Best Of Web
Best Of The Web
THREAT POST
Firms Need 'Tough Love' In Struggle Against APTs
Amit Yoran, former CEO of NetWitness Corp. and now a senior vp at RSA, says both the private sector and government need to change gears and adopt practices and monitoring that can spot sophisticated attackers
ADOBE BLOG
International Technology Upgrade Week: A Global Initiative To Encourage Consumers to Ensure Their Software Is (And Stays) Up-To-Date
Adobe commends Skype, Norton by Symantec, and TomTom for their new "International Technology Upgrade Week" campaign to encourage consumers to regularly download and install software updates
SEARCHSECURITY
Black Hat 2012: MITRE To Detail STIX Cyberthreat Intelligence System
DHS and Mitre are creating a framework to standardize cyberthreat intelligence-sharing
COMPUTERWORLD
Dropbox Says No Evidence Of Hack In Investigation Of Spam
Dropbox's ongoing investigation into a possible breach did not find any evidence that its systems have been infiltrated, according to an update Friday to the company's user forum
CLOUDMARK
New EMessaging Threat Report (PDF)
SMS spam volume peaked in April, and a significant rise in free gift card scams via SMS hit during the second quarter of this year, according to Cloudmark's report
THE REGISTER
Skype: Nearly Half Of Adults Don't Install Software Updates
New Skype survey commissioned by Skype found that 40 percent of adults do not always update their software when prompted and 25 percent don�t update their software because they think there's no benefit to doing so
NAKED SECURITY BLOG
Indian Computers The Worst For Flooding The Internet With Spam, Report Discovers
Sophos' new list of top spam-relaying countries finds India as No. 1 with 11 percent of the world's spam during April, May, and June 2012
THREAT POST
EFF: New Cybersecurity Bill Better, Still Unnecessary
The retooled Lieberman-Collins Cybersecurity Act is an improvement, according to the EFF, including its clarification that the National Security Agency not be in charge of protecting civilian networks
SC MAGAZINE
APWG Report On The Highest Number Of Phishing Sites Ever Detected
The Anti-Phishing Working Group (APWG) says 56,859 unique phishing sites were detected in February, while between 25,000 and 30,000 unique phishing email campaigns are detected each month.
SILICON REPUBLIC
Android Malware Up By 300% In Past Three Months
Kindsight Security Labs report says one of every 140 mobile devices was infected, and mainly Androids and laptops
THE WALL STREET JOURNAL
Taking The Cyberattack Threat Seriously
President Obama urges the Senate to pass the bipartisan Cybersecurity Act of 2012
ZDNET
Firefox 14 Fixes 5 Critical Security Vulnerabilities
Among the vulnerabilities fixed in the latest Firefox update were clickjacking, use-after-free, cross-site scripting, and spoofing and filtering flaws
SOFTPEDIA
1,200 Usernames, Passwords Leaked From Yale University
A hacking group that goes by the name "NullCrew" that previously breached ASUS broke into databases at Yale University, gaining access to details on 1,200 students and staffers
SECURITY WEEK
Hacker, Credit Card Thief Sentenced To Seven Years In Prison
An Estonian man was sentenced to seven years in prison for his role in hacking restaurant chain Dave & Buster's and stealing 81,005 credit card numbers and later attempting to sell 160,000 stolen credit card numbers to an undercover agent
COMPUTERWORLD
Update: Microsoft Posts Loss, Slight Revenue Increase In Q4
Microsoft's Windows and Windows Live Division suffered a decrease of 13 percent in its quarterly revenue
ARS TECHNICA
Hacking Duo Charged With DDoSing Amazon, Then Bragging About It
Feds say the pair also launched crippling Web attacks on eBay and Priceline
SC MAGAZINE
Video: The Growing Sophistication Of Threats
McAfee co-president discusses Stuxnet, Flame, and the evolution of complex attacks
DAMBALLA
The Intricacies Of Sinkholes
Researchers register botnet domains before botnet operators do
COMPUTER WEEKLY
Europol Leads Initiative To Pool Cyber Crime Intelligence
International Cyber Security Protection Alliance proposes to pool intelligence from business, government, law enforcement, security agencies, and IT security professionals
SC MAGAZINE
Yahoo Session Hijacking Likely Culprit Of Android Spam
Spam messages originally thought to have been sent by an Android botnet may actually have been the result of a vulnerability in the Yahoo Android mail client
BUSINESS SOFTWARE ALLIANCE
Piracy In The Cloud: A Picture Is Starting To Emerge
More than 40 percent of people who use paid cloud services for business share their log-in credentials inside their organization, survey finds
NETWORK WORLD
Victim Of Half-Million-Dollar Cybercrime Tells Tale Of Fighting Back
