Best Of Web
Best Of The Web
SECURELIST
New MacOS X Backdoor Variant Used In APT Attacks
Kaspersky Lab discovered a new APT campaign using a new MacOS X backdoor variant that targets Uyghur activists
ARS TECHNICA
Mega-Victory: Kim Dotcom Search Warrants "Invalid," Mansion Raid "Illegal"
The raid on Kim Dotcom's home by New Zealand police was illegal, according to a New Zealand High Court ruling, but it�s unclear if he'll get his data back
COMPUTERWORLD
Report: Full Upgrades To Windows 8 Only From Windows 7
Microsoft told select partners it will support full upgrades to Windows 8 only from the three-year old Windows 7, according to a report
NAKED SECURITY BLOG
How Secure Are iPhones And iPads From Malware, Really?
The history of jailbreaking iPhones and iPads shows that smartphone users have to wait too long to get security updates for their devices
NETWORK WORLD
Web Attackers Start Borrowing Domain Generation Tricks From Botnet-Type Malware
Cyberattackers are adopting domain-generation techniques typically used by botnet malware in order to prolong the life of Web-based attacks, according to Symantec
THREAT POST
Texas Cancer Center Alerts Patients to Personal Data Theft -- Almost Two Months Later
The University of Texas cancer center has alerted 30,000 patients that their personal data was stolen after someone stole an unencrypted laptop from a physician's home almost two months ago
TECHCRUNCH
Gmail Now Has 425 Million Users, Google Apps Used By 5 Million Businesses And 66 Of The Top 100 Universities
Google says Gmail is used by 45 state government agencies and 66 of the top 100 universities in the U.S. have already gone Google
SOLUTIONARY
Phishing Emails Use Improved Tackle
FedEx scam looks like the real thing, researchers say
WIRED
Your FTC Privacy Watchdogs: Low-Tech, Defensive, Toothless
Federal regulators are often the last to know when users� privacy is being violated, young researcher proves
SOFTPEDIA
Zemra DDoS Crimeware Kit Used To Extort Organizations
$125 kit makes it easier for criminals to blackmail companies with threat of DDoS attack
THE TELEGRAPH
WikiLeaks Founder Julian Assange Ordered To Present Himself To Police
http://www.telegraph.co.uk/news/worldnews/wikileaks/9361410/WikiLeaks-founder-Julian-Assange-ordered-to-present-himself-to-police.html
TECH NEWS WORLD
Staying Safe And Secure In The Public WiFi Wilderness
Virtual private networks offer one solution for risky connections
HIT MAN PRO
275,000 Computers Lose Internet Access On July 9
DNSChanger Trojan continues to create problems for enterprises
WALL STREET JOURNAL
Mark Cuban: High Frequency Traders Are The Ultimate Hackers
Traders� primary goal is to beat the system, says entrepreneur and NBA team owner
INFOWORLD
Social Media Sites Trump Banks, U.S. Government On Security, Privacy
When it comes to implementing best practices, �insecure� social media are ahead of banks and government, research says
INFOSEC ISLAND
Striking Back In Cyberspace: Sanctioned Or Vigilantism?
Enterprises have a growing range of options for getting back at their attackers. Should they take advantage?
SOFTPEDIA
RSA CTO: It's Not True, SecurID 800 Token Not Cracked
Sam Curry, the chief technology officer of RSA's Identity and Data Protection division, denied that the SecurID token can be cracked in the wake of researchers claiming they had done so
THREAT POST
Google Releases Chrome 20 With Fixes For 20 Security Vulnerabilities
Google has released version 20 of Chrome browser, an update that fixes 20 flaws including 13 high-risk bugs
INFOSEC ISLAND
Russian Authorities Take Out World's Largest Banking Botnet
Russia's Ministry of the Interior says its special computer crimes division took down what could be one of the largest botnets in the world with 6 million devices
ESECURITY PLANET
New Startup Exodus Intelligence Highlights Exploitable Vulnerabilities
Former leader of the Pwn2Own contest and HP Zero Day Initiative has a new company � and a new take on security research
YAHOO!
