Best Of Web
Best Of The Web
SECURELIST
New APT Attack Shows Technical Advance In Exploit Development
The exploit development teams behind some APT attacks are upping their skills and game and working to avoid detection by AV products
COMPUTERWORLD
Have LinkedIn�s Security Woes Permanently Damaged The Social Network?
Security breach grabs headlines, but will users pack up and leave?
COMPUTERWORLD
Banks: Hackers More Aggressive In Attacking Customer Accounts
Financial Services Information Sharing and Analysis Center (FS-ISAC) data shows large financial institutions report more attacks to take over customer bank accounts last year than in the two previous years -- one-third of these attacks were successful
FBI
Associate Of Hacking Group LulzSec Indicted For Conspiracy To Conduct Cyberattacks
Federal grand jury indicts British citizen for role played in multiple computer attacks
WASHINGTON TIMES
Panetta Fears 'Another Pearl Harbor' In Cyberattack
Defense Secretary Leon Panetta warned Congress this week that a cyberattack on the U.S. could cause "another Pearl Harbor" by knocking out private and government electric power grids and paralyzing the nation
THE HONEYPOT PROJECT
Ghost USB Honeypot Released
Honeypot for malware uses USB storage devices for propagation
HELP NET SECURITY
Insider Threat As Prime Security Concern
Nearly three-quarters of IT respondents to Cyber-Ark study say insider threat is greater than external threat
FORBES
New Grad Looking For a Job? Pentagon Contractors Post Openings For Black-Hat Hackers
U.S. government contractors are advertising more jobs than ever for offensive hacking
STOP BADWARE
Announcing The Ads Integrity Alliance
Facebook, Google, Twitter and others form alliance to protect users from malware in advertising
CNET
FBI, DEA Warn IPv6 Could Shield Criminals From Police
U.S. and Canadian law enforcement agencies say IPv6 may make it tougher to trace suspects behind IP addresses in investigations
THE REGISTER
PGP Founder, Navy SEALs Uncloak Encrypted Communications Business
New firm claims total security for phone, text, email, and more
PANDA LABS
LinkedIn Spam Serving Adobe And Java Exploits
Attack begins with hacking LinkedIn passwords
SEARCH SECURITY
Gartner: Big Data Security Will Be A Struggle, But Necessary
Using "big data" to improve security won't be easy because analysis will redraw logical boundaries within many IT departments, and few security vendors today offer products for this, Gartner says
INFO SECURITY
Utilities Need To Invest More In Smart Grid Cybersecurity, Regulators Warn
National Association of Regulatory Utility Commissioners says move to smart grid will increase vulnerabilities
EWEEK
XML Zero-Day Flaw Enables Attacker to Target Internet Explorer, Office
Microsoft released a security advisory for a zero-day bug in its XML Core Services that's being exploited in the wild by attackers
INTERNET EVOLUTION
FTC Pounds Spokeo
The Federal Trade Commission has fined social aggregator site Spokeo $800,000 for selling personal information to employers screening job applicants
THREAT POST
Oracle Issues Patch to Fix 14 Vulnerabilities
Oracle patched 14 vulnerabilities in Java Standard edition as and urged users to update as soon as possible
COMPUTERWORLD
Hackers Claim To Steal 110,000 SSNs From Tenn. School System
A hacking group that calls itself Spex Security has dumped some 9,000 social security numbers and another 14,500 stolen personal records online from the Clarksville-Montgomery County School System
REUTERS
LinkedIn To Provide Extra Security Layer
LinkedIn will offer an additional layer of security -- salted passwords -- to its members following its recent data breach, and said account holders whose passwords were stolen did not have their emails published online
THE REGISTER
New ID Leak From Global Payments
Credit and debit card processor Global Payments says additional confidential information on its servers may have been compromised in the breach earlier this year as confidential information submitted by small merchant customers may have been compromised as well
KREBS ON SECURITY
Who Is the 'Festi' Botmaster?
Prosecutors say Pavel Vrublevsky, the co-founder of Russian payment processor ChronoPay, hired a man in that attack who was the botmaster of the spamming Festi botnet
SEARCH SECURITY
Gartner Warns Enterprises Against Jailbroken Device Security Risks
'Jailbroken' smartphones can be used as an entry point by an attacker into an organization, using a rogue mobile app that bypasses perimeter defenses
HELP NET SECURITY
Five IT Security Threats And How To Combat Them
Hacktivism, abuse of access privileges are among key threats identified
CNET
Theft of 44,000 Credit Cards Is Tip Of The Iceberg, Experts Say
International hacking case may be much bigger than it appears
MSNBC
Is Flame Virus Fallout A Chinese, Russian Plot To Control The Internet?
