Best Of Web
Best Of The Web
WIRED
How Apple And Amazon Security Flaws Led To My Epic Hacking
Victim of thorough identity destruction tells how it happened -- and who's to blame
APP RIVER
Fake Gabby Douglas YouTube Videos Spreading Botnet Infection
Botnet operators attempt to take advantage of young gymnast's popularity
COMPLIANCE WEEK
The Push For New Cyberthreat Disclosure Requirements
A look at the need for faster, more effective vulnerability and breach disclosures
THE REGISTER
Reuters Suffers Double Hack
Blog platform, Twitter account hijacked
CBR
AT&T Users Hit By Huge Phishing Scam
Security firm Websense is warning AT&T customers to be on guard after it detected a huge phishing campaign masquerading as a billing email
SC MAGAZINE
Thumb Drive With Data On 14,000 Hospital Patients Stolen
USB drive with data on thousands of patients stolen from home of Oregon Health & Science University employee
BIKYAMASR
Hong Kong Alleged Anonymous Hacker Arrested For Facebook Threat
Suspected member of Anonymous is arrested after he claimed on Facebook that he would hack government websites
THE HILL
After Defeat Of Senate Cybersecurity Bill, Obama Weighs Executive-Order Option
White House may use power of executive order to strengthen cybersecurity defenses if Congress refuses to act
CNET
Gizmodo Sees Twitter Account Hacked
Hackers gain access through a former employee's Twitter account, which they breached first
CNET
Yahoo User Sues Over Password Leak
Lawsuit claims Yahoo was negligent in not encrypting data and not securing database against SQL injection attack
CRN
Data Breach Costs LinkedIn $1 Million
Costs of recuperating from data compromise will be close to the $1M mark, official says
THREAT POST
Illinois Outlaws Employer Requests For Facebook Passwords
Illinois is second state in the U.S. to ban companies from asking employees and applicants for their login information
TECHOPEDIA
Penetration Testing And The Delicate Balance Between Security And Risk
Pen testing helps system administrators get the data they need to determine acceptable levels of risk
THREAT POST
Illinois Outlaws Employer Requests For Facebook Passwords
Illinois is second state in the U.S. to ban companies from asking employees and applicants for their login information
PYMNTS.COM
Clear And Present Payments Danger: Fraud Shifting To U.S., Getting More Complex
Attacks increasingly being directed at U.S.-based financial institutions, and fraudsters are getting smarter
BBC
Facebook Has More Than 83 Million Illegitimate Accounts
Company says 8.7 percent of its 955 million active accounts are rule-breakers
BUSINESSWEEK
The Cost Of Cybercrime
In study, researchers say enterprises should spend less on anticipation of cybercrime, and more on response
KREBS ON SECURITY
Uptick In Cyber Attacks On Small Businesses
New data says cyberattacks on small businesses have doubled over the past six months
SMART GRID NEWS
Cyberattacks Against Infrastructure Jump 17-Fold, Warns National Security Agency
Head of NSA warns that attacks on U.S. infrastructure have grown rapidly since 2009
BUSINESSWEEK
The Cost Of Cybercrime
In study, researchers say enterprises should spend less on anticipation of cybercrime, and more on response
KREBS ON SECURITY
Uptick In Cyber Attacks On Small Businesses
New data says cyberattacks on small businesses have doubled over the past six months
BBC
Facebook Has More Than 83 Million Illegitimate Accounts
Company says 8.7 percent of its 955 million active accounts are rule-breakers
TECHOPEDIA
Penetration Testing And The Delicate Balance Between Security And Risk
Pen testing helps system administrators get the data they need to determine acceptable levels of risk
INFOSEC ISLAND
Def Con: Dan Tentler Discusses The Power Of Shodan
Shodan can be used to search the Internet for potentially vulnerable services, but it's also a powerful defensive posturing tool, speaker says
SMART GRID NEWS
Cyberattacks Against Infrastructure Jump 17-Fold, Warns National Security Agency
Head of NSA warns that attacks on U.S. infrastructure have grown rapidly since 2009
INFOSEC ISLAND
Def Con: Dan Tentler Discusses The Power Of Shodan
