Best Of Web
Best Of The Web
INFOSEC ISLAND
Stuxnet Was Only The Beginning Of US Cyberwar Against Iran
Security experts believe Stuxnet is likely only the beginning of a concerted cyberwarfare effort against Iran
THREAT POST
Google Hardens Chrome To Block Malicious Extensions
Google now requires Chrome users to add third party extensions via the Chrome Extensions page for security reasons
THE REGISTER
Symantec Update Killed Biz PC's In Three-Way Software Prang
An update to Symantec's security software caused crashes on enterprise Windows XP machines on July 11, and Symantec has since pulled it and apologized
THREAT POST
Mobile App Leaves Blackboard Courseware Open To Remote Attack
Remotely exploitable cross site scripting vulnerabilities in Blackboard Mobile Learn v9 leave the education app vulnerable to a number of persistent input validation vulnerabilities
SECURITY WEEK
Kaspersky Lab Celebrates 15 Years With Win Against Patent Troll
Kaspersky Lab was the only security vendor to fight a patent lawsuit filed by Information Protection and Authentication of Texas and announced last week that it had won after a three-year court battle with IPAT
THE HACKER NEWS
App Store Bypassed By Russian Hacker Without Jailbreaking
Apple is reportedly investigating a security breach of its iTunes app store by a Russian hacker who showed how to bypass payment in the App Store and download products for free
THE NEW YORK TIMES
Vast FDA Effort Tracked E-Mails Of Its Scientists
The Food and Drug Administration used spyware to monitor a group of its own scientists and captured their emails under a wide-ranging surveillance
THE WASHINGTON POST
Tridium's Niagara Framework: Marvel Of Connectivity Illustrates New Cyber Risks
Tridium's Niagara Framework for remote access to view video streams, operating air conditioners and elevators, tracking personnel inside U.S. military facilities, for example, is vulnerable to attack
GFI BLOG
Umbra Loader Botnet Behind Fake 123greeting.com Spam Campaign
AV Lab discovered an e-card spam campaign using the the 123Greetings.Com brand and uses Umbra Loader, a popular do-it-yourself botnet-building tool
BANK INFOSECURITY
5 Most In-Demand Security Skills
Security job postings on Dice.com for cybersecurity specialists have jumped 60 percent over the past year, and other top skills in demand include application security and data security
EFF
New Malware Targeting Syrian Actvists Uses Blackshades Commercial Trojan
Pro-Syrian government hackers have begun using the remote access tool Blackshades Remote Controller, which can peform keystroke logging and remote screenshots
SECURITY WEEK
NVIDIA Developer Forums Hacked
Computer graphics technology firm NVIDIA, yesterday shut down its online community for developers, NVIDIA Developer Zone, after it was hacked and the attackers got access to hashed passwords
IVIZ SECURITY BLOG
Website Security Testing To Become Free
Automated security testing of websites will be free, where revenue from paid premium service will be used to fund free service
KREBS ON SECURITY
EU To Banks: Assume All PCs Are Infected
ENISA advisory says that given current state of PC security, banks should assume all PCs are infected and "still take steps to protect customers from fraudulent transactions"
COMPUTERWORLD
Oracle To Release 88 Security Fixes
Next Tuesday, Oracle will roll out 88 security fixes, including four for its database, three of which can be exploited by an attacker over a network without the need for login credentials
FUDZILLA
BAE Expert Says Cyber Crime Evolving Like Topsy
Behavioral analytics hold promise of solving the problem, security expert says
COMPUTERWORLD
Linux Vulnerability Found In Web Exploit
Malware downloads files from a remote server and creates a backdoor on an infected machine
IT PRO PORTAL
Russia Approves Contentious Internet Blacklist Bill
Websites in danger as government passes bill that blacklists "illegal" sites
NOVAINFOSEC.COM
Formspring Breach -- Let The Password Cracking Commence
More than 420,000 password hashes found in underground forum
QUALYS
Discovered Patterns In Numeric Passwords Raise New Questions
By analysis of password patterns and the discovery of a few common tendencies, numeric passwords can be hacked
COMPUTERWORLD
Security Researchers Find Multistage Android Malware On Google Play
Malware apps deliver their payload as secondary app after installation
ELECTRONIC FRONTIER FOUNDATION
When It Comes To Cybersecurity, Scare Tactics Aren�t Convincing Americans To Sacrifice Privacy
