Best Of Web
Best Of The Web
CNET
Mozilla Is First Major Tech Company To Denounce CISPA
While Facebook, Microsoft, and Oracle have thrown their support behind the controversial Internet surveillance bill that passed in the House last week, Mozilla says the bill "infringes on our privacy"
INFOSEC ISLAND
Did Iran Recover Encrypted Data From Downed Stealth Drone?
If Iran did really recover encrypted data from the downed U.S. drone as it claims, could they use the information gained to compromise another unmanned drone?
SCHNEIER ON SECURITY
Cybercrime As A Tragedy Of The Commons
An essay on cybercrime contends that cybercrime isn't as major a problem as thought, and exaggerating the effects of cybercrime is a direct result of how the estimates are generated, Bruce Schneier notes
E-HACKING NEWS
"The Unknowns" Hacker Group Hacked NASA, US Air Force, ESA, And Others
A group of hackers who goes by "The Unknowns" says it hacked NASA, the U.S. Air Force, Harvard University, Renault, and the European Space Agency -- the group posted documents on Pastebin that it says prove the breaches
OXFORD UNIVERSITY BLOG
Musings On Mac Malware
Oxford University's OxCERT says it has been "somewhat overwhelmed by Mac malware" over the past couple of weeks, and this may be the biggest outbreak since Blaster hit Windows machines in 2003
THREAT POST
Google Fixes Five Bugs In Chrome 18
Google has issued an update that patches five security vulnerabilities in its Chrome browser, including three high-severity flaws
BLOOMBERG
Military Secrets Leak From U.S. Universities With Rules Flouted
Sensitive information gets out through university course material
COMPUTERWORLD
Hackers Pick Google's Pocket With Mac Virus
Hackers behind Mac virus could be making $10,000 a day by hijacking clicks, Symantec says
CIO
Proposed Bill Would Protect Employees� Facebook Passwords
A bill filed in the U.S. House of Representatives would protect people from snooping employers and schools
THE REGISTER
Skype Slurping Software Threatens IP Exposure
It's a P2P problem, says Redmond subsidiary
SECURITY WEEK
Why Bad Security Is Bad Business
Business leaders must learn that IT security risks are real risks to their success
TRUSTEER
Fake G-Men Attack Hijacks Computers For Ransom
Ransomeware poses as the U.S. Department of Justice and hijacks victims' computers
COMPUTERWORLD
Iran Admits Expanded Cyberattacks, Claims It's Identified Hackers
But state-backed media reports are thin on details
SECURITY NEWS DAILY
How Far Behind Is Apple's Security?
Eugene Kaspersky says Apple is 10 years behind Microsoft. Is he right?
GOVERNMENT COMPUTER NEWS
House Wraps Up Cyber Week By Passing Two More Security Bills
The House of Representatives passed both the Cybersecurity Enhancement Act of 2011, H.R. 2096, and the Advancing America�s Networking and Information Technology Research and Development Act of 2012, H.R. 3834 -- all following passage of the controversial Cyber Intelligence Sharing and Protection Act (CISPA)
THE LOS ANGELES TIMES
Full FCC Report On Google Street View Reveals New Details
The Google engineer who wrote Street View software said he intentionally wrote it for the program to grab emails, passwords, and other data from unprotected wireless networks and told fellow engineers and a senior manager that he did so
FARS NEWS
Cyber Attack Fails To Hack Iranian Science Ministry
Iran's Ministry of Science, Research and Technology yesterday said hackers did not get inside the Ministry's network despite media reports of their network going down after a cyberattack
IT PRO UK
Workplace Facebook Bans Are A Waste Of Time
Barracuda Networks' chief research officer says when companies ban social networks in the workplace, users usually find a way around the ban
THE WALL STREET JOURNAL BLOG
Religious Sites Are Worst For Malware, Report Finds
Symantec's new Internet Security Threat Report says religious websites are the most at risk of harboring malware, mainly fake antivirus software attacks
