
NEW YORK TIMES
Elusive FinSpy Spyware Pops Up In 10 Countries
Cyberespionage tool is marketed as a way for governments to spy on criminals
TECHNOLOGY REVIEW
The iPhone Has Passed A Key Security Threshold
Department of Justice says law enforcement can't crack the device -- which could make it a criminal favorite
EXTREME TECH
Could You Hack Into Mars Rover Curiosity?
Roving spacecraft attempts firmware upgrade
BANK INFO SECURITY
Google To Pay $22.5 Million FTC Fine
Largest civil penalty ever levied by commission resulted from deceptive cookie practices
THE KOREA HERALD
Hackers Steal Nearly 9 Million Korea Telecom Subscribers' Data
Polices arrest two on suspicion of stealing and selling personal information
TECHWEEK EUROPE
Bitcoin Exchange Sued For Fraud
Four former customer say the virtual currency exchange owes them nearly $500,000
THREAT POST
Microsoft Patches Critical MS12-060 Office Flaw Being Used In Targeted Attacks
Flaw also present in SQL Server, other widely deployed apps; exploits already in the wild
BLOOMBERG
Knight Trading Loss Said To Be Linked To Dormant Software
$440 million trading loss stemmed from old software that was inadvertently reactivated when a new program was installed
COMPUTERWORLD
Security Experts Push Free Gauss Detection Tools
Kaspersky Lab and the Laboratory of Cryptography and System Security (CrySys) at the Budapest University of Technology and Economics each released tools to check for possible infections by Gauss malware
TREND MICRO BLOG
How To Thwart The Digital Insider -- An Advanced Persistent Response To Targeted Attacks (PDF)
Assume you have been compromised and build an advanced persistent response, which requires better awareness of what�s going on inside your network and the ability to correlate events happening outside
HOMELAND SECURITY NEWSWIRE
Obama Considering Executive Order For Infrastructure Protection
President Obama is looking at whether to issue an executive order to protect the U.S. critical computer infrastructure from cyberattacks after Congress failed to pass any legislation on it
CYBERCRIME AND DOING TIME
Carder Christopher Schroebel Gets Seven Years
A U.S. Attorney has sentenced Christopher A. Schroebel, a 21-year old man from Maryland, to seven years in prison for hacking
FIREEYE BLOG
Surprises In Our Advanced Threat Awareness Survey
FireEye survey among enterprise security professionals finds myths and misunderstandings regarding advanced persistent threats and a disconnect in the understanding of what constitutes an advanced targeted attack and which technologies protect against them
SECURITY WEEK
Report Examines Code Behind Crisis Trojan Targeting Mac OS X
ThreatMetrix report shows how Crisis targets OS X 10.6 and 10.7, but it will not run on 10.8 (Mountain Lion) without modification, and that the kernel driver created after an infection appears to be designed to work on OS X 10.5, 10.6, and 10.7
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
- Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-3562
Multiple integer signedness errors in the tvb_unmasked function in epan/dissectors/packet-websocket.c in the Websocket dissector in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (application crash) via a malformed packet.
CVE-2013-3561
Multiple integer overflows in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (loop or application crash) via a malformed packet, related to a crash of the Websocket dissector, an infinite loop in the MySQL dissector, and a large loop in the ETCH dissector.
CVE-2013-3560
The dissect_dsmcc_un_download function in epan/dissectors/packet-mpeg-dsmcc.c in the MPEG DSM-CC dissector in Wireshark 1.8.x before 1.8.7 uses an incorrect format string, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
CVE-2013-3559
epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.8.x before 1.8.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (integer overflow, and heap memory corruption or NULL pointer dereference, and application crash) via a malformed packet.
CVE-2013-3558
The dissect_ccp_bsdcomp_opt function in epan/dissectors/packet-ppp.c in the PPP CCP dissector in Wireshark 1.8.x before 1.8.7 does not terminate a bit-field list, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.