Best Of Web
Best Of The Web
WIRED
How Apple And Amazon Security Flaws Led To My Epic Hacking
Victim of thorough identity destruction tells how it happened -- and who's to blame
APP RIVER
Fake Gabby Douglas YouTube Videos Spreading Botnet Infection
Botnet operators attempt to take advantage of young gymnast's popularity
COMPLIANCE WEEK
The Push For New Cyberthreat Disclosure Requirements
A look at the need for faster, more effective vulnerability and breach disclosures
THE REGISTER
Reuters Suffers Double Hack
Blog platform, Twitter account hijacked
CBR
AT&T Users Hit By Huge Phishing Scam
Security firm Websense is warning AT&T customers to be on guard after it detected a huge phishing campaign masquerading as a billing email
SC MAGAZINE
Thumb Drive With Data On 14,000 Hospital Patients Stolen
USB drive with data on thousands of patients stolen from home of Oregon Health & Science University employee
BIKYAMASR
Hong Kong Alleged Anonymous Hacker Arrested For Facebook Threat
Suspected member of Anonymous is arrested after he claimed on Facebook that he would hack government websites
THE HILL
After Defeat Of Senate Cybersecurity Bill, Obama Weighs Executive-Order Option
White House may use power of executive order to strengthen cybersecurity defenses if Congress refuses to act
CNET
Gizmodo Sees Twitter Account Hacked
Hackers gain access through a former employee's Twitter account, which they breached first
CNET
Yahoo User Sues Over Password Leak
Lawsuit claims Yahoo was negligent in not encrypting data and not securing database against SQL injection attack
CRN
Data Breach Costs LinkedIn $1 Million
Costs of recuperating from data compromise will be close to the $1M mark, official says
THREAT POST
Illinois Outlaws Employer Requests For Facebook Passwords
Illinois is second state in the U.S. to ban companies from asking employees and applicants for their login information
TECHOPEDIA
Penetration Testing And The Delicate Balance Between Security And Risk
Pen testing helps system administrators get the data they need to determine acceptable levels of risk
THREAT POST
Illinois Outlaws Employer Requests For Facebook Passwords
Illinois is second state in the U.S. to ban companies from asking employees and applicants for their login information
PYMNTS.COM
Clear And Present Payments Danger: Fraud Shifting To U.S., Getting More Complex
Attacks increasingly being directed at U.S.-based financial institutions, and fraudsters are getting smarter
BBC
Facebook Has More Than 83 Million Illegitimate Accounts
Company says 8.7 percent of its 955 million active accounts are rule-breakers
BUSINESSWEEK
The Cost Of Cybercrime
In study, researchers say enterprises should spend less on anticipation of cybercrime, and more on response
KREBS ON SECURITY
Uptick In Cyber Attacks On Small Businesses
New data says cyberattacks on small businesses have doubled over the past six months
SMART GRID NEWS
Cyberattacks Against Infrastructure Jump 17-Fold, Warns National Security Agency
Head of NSA warns that attacks on U.S. infrastructure have grown rapidly since 2009
BUSINESSWEEK
The Cost Of Cybercrime
In study, researchers say enterprises should spend less on anticipation of cybercrime, and more on response
KREBS ON SECURITY
Uptick In Cyber Attacks On Small Businesses
New data says cyberattacks on small businesses have doubled over the past six months
BBC
Facebook Has More Than 83 Million Illegitimate Accounts
Company says 8.7 percent of its 955 million active accounts are rule-breakers
TECHOPEDIA
Penetration Testing And The Delicate Balance Between Security And Risk
Pen testing helps system administrators get the data they need to determine acceptable levels of risk
INFOSEC ISLAND
Def Con: Dan Tentler Discusses The Power Of Shodan
Shodan can be used to search the Internet for potentially vulnerable services, but it's also a powerful defensive posturing tool, speaker says
SMART GRID NEWS
Cyberattacks Against Infrastructure Jump 17-Fold, Warns National Security Agency
Head of NSA warns that attacks on U.S. infrastructure have grown rapidly since 2009
INFOSEC ISLAND