COMPUTERWORLD
Snow Leopard Users Most Prone To Flashback Infection
Russian antivirus firm Dr. Web says data shows that nearly two-thirds of the Macs infected by the Flashback Trojan were Macs running OS X 10.6, a.k.a. Snow Leopard, while 28 percent of Lion OS users are running outdated versions of the OS
HELP NET SECURITY
Popular Android Apps Leak Private Information
AhnLab has discovered many popular Android apps are asking for excessive permissions to access to user data
NAKED SECURITY BLOG
Intruder Compromises User Database For Star Trek Online And Other MMORPGs
Cryptic Studios had informed users that it suffered a database breach exposing online gaming customers 16 months ago, exposing user account names, handles, and encrypted passwords, some of which were cracked
NAKED SECURITY BLOG
Python-Based Malware Attack Targets Macs. Windows PCs Also Under Fire
SophosLabs says a new malware attack targeting both Mac and Windows computers exploits the Java vulnerability that was used in the Flashback Mac infection -- patches for the Java vulnerability have been available since Feb. 14 for Windows, Linux, and Unix computers, and since early April for Mac
NETWORK WORLD
Microsoft Patches Hotmail After 0-Day Remote Password Reset Exploited In The Wild
Microsoft has now fixed a zero-day password reset and setup flaw in Hotmail that cybercriminals were already exploiting
CNET
Globalsign Breach Stemmed From Unpatched Server
CA GlobalSign's Web server breach last year was tied to a piece of open-source software not being updated, a senior GlobalSign executive told ZDNet UK
SEARCH SECURITY
Google Vulnerability Reward Program Increases, Microsoft Unfazed
Google has increased its bounty for vulnerabilities that allow for code execution to $20,000, but lowered it bounty for lower-risk bugs
THREAT POST
Critical Bug Reported In Oracle Servers
Proof-of-concept exploit code is out for a remotely exploitable bug in all current versions of Oracle's database server -- Oracle reported the bug fixed, but actually only fixed it in upcoming, not existing, versions of the software
COMPUTERWORLD
Engineers Look To Fix Internet Routing Weakness
Internet traffic can be maliciously routed in order to spy on communications, so experts are studying for an easier fix to remedy this
THE CHICAGO SUN TIMES
House Passes CISPA Cybersecurity Bill Obama Opposes
The U.S. House of Representatives voted in favor of the Cyber Intelligence Sharing and Protection Act (CISPA), which would encourage companies and the feds to share information on cyberattacks
THE REGISTER
Elgamal, Marlinspike Join Dream Team Tackling SSL Screw-Ups
The new SSL Pulse dashboard shows that only 10 percent of the world's top websites follow SSL deployment best practices.
BLOGSPOT
The Facebook Hack -- What Really Happened
Convicted hacker tells the story in his own words
CNET
House Approves CISPA Despite Last-Minute Push By Opponents
Bill that allows Internet companies to open their networks to the feds passes by 248-168 vote
CyberCrime & Doing Time
SOCA and FBI Seize 36 Criminal Credit Card Stores
U.K. and U.S. agencies complete joint operation targeting 36 criminal websites
SECURITY WEEK
Trustworthy Internet Movement Looks To Fix SSL, Certificate Authority Ecosystems
TIM announces that it has chosen SSL governance and implementation as its first project
IT WORLD
World's Most Dangerous Hackers Want To Steal How You Make Money
Intellectual property becomes an important currency in cybercrime
TRENDLABS MALWARE BLOG
Usenix LEET 2012: Observations On Emerging Threats
A look at the characteristics and trends in today's most sophisticated exploits
THREAT POST
Backdoor In Equipment Used For Traffic Control, Railways Called 'Huge Risk'
Security researchers warn of risk posed by embarrassing security hole in industrial control software
IT WORLD
FBI Steps UP 'Internet Doomsday' Awareness Malware Campaign
FBI says infected users