As Congress debates Cybersecurity Act, Americans say they don't want to sacrifice civil liberties
INFOSEC ISLAND
BYOD: The Reality Of Allowing Foreign Bodies Into Your Network
Consumerization of network brings harsh reality: No device should ever be trusted
ARS TECHNICA
More Malware Found Hosted In Google's Official Android Market
Discovery that once again demonstrates the limitations of a recently deployed scanning service designed to flag malicious apps before they can be downloaded by end users
COMPUTERWORLD
Microsoft Urges Death Of Windows Gadgets As Researchers Plan Disclosures
Reacts to upcoming revelations of gadget vulnerabilities at Black Hat by offering tool that kills feature in Vista, Windows 7
SOFTPEDIA
Hackers Breach Formspring Server, 420,000 Passwords Leaked
The owners of Formsping -- the website where users can "share their perspective on anything" -- reset the passwords of all their customers after identifying a data breach that affected one of their servers
NAKED SECURITY BLOG
Multiplatform Backdoor Malware Targets Windows, Mac And Linux Users
F-Secure discovered malware on a compromised Colombian transport website that was capable of infecting Windows, Mac, and Linux users
THE REGISTER
Chemical Giant Foils Infected USB Stick Espionage Bid
An attempt to infiltrate the corporate systems of Dutch chemical giant DSM by leaving malware-riddled USB sticks in the corporation's car park has failed
PC WORLD
Facebook Launches Malware Checkpoints For Users With Infected Computers
Facebook has added a lockdown feature for users' accounts where they can perform malware scans if they suspect they are infected, and run free malware scans from the site
PC WORLD
Olympic Officials Brace For Hackers Competition
The nation's counter-terrorism department director, Richard Clarke, said the possible disruption from cyberattacks could rise to the level of physical threats at past games
WIRED
How The Boy Next Door Accidentally Built A Syrian Spy Tool
Jean-Pierre Lesueur, the man who built the Dark Comet tool that was used by the Syrian government to steal information from activists, found himself at the center of an international firestorm
COMPUTERWORLD
Why Cybersecurity Is Critical For Smart Grid
Security industry still not meeting the needs of power system operations
KREBS ON SECURITY
Plesk 0Day For Sale As Thousands Of Sites Hacked
Exploit extracts master password needed to control Parallels' Plesk Panel, an app used to remotely administer hosted servers
THREAT POST
NSA Chief Says Today�s Cyberattacks Amount To 'Greatest Transfer Of Wealth In History'
Alexander urges politicians to stop stalling on much-needed cybersecurity law
AOL
How Good Is Your Security? A New DOE Tool Will Help You Find Out
Cybersecurity Self-Evaluation Survey Tool will help utilities measure security posture
THE REGISTER
Google Expected To Cough Measly $22.5M For Safari Privacy Gaffe
Search engine giant will pay a small penalty to FTC for bypassing the default privacy settings of Apple's browser
ZDNET
New Android Malware Infects 100,000 Chinese Smartphones
New Android malware found on at least nine app stores, automatically downloads paid content in background
EUROPA
Cybercrime: EU Citizens Concerned By Security Of Personal Information And Online Payments
New survey shows that European citizens feel the risk of becoming a cybercrime victim has increased in the past year
SOLERA NETWORKS LABS
Ransomware Debuts New Java Exploit, Sends Victims Running For MoneyPak Cards
Campaign could be an update to the Citadel scam publicized by the FBI last week
THREAT POST
DarkComet RAT Flames Out
The creator of DarkComet remote administration tool (RAT) says he is ending development and sales of the tool after finding out that DarkComet was used by the Syrian government in attacks against anti-government activists
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
- Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-3270 (vnx_control_station, celerra_control_station)
EMC VNX Control Station before 7.1.70.2 and Celerra Control Station before 6.0.70.1 have an incorrect group ownership for unspecified script files, which allows local users to gain privileges by leveraging nasadmin group membership.
CVE-2013-1014 (itunes)
Apple iTunes before 11.0.3 does not properly verify X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate.
CVE-2013-1011 (itunes)
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
CVE-2013-1010 (itunes)
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
CVE-2013-1008 (itunes)
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.