Best Of Web
Best Of The Web
SECURITY WEEK
RIM Gets BlackBerry 7 Devices Approved For Department Of Defense Networks
The U.S Department of Defense has approved use of BlackBerry 7 smartphones on its networks, including BlackBerry Bold 9900 and 9930, BlackBerry Torch 9810, BlackBerry Torch 9850 and 9860, and BlackBerry Curve 9360
INTERNET CRIME COMPLAINT CENTER (IC3) ALERT
Malware Installed On Travelers' Laptops Through Software Updates On Hotel Internet Connections
The FBI is warning travelers about new attacks that target them via hotel Internet connections -- a pop-up window posing as an update to a widely used software program appears but actually installs malware if the user clicks on it
AGENCE FRANCE-PRESSE
U.S. Probing Cyber Attacks On Gas Pipelines
National gas industry spokesperson says its member firms had been in contact with investigators and "know the nature of the threat" but not the intent
NPR
Cyber Briefings 'Scare The Bejeezus' Out Of CEOs
Public-private partnership brings chief executives from top technology and defense companies to Washington, D.C., two or three times a year for classified briefings on cyberwarfare and other threats
MSNBC
Interpol To Crack Down On Cyber Crime
Interpol president Khoo Boon Hui said cybercrime is becoming more transnational as organized crime gangs recruit members from countries without diplomatic ties
ZDNET BLOG
Hackers Target Twitter Spammers In Massive Account Data Breach
A breach has left 55,000 Twitter accounts exposed on Pastebin, but the hackers behind the leak may have targeted spammers
TRUSTEER BLOG
A New Twist: Fraudulent Fraud Insurance
The latest scam offers online banking fraud protection insurance via the Tatanga malware platform
MICROSOFT
Microsoft Releases Seven Security Updates
Patch Tuesday includes three critical updates
SOPHOS
Apple Offers iOS 5.1.1 Update, Fixes Some Serious Vulnerabilities
Newest version of operating system patches at least three security flaws, all of them serious
HELP NET SECURITY
Is A German Criminal Behind The Latest Ransomware Campaign?
New campaign seems to point toward German-speaking criminal who did his homework well
COMPUTERWORLD
Half Of All Macs Will Lack Access To Security Updates By Summer
Mountain Lion's impending debut means Apple will stop supporting Snow Leopard, unless it changes a decade-old habit
ZDNET
Researchers Spot New Web Malware Exploitation Kit
Meet the RedKit, a recently spotted Web malware exploitation kit
SECURITY DIRECTOR NEWS
New Federal Security Standards Increase Burden On Electric Utilities
Proposed NERC CIP standards will place a higher burden on security managers
BANK INFO SECURITY
Phisher Guilty Of $1.3 Million Scam
Bank of America, Chase customers targeted by advanced attack
SMART GRID SECURITY BLOG
IBM CISO Study As Predictor Of Future Electric Sector Cybersecurity
Security leaders in utility industry are becoming more closely integrated into the business -- and more independent of IT
GOVERNMENT INFO SECURITY
Why Fed CIOs Worry Most About Infosec
Cybersecurity outranks costs, personnel as top concern in survey
THE REGISTER
Cybercriminals Dump Email For Irresistible Twitter, Facebook Spam
Social networks are an easier way to make money, security experts say
INFOWORLD
PHP Working On New Patch For Critical Vulnerability After Initial One Failed
Upcoming PHP updates will address two known remote code execution vulnerabilities
BBC
India Steps Up Battle Against Rising Cybercrime Wave
Data theft was the most frequently committed fraud in India last year, study says
THREAT POST
UK Ministry Of Defense: Hackers Have Breached Top Secret Systems
Top military leader tells newspaper that "the likelihood is there are problems in there we don't know about"
SECURITY AFFAIRS
U.S. Cybersecurity Capability National Preparedness Report
White House-commissioned report offers insights on U.S. readiness for cyberattack
BANK INFO SECURITY
Mobile Banking: Mitigating Consumer Risks
Users pose obstacles in securing mobile transactions
HOMELAND SECURITY NEWS WIRE
Number, Diversity Of Targeted Cyberattacks Increased In 2011
Vulnerabilities down, but malicious attacks are up, Symantec report states
THE REGISTER
London Olympics 'Not Immune' To Cyber Attack
Cabinet Office minister Francis Maude has warned that the London Olympics will not be immune to cyberattack, and that organizers have set up a dedicated unit for defense
THREAT POST
Expert Warns That WordPress Autoupdate Feature Used To Infect Blogs With Malware
More than 1,000 WordPress blogs are getting hit with malware that has spread via the WordPress automatic update function, a security researcher has discovered
SEARCH SECURITY
