Best Of Web
Best Of The Web
IT PRO PORTAL
Banking Details Of U.S. Government Workers Exposed By Glitch
Glitch in online database puts sensitive data of U.S. government contractors at risk
CRN
National Vulnerability Database Recovers Following Website Hack
Database brought back online following extended outage caused by hackers
HELP NET SECURITY
Android Malware Analysis Tool
Bluebox Labs announces Dexter, a free tool to help researchers analyze apps for malware
HOT FOR SECURITY
Bank Of America On Short List Of Scammers' Spam Lures
Crooks unleash series of aggressive spam campaigns that include Bank of America in title as bait
BANGOR DAILY NEWS
Cyber Security Becoming Top Threat To United States
Cybersecurity is at the top of the threat meter, according to Obama and several CEOs
THE AGE
Reuters Staffer Accused Of Aiding Hackers Maintains Innocence: Lawyer
Editor maintains innocence after being suspended with pay following indictment
SOFTPEDIA
Website And Twitter Accounts Of Human Rights Watch Hacked By Syrian Electronic Army
Syrian cyberunit hijacks website and social media accounts of organization accused of spreading lies about Syria
ONWALLSTREET
Personal Phones, iPads At Work: Convenience Or Cyber Threat?
Study says personal devices can pose a serious threat to business
SOFTPEDIA
Two Israeli Government-Related Websites Abused In Watering Hole Attack
Websites for Herzliya Conference (herzliyaconference.org) and the International Institute for Counter-Terrorism (ict.org.il) were hacked and used to spread malware
REUTERS
Obama, China's Xi Discuss Cyber Security Dispute In Phone Call
President Obama emphasized the importance of addressing cyber security threats on Thursday in a phone call with Chinese President Xi Jinping
FORBES
Cryptographers Demonstrate New Crack For Common Web Encryption
Researchers cracked Transport Layer Security, (TLS) as well as its predecessor, Secure Sockets Layer or SSL, when combined with RC4 encryption, which is widely used mechanisms for protecting traffic on banking and email sites
GIZMODO
Exclusive: AT&T Hacker's Last Bid To Stay Out Of Prison
Andrew "Weev" Auernheimer, who exploited an AT&T security hole to release more than 100,000 customer email addresses, faces a prison sentence today
V3
Trend Micro Chief Warns Russian Cyber Mobsters Pose Bigger Threat Than Chinese Snoops
Trend Micro CTO says businesses' concerns about state-sponsored attacks are blinding them to the larger threat posed by Russian cybercriminals
INTERNATIONAL BUSINESS TIMES
China Launches Espionage Probe Against Coca-Cola For Alleged Misuse Of GPS Services For Illegal Mapping
China has launched a probe against Coca-Cola for its alleged spying activities in China amid escalating tensions between Washington and Beijing over cyberespionage allegations
COMPUTERWORLD
Java's Security Problems Unlikely To Be Resolved Soon, Researchers Say
Oracle faces bigger challenge in hardening Java against attacks than other software companies did with their own products
THREAT POST
Issue With SWFUploader Could Lead To XSS Vulnerabilities, Content Spoofing
An applet that combines Flash and JavaScript and is used in millions of websites including WordPress is vulnerable to takeover of accounts
NAKED SECURITY BLOG
Adobe Tells Windows And Mac Users To Install Critical Security Updates For Flash And AIR
Adobe issued critical security updates for its Flash Player and AIR products, impacting many Windows and Mac users
SECURITY WEEK
National Journal Site Found Serving ZeroAccess Rootkit
Researchers at Invincea spotted National Journal serving malware yesterday, the second time in less than a month the news site was used to infect users
NAKED SECURITY BLOG
Skype In Hot Water Over Failure To Let French Police Eavesdrop
French telecom regulators say Skype could face charges for failing to register as a telecom, which includes letting police eavesdrop on calls
FEDERAL NEWS RADIO
DoD Constructing Offensive, Defensive Cyber Teams
DoD's U.S. Cyber Command plans to hire as many as 900 employees over the next few years to create three sets of teams to defend their networks and go on the offensive against attackers, said Gen. Keith Alexander, commander of the Cyber Command
REUTERS
Obama To Meet CEOs On Cyber Security
President today sits down with corporate leaders to discuss efforts to improve cybersecurity in private industries amid rising concerns of attacks out of China
CNET
Denial-Of-Service Attack Takes Down JP Morgan Chase Sites
JP Morgan Chase's websites were offline yesterday afternoon as the result of a distributed denial-of-service attack
WIRED
Spy Chief Says Little Danger of Cyber 'Pearl Harbor' In Next Two Years
Director of National Intelligence James Clapper said most attackers don't have the ability to attack critical infrastructure and nation states that might have the skills lack motive at this point
THE HUFFINGTON POST
FBI Investigating Hackers Who Posted 'Secret Files' Of Celebrities, Politicians
FBI confirmed Tuesday it is investigating whether hackers posted personal information of more than a dozen public officials and celebrities, including First Lady Michelle Obama, Vice President Joe Biden, and FBI director Robert Mueller
PC WORLD
Tripwire Acquires Ncircle To Form New Security Giant
Tripwire is acquiring nCircle, making it one of the biggest companies in information security, with more than 500 employees and 7,000 customers spanning 96 countries around the world and combined revenue of $140 million
THE NEXT WEB
Google CIO On Security: 'We Spend An Awful Lot Of Time Worrying About It'
Google CIO says the company has one of the best security teams in the world, thrive on the idea of defending such a high-profile and public target
SECURITY WEEK
Reserve Bank Of Australia Says No Data Taken During Cyberattacks
Reserve Bank of Australia (RBA) was hacked via Chinese-developed malware that was after intelligence about G20 negotiations
REUTERS
Spy Agencies Say Cyber Attacks Top Current Threats Against U.S.