Shodan can be used to search the Internet for potentially vulnerable services, but it's also a powerful defensive posturing tool, speaker says
PYMNTS.COM
Clear And Present Payments Danger: Fraud Shifting To U.S., Getting More Complex
Attacks increasingly being directed at U.S.-based financial institutions, and fraudsters are getting smarter
THE REGISTER
Flame Worm's Makers Fail To Collect Epic 0wnage Award
The Pwnie Awards at Black Hat gave the Flame malware the Epic 0wnage award, but no surprise when Flame's developers didn't show up to accept the award
THREAT POST
Google Chrome 21 Fixes Six High-Risk Vulnerabilities
Google has released Chrome 21, which fixes more than 24 security bugs, including one critical flaw
VERIZON BUSINESS SECURITY BLOG
Announcing Veriscommunity.net
Verizon has beefed up the sharing process of its VERIS system -- all valid submissions now will be added to a dataset that is publicly accessible via a free dashboard
BLOOMBERG
Iran Denies Nuclear Plants Hit By Virus Playing AC/DC
Iran denied that its nuclear facilities suffered a breach that shut down computers and played music from the rock band AC/DC, the state-run Iranian Students News Agency reported
H ONLINE
EFI Rootkit For Macs Demonstrated
Australian security expert Loukas K (a.k.a. Snare demonstrated a rootkit that inserts itself into a Macbook Air's EFI firmware and bypasses FileVault hard drive encryption
SECURITY WEEK
China's Huawei Responds To US Hackers
In response to Def Con researchers showing how it was easy to hack Huawei Technologies' routers, the Chinese firm on Wednesday said its security strategies were strong
ARS TECHNICA
Attack Against Microsoft Scheme Puts Hundreds Of Crypto Apps At Risk
Researchers Moxie Marlinspike and David Hulton demonstrated an attack against a Microsoft-developed authentication scheme that can then crack the encryption of anonymity and security services
CNEWS
Kaspersky Lab Develops Own OS
The HeadHunter website announced two vacancies that reveal that Kaspersky Lab is developing a secure operating system for for SCADA automated control systems
FEDERAL COMPUTER WEEK
Pentagon Sets Cybersecurity Sights On Social Networking
DoD seeks better tools for tracking postings and social interaction on Facebook, other networks for "military purposes"
COMPUTERWORLD
Digital Duct Tape For SSL
SSL authentication methods are under fire, but certificate pinning could help them hold out a bit longer
WIRED
Credit Card Roulette: Payment Terminals Pwned In Vegas
Vulnerabilities in popular payment terminals could lead to major data leaks for retailers, customers
ZDNET
Research: 80 Percent Of Carberp-Infected Computers Had Antivirus Software Installed
Study suggests antivirus software is ineffective in many cases
THE REGISTER
Anonymous Declares War After French Firm Trademarks Its Logo
Really bad business plans 101
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
- HP Newsletter with Gartner Research: Maximizing Your Infrastructure through Virtualization
- Understanding Holistic Database Security 8 Steps to Successfully Securing Enterprise Data Sources
- A How-To Guide on Using Cloud Services for Security-Rich Data Backup
- Holistic Risk Management: Perspectives from IT Professionals
- Aligning IT with strategic business goals: A proactive approach to managing IT risk to your business
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
- Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2012-4697
TURCK BL20 Programmable Gateway and BL67 Programmable Gateway have hardcoded accounts, which allows remote attackers to obtain administrative access via an FTP session.
CVE-2011-4520
Heap-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page.
CVE-2011-4519
Stack-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page.
CVE-2011-4518
Directory traversal vulnerability in the PmWebDir object in the web server in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2012-6563
engine/lib/access.php in Elgg before 1.8.5 does not properly clear cached access lists during plugin boot, which allows remote attackers to read private entities via unspecified vectors.