IT Security Problems Shift As Data Moves To Cloud
Security becomes chief obstacle to next-generation computing initiatives
THE HILL
Senators Introduce Guidelines Bill For Data Security Breaches
Senate seeks to set national standards for breach disclosure
REUTERS
Small Biz Wins $600K In Cybercrime Settlement
Village View Escrow, a small business in Redondo Beach, Calif., that holds funds for real-estate deals just won a $600,000 settlement in a case with its bank where cybercriminals stole about $466,000 via online wire transfers from the company's bank account
GOV INFOSECURITY
Federal Continuous Monitoring Project Unveiled
The U.S. Department of Homeland Security will deploy sensors in civilian agencies for continuous monitoring capabilities to help quell cyberattacks
DIGITAL BOND
Are We Spending Enough Or Too Much On Security?
One expert argues that we don�t spend enough. Another says we�re spending too much
COMPUTERWORLD
'Patent Trolls' Cost Tech Companies $29B Last Year, Study Says
Patent litigation caused by so-called "patent trolls" cost U.S. software and hardware companies $29 billion in 2011, according to a study from the Boston University School of Law
NOVA INFOSEC
Table Comparison Of Proposed Cybersecurity Legislation
Heritage Foundation report includes a summary table with details on the various cybersecurity bills on tap
HACK IN THE BOX
Feds Smash Global Hacking Group UGNazi
FBI arrests 24 alleged hackers around the globe, including the alleged leader and members of UGNazi
NEW ZEALAND HERALD
$1.6B Cyber Attack Tip Of Iceberg, Says Top Official
Intellectual property loss, commercial disadvantages await for victims of cyber espionage
VANITY FAIR
Scarlett Johansson's Hacker To Pay Her $66,000, Serve 71 Months In Prison
The 35-year-old hacker who circulated naked photos of Scarlett Johansson and Christina Aguilera after cracking the e-mail accounts of Johansson's and Aguilera's stylist was sentenced to 71 months in prison by federal prosecutors
FIREEYE
More Flame/Skywiper Command And Control Behavior Uncovered
Malware is likely proxy-aware and can tunnel its callback traffic over SSL to the attacker�s C&C infrastructure, researchers say
THREAT POST
Key Stuxnet LNK Spreading Mechanism Stops Working
One of the main infection methods for Stuxnet was hard-coded to stop working on June 24, three years to the day from the date that the first version of Stuxnet was released
INFOWORLD
Typosquatter Slapped With $1 Million Lawsuit For Allegedly Harvesting Emails
New York-based law firm Gioconda Law Group is suing Arthur Kenzie for allegedly employing typosquatting to set up a phony domain for intercepting email messages intended for the firm
ZDNET
Firefox Thumbnails Could Expose Private Data; Fix 'Coming Soon'
Mozilla's browser now snapshots browsing history, including online banking pages, and could lead to identity theft
SC MAGAZINE
Android App Steals Contactless Credit Card Data
A German researcher has added to the Android market an app that can steal credit card data from contactless bank cards
GOV INFOSECURITY
DHS Fills Senior Cybersecurity Post
Rosemary Wenchel, former information operations director at the Defense Department, has been named deputy assistant secretary for cybersecurity coordination in the Department of Homeland Security's National Protection and Programs Directorate
IT NEWS
Hacker Interrupts AVG's Malware Analysis
AVG malware researchers studying a Trojan were surprised when they were interrupted by the Chinese hacker who wrote the malware via a pop-up chat function built into the malware
THE NEW YORK TIMES
A Weapon We Can't Control
Deploying cyberweapons in peacetime like the U.S. allegedly has done with Stuxnet is very likely to lead to the spread of similar and still more powerful offensives across the Internet
KREBS ON SECURITY
How to Break Into Security, Ptacek Edition
Thomas Ptacek, founder of Matasano Security, tells how companies can tighten password security, as well as how best to get into the security business
TORRENTFREAK
Comcast Wins Protest Against "Shake Down" Of BitTorrent Pirates
A federal court in Illinois says Comcast does not have to comply with subpoenas requiring it to hand over personal information of alleged BitTorrent pirates
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- How Hackers Fool Your Employees: People are your most vulnerable endpoint. Make sure your security strategy addresses that fact.
- Not All Or Nothing: Effective security doesn't mean stopping all attackers.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-3342 (acrobat_reader)
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 do not properly handle operating-system domain blacklists, which has unspecified impact and attack vectors.
CVE-2013-3341 (acrobat_reader)
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, and CVE-2013-3340.
CVE-2013-3340 (acrobat_reader)
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, and CVE-2013-3341.
CVE-2013-3339 (acrobat_reader)
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3340, and CVE-2013-3341.
CVE-2013-3338 (acrobat_reader)
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.