Michelle Marsico's two-year ordeal ends with lawsuit settlement
COMPUTERWORLD
Russian Parliament's Upper House Approve Internet 'Censorship' Bill
Russia's government will gain the power to blacklist websites without court consent
CSO ONLINE
Why you Shouldn't Train Employees For Security Awareness
Immunity Inc.'s Dave Aitel argues that money spent on awareness training is money wasted
THREAT POST
Mozilla, EFF Help Launch Internet Defense League, A Bat Signal For The Internet
The new Internet Defense League, organized by civil-liberties organizations, software companies and popular websites aims to "help Internet users, organizations, and companies fight back whenever online rights are threatened"
HELP NET SECURITY
WoW Players Targeted With In-Game Phishing Schemes
Online World of Warcraft players are being targeted with in-game phishing emails supposedly sent by Blizzard and inviting them to participate in the testing
WEBROOT BLOG
New Russian Service Sells Access To Compromised Social Networking Accounts
A Russian service offers access to compromised accounts across multiple social networks such as Vkontakte, Twitter, Facebook, LiveJournal, and compromised email accounts
TECHCRUNCH
Dropbox Has Hired Outside Experts To Investigate Possible Security Breach
The spam attack and possible email address leak of Dropbox users has reached another level, as Dropbox has brought in third-party experts to aid in its investigation of the leak
NETWORK WORLD
IT Groups Eschew BYOD, Issue Company-Owned Tablets
Some IT groups are issuing corporate-owned iPads and Android tablets, leading to jump in mobile user support and device administration for some
TECH WEEK EUROPE
Bank Security Lax As Leaky Websites Aid Hackers
KPMG study find banks handing over loads of useful data to cybercriminals, as banks are responsible for leaking 30 percent of data the firm says could be used by attackers
THE STAR PHOENIX
Four Million Ontario Voters Warned Of 'Unprecedented' Privacy Breach
Millions of voters in Ontario were told their names, birth dates, addresses, and gender information may have been compromised after two unencrypted memory sticks with that information went missing
PARITY NEWS
Anonymous Goes Green, Hacks Major Oil Companies
BP, Exxon Mobil, and Shell are among victims of password dumps
CSO
Will Tech Industry Ever Fix Passwords?
Social media companies are scrambling to patch their poor security practices
DUO SECURITY
Exploit Mitigations In Android Jelly Bean 4.1
A look at improvements in exploit mitigations present in Jelly Bean malware
INFOSEC ISLAND
Study Finds Minimal Transparency In Breach Reports
Nearly two-thirds of breach disclosures include no information about the cause of the exposure
SECULERT
Mahdi -- The Cyberwar Savior
Simple phishing attack leads to drop of a new type of malware
FIREEYE
Grum Botnet Is Partially Taken Down
Dutch authorities pull the plug on two of the botnet's command-and-control servers
THE HACKER NEWS
Fact: One In Five Microsoft Logins Controlled By Hackers
About 20 percent of Microsoft Account logins are found on lists of compromised credentials following hacks on other service providers
KREBS ON SECURITY
Cyberheist Smokescreen: Email, Phone, SMS Floods
Attack is designed to prevent a targeted business from receiving or finding alerts from their bank
NAKED SECURITY BLOG
Cybercrime Trio Sentenced For $3 Million Hacking Spree Via WiFi And Malware
All three men involved in a massive wardriving/keylogger attack on corporate networks have been sentenced to stiff prison terms
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
- Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-3496 (vipnet_client, vipnet_coordinator, vipnet_personal_firewall, vipnet_safedisk)
Infotecs ViPNet Client 3.2.10 (15632) and earlier, ViPNet Coordinator 3.2.10 (15632) and earlier, ViPNet Personal Firewall 3.1 and earlier, and ViPNet SafeDisk 4.1 (0.5643) and earlier use weak permissions (Everyone: Full Control) for a folder under %PROGRAMFILES%\Infotecs, which allows local users to gain privileges via a Trojan horse (1) executable file or (2) DLL file.
CVE-2013-2849 (chrome)
Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome before 27.0.1453.93 allow user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) drag-and-drop or (2) copy-and-paste operation.
CVE-2013-2848 (chrome)
The XSS Auditor in Google Chrome before 27.0.1453.93 might allow remote attackers to obtain sensitive information via unspecified vectors.
CVE-2013-2847 (chrome)
Race condition in the workers implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via unknown vectors.
CVE-2013-2846 (chrome)
Use-after-free vulnerability in the media loader in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2013-2840.