Cyberattacks and cyberespionage have supplanted terrorism as the top threats to the U.S. in an annual "worldwide threat" assessment released by James Clapper, the director of National Intelligence
COMPUTERWORLD
Reporters Without Borders Slams Five Nations For Spying On Media, Activists
Syria, China, Iran, Bahrain, and Vietnam are "enemies of the internet" for their alleged increased online surveillance
BLOOMBERG
Top Credit Agencies Say Hackers Stole Celebrity Reports
Experian Plc Equifax Inc. and TransUnion Corp., the three biggest U.S. credit-reporting companies, said hackers gained illegal access to some high profile users’ information
WIRED
Retailer Sues Visa Over $13 Million 'Fine' For Being Hacked
Genesco, the parent company of more than 2,440 retail stores in North America and parts of Europe that sell footwear and sports apparel as Journeys, Lids Locker Room, Journeys Kidz, and others, is challenging Visa in court over fines the credit card company charges retailers in the wake of breaches
THREAT POST
Critical IE, Windows Kernel Flaws Patched
Microsoft has released a cumulative update for Internet Explorer once again and patched a serious kernel mode driver vulnerability that could enable attackers to gain root access to a machine using a malicious USB drive
SECURITY LEDGER
Many Watering Holes, Targets In Hacks That Netted Facebook, Twitter And Apple
The attackers used at least two mobile application development sites as watering holes in addition to the one website that has been disclosed: iPhoneDevSDK.com, as well as another not specific to mobile application developers
WIRED
Hackers Fail At Hacking Into Chrome OS, Leave �2.1m Prize Unclaimed
No hackers participating in Google's Pwnium hack event were able to find bugs in Chrome OS that would win them part of the offered prize of $3,141,590
HEALTH IT SECURITY
University Of Connecticut Notifies Patients Of Data Breach
The University of Connecticut Health Center has alerted patients that a former employee had breached 1,400 patient records that include names, addresses, dates of birth, some Social Security numbers, and other health data
THREAT POST
Metasploit Module Released For Patched Honeywell ICS Vulnerability
Metasploit has released an exploit module for flaw in a Honeywell industrial control system software used to manage everything from HVAC and building access systems, to energy and facilities management processes
NAKED SECURITY BLOG
Colin Powell's Facebook Account Has Been Hacked
Attackers hijacked Colin Powell's Facebook account and distributed those private photographs and emails previously stolen from the families of former presidents George H.W. Bush and George W. Bush
THE REGISTER
1 In 7 Winxp-Using Biz Bods DON'T KNOW Microsoft Is Pulling The Plug
With less than 400 days to go, 15 percent of those running Windows XP are still unaware that that's the date Microsoft finally ends support for the OS, according to a recent survey
CRN
HP Printer Flaw Enables Remote Attacks, Data Access
US-CERT has issued an advisory about remotely accessing the telnet debug shell can gain anyone unauthorized access to data
BUSINESS INSIDER
Organized Crime Hackers Are The True Threat To American Infrastructure
Chinese hackers may get all the notoriety, but organized cybercrime is much more of a threat
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- Endpoint Security: End user security requires layers of tools and training as employees use more devices and apps.
- Security Isn't A Piece Of Cake: It's time we rethink the conventional wisdom about security layering.
- BYOD Is Here To Stay: Trying to keep employees' devices off the network is futile.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-3927
Unspecified vulnerability in the client library in Siemens COMOS 9.2 before 9.2.0.6.10 and 10.0 before 10.0.3.0.4 allows local users to obtain unintended write access to the database by leveraging read access.
CVE-2013-3647
The WebView class in the Cybozu Live application before 2.0.1 for Android allows attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL. NOTE: this vulnerability exists because of a CVE-2012-4009 regression.
CVE-2013-3646
The Cybozu Live application before 2.0.1 for Android allows remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site. NOTE: this vulnerability exists because of a CVE-2012-4008 regression.
CVE-2013-3644
Unspecified vulnerability in JustSystems Ichitaro 2006 through 2013; Ichitaro Pro through 2; Ichitaro Government 6, 7, and 2006 through 2010; Ichitaro Portable with oreplug; Ichitaro Viewer; and Ichitaro JUST School through 2010 allows remote attackers to execute arbitrary code via a crafted document.
CVE-2013-4616 (iphone_os)
The WifiPasswordController generateDefaultPassword method in Preferences in Apple iOS 6 and earlier relies on the UITextChecker suggestWordInLanguage method for selection of Wi-Fi hotspot WPA2 PSK passphrases, which makes it easier for remote attackers to obtain access via a brute-force attack that leverages the insufficient number of possible passphrases.