Has the U.S. government been caught with its hands in the cookie jar? And what price may it pay?
INFOSEC ISLAND
Judge Upholds Charges Against WikiLeaker Bradley Manning
Attack begins with phone call in which attacker impersonates the CEO
SOPHOS
Hacking Businesses Via Your iPad Can Be All Fun And Games
Uplink computer game offers many of the thrills and chills of real hacking
ARS TECHNICA
Flam's Crypto Attack May Have Needed $200,000 Of Compute Power
Defense attorneys had moved to throw out 10 of 22 charges against soldier
SOFTPEDIA
Iran Points Finger At U.S. Hackers For Attack On Oil Ministry
IP addresses are traced back to the U.S., Iranian officials say
WIRED
Feds Tell Megaupload Customers To Forget About Their Data
Feds say they may shut down cloud storage services without having to assist innocent customers whose data was lost in the process
THREAT POST
Trivial Password Flaw Leaves MySQL Databases Exposed
Flaw recently patched in MySQL lets an attacker gain root access to the database server, and there's already exploit code out there for Metasploit
THE REGISTER
Google Co-Founders Face FTC Antitrust Grilling
Google co-founders Larry Page and Sergey Brin will face antitrust investigators at the US Federal Trade Commission, in relation to an inquiry about Google�s business practices
RAPID 7 BLOG
Tragically Comedic Security Flaw In MySQL
Flaw lets MySQL server accept even wrong passwords, HD Moore explains
NAKED SECURITY BLOG
DHL International Delivery Email? Beware Widespread Malware Attack
New phishing email comes with a ZIP file rigged with a Trojan targeting Windows
CNET
Anti-SOPA, PIPA Lawmakers Want Internet Bill Of Rights
Sen. Ron Wyden (D-Ore.) and Rep. Darrell Issa (R-Calif.) said today at the Personal Democracy Forum 2012 that the U.S. needs a way to guarantee citizens their Internet freedoms
PHSY.ORG
South Korean Paper Hit By Major Cyber Attack
A South Korean newspaper said it was hit by a cyberattack that destroyed its databases for articles less than a week after North Korea threatened the paper and other Seoul media over their reporting
CNET
How Long Ago Did The Last.fm Security Breach Happen?
Passwords might have been compromised several months ago, but the breach remained undetected
SEARCH SECURITY
Adobe Releases Security Bulletin For Adobe Flash Player
Flash Player security update fixes seven flaws and adds a protection feature designed to safeguard users from malware infections
USA TODAY
Obama: Leak Allegations Are 'Offensive'
President Obama angrily denied today that The White House is the source of national security leaks on alleged terrorist "kill lists" and cyberattacks against Iran's nuclear program
LINKEDIN BLOG
LinkedIn: Taking Steps To Protect Our Members
Most of the 6.5 million hashed LinkedIn passwords posted on a hacker site appear to remain hashed and hard to decode, but a subset of the hashed passwords was decoded and published, LinkedIn says, and no reports thus far of hacked accounts
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
- Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-3496 (vipnet_client, vipnet_coordinator, vipnet_personal_firewall, vipnet_safedisk)
Infotecs ViPNet Client 3.2.10 (15632) and earlier, ViPNet Coordinator 3.2.10 (15632) and earlier, ViPNet Personal Firewall 3.1 and earlier, and ViPNet SafeDisk 4.1 (0.5643) and earlier use weak permissions (Everyone: Full Control) for a folder under %PROGRAMFILES%\Infotecs, which allows local users to gain privileges via a Trojan horse (1) executable file or (2) DLL file.
CVE-2013-2849 (chrome)
Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome before 27.0.1453.93 allow user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) drag-and-drop or (2) copy-and-paste operation.
CVE-2013-2848 (chrome)
The XSS Auditor in Google Chrome before 27.0.1453.93 might allow remote attackers to obtain sensitive information via unspecified vectors.
CVE-2013-2847 (chrome)
Race condition in the workers implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via unknown vectors.
CVE-2013-2846 (chrome)
Use-after-free vulnerability in the media loader in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2013-2840.