Android Mobile Attack: Hacked Websites Target Android Users
Compromised websites are now targeting Android devices with a suspicious mobile application, in what appears to be the first drive-by attack to target mobile users
NEXGOV
DHS Cyber Chief: Industrial System Threats Are Growing
Mark Weatherford, deputy undersecretary for cybersecurity at DHS' National Protection and Programs Directorate, says there has been a "troubling increase in the threats and the vulnerabilities associated with" industrial systems
HOMELAND SECURITY NEWS
Slowing Time As A Way To Counter Cyberattacks
University of Tulsa engineers say slowing down Internet traffic when an attack is detected would also slow down malware and give organizations time to respond
IRAN TIMES
Tehran Says It Traces Stuxnet Back To Texas
The commander of the Iranian civil defense organization told the state news agency that Iranian investigations have found that the Stuxnet worm came from Texas: "After following up the reports that were sent, it became clear that the final destinations [of these reports] were the Zionist regime and the American state of Texas," he said
CHANNEL5 BELIZE
Antivirus Founder, John McAfee, Says Politics Caused GSU Raid
Philanthropist John McAfee, founder McAfee Antivirus, was raided and arrested by Belize's Gang Suppression Unit in his home there under what he says were bogus charges
TREND MICRO BLOG
17 Bad Mobile Apps Still Up: 70,000 Downloads So Far
More malicious apps were discovered in the official Android app store now known as Google Play --10 apps using AirPush to potentially deliver ads and six apps that contain Plankton malware
WALL STREET JOURNAL
Card Data Breach May Be Wider Than First Reported
Global Payments compromise may leave as many as 7 million card accounts vulnerable
ADWEEK
Ad Industry Takes Major Step To Fight Online Piracy
ANA, 4A's adopt best practices to cut ads on rogue sites
MICROSOFT
Microsoft To Issue Seven Updates On Patch Tuesday
Three new patches are considered critical, software giant says
THE CONSUMERIST
Study: 13 Million People Haven't Touched Facebook Privacy Settings
Millions rely on default settings, Consumer Reports study says
SC MAGAZINE
700 U.S. Government Staff Details Hacked
Home addresses and phone numbers published on Pastebin
BANK INFO SECURITY
Global Breach: Did It Start In 2011?
New Visa advisories suggest breach goes back to June
BBC
Attack Takes Soca Crime Agency Website Down
Website of U.K.'s Serious Organized Crim Agency is taken offline by cyberattack
SYMANTEC
Website Injection Campaign Used In Conjunction With An Android Trojan
New campaign involves distribution of a mobile threat
THREAT POST
Citing Terms Of Service, Google Takes Down Blog Of Iranian Security Researcher
Google has taken down a blog of an Iranian man who exposed a security hole in a popular point of sale system in Iran and posted account information for 3 million bank accounts in Iran online
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- Endpoint Security: End user security requires layers of tools and training as employees use more devices and apps.
- Security Isn't A Piece Of Cake: It's time we rethink the conventional wisdom about security layering.
- BYOD Is Here To Stay: Trying to keep employees' devices off the network is futile.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-1612
Buffer overflow in secars.dll in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1.x before 12.1.3, and Symantec Endpoint Protection Center (SPC) Small Business Edition 12.0.x, allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2013-2866
The Flash plug-in in Google Chrome before 27.0.1453.116 does not properly determine whether a user wishes to permit camera or microphone access by a Flash application, which allows remote attackers to obtain sensitive information from a machine's physical environment via a clickjacking attack, as demonstrated by an attack using a crafted Cascading Style Sheets (CSS) opacity property.
CVE-2013-2969
Cross-site scripting (XSS) vulnerability in IBM Sterling Control Center (SCC) 5.2 before 5.2.0.9, 5.3 before 5.3.0.4, and 5.4 through 5.4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving invalid characters.
CVE-2013-2968
An unspecified buffer-read method in IBM Sterling Control Center (SCC) 5.2 before 5.2.0.9, 5.3 before 5.3.0.4, and 5.4 through 5.4.0.1 allows remote authenticated users to cause a denial of service via a large file that lacks end-of-line characters.
CVE-2013-4622 (droid_incredible)
The 3G Mobile Hotspot feature on the HTC Droid Incredible has a default WPA2 PSK passphrase of 1234567890, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area.