Def Con: Dan Tentler Discusses The Power Of Shodan
Shodan can be used to search the Internet for potentially vulnerable services, but it's also a powerful defensive posturing tool, speaker says
PYMNTS.COM
Clear And Present Payments Danger: Fraud Shifting To U.S., Getting More Complex
Attacks increasingly being directed at U.S.-based financial institutions, and fraudsters are getting smarter
THE REGISTER
Flame Worm's Makers Fail To Collect Epic 0wnage Award
The Pwnie Awards at Black Hat gave the Flame malware the Epic 0wnage award, but no surprise when Flame's developers didn't show up to accept the award
THREAT POST
Google Chrome 21 Fixes Six High-Risk Vulnerabilities
Google has released Chrome 21, which fixes more than 24 security bugs, including one critical flaw
VERIZON BUSINESS SECURITY BLOG
Announcing Veriscommunity.net
Verizon has beefed up the sharing process of its VERIS system -- all valid submissions now will be added to a dataset that is publicly accessible via a free dashboard
BLOOMBERG
Iran Denies Nuclear Plants Hit By Virus Playing AC/DC
Iran denied that its nuclear facilities suffered a breach that shut down computers and played music from the rock band AC/DC, the state-run Iranian Students News Agency reported
H ONLINE
EFI Rootkit For Macs Demonstrated
Australian security expert Loukas K (a.k.a. Snare demonstrated a rootkit that inserts itself into a Macbook Air's EFI firmware and bypasses FileVault hard drive encryption
SECURITY WEEK
China's Huawei Responds To US Hackers
In response to Def Con researchers showing how it was easy to hack Huawei Technologies' routers, the Chinese firm on Wednesday said its security strategies were strong
ARS TECHNICA
Attack Against Microsoft Scheme Puts Hundreds Of Crypto Apps At Risk
Researchers Moxie Marlinspike and David Hulton demonstrated an attack against a Microsoft-developed authentication scheme that can then crack the encryption of anonymity and security services
CNEWS
Kaspersky Lab Develops Own OS
The HeadHunter website announced two vacancies that reveal that Kaspersky Lab is developing a secure operating system for for SCADA automated control systems
FEDERAL COMPUTER WEEK
Pentagon Sets Cybersecurity Sights On Social Networking
DoD seeks better tools for tracking postings and social interaction on Facebook, other networks for "military purposes"
COMPUTERWORLD
Digital Duct Tape For SSL
SSL authentication methods are under fire, but certificate pinning could help them hold out a bit longer
WIRED
Credit Card Roulette: Payment Terminals Pwned In Vegas
Vulnerabilities in popular payment terminals could lead to major data leaks for retailers, customers
ZDNET
Research: 80 Percent Of Carberp-Infected Computers Had Antivirus Software Installed
Study suggests antivirus software is ineffective in many cases
THE REGISTER
Anonymous Declares War After French Firm Trademarks Its Logo
Really bad business plans 101
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
- Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-3496 (vipnet_client, vipnet_coordinator, vipnet_personal_firewall, vipnet_safedisk)
Infotecs ViPNet Client 3.2.10 (15632) and earlier, ViPNet Coordinator 3.2.10 (15632) and earlier, ViPNet Personal Firewall 3.1 and earlier, and ViPNet SafeDisk 4.1 (0.5643) and earlier use weak permissions (Everyone: Full Control) for a folder under %PROGRAMFILES%\Infotecs, which allows local users to gain privileges via a Trojan horse (1) executable file or (2) DLL file.
CVE-2013-2849 (chrome)
Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome before 27.0.1453.93 allow user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) drag-and-drop or (2) copy-and-paste operation.
CVE-2013-2848 (chrome)
The XSS Auditor in Google Chrome before 27.0.1453.93 might allow remote attackers to obtain sensitive information via unspecified vectors.
CVE-2013-2847 (chrome)
Race condition in the workers implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via unknown vectors.
CVE-2013-2846 (chrome)
Use-after-free vulnerability in the media loader in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2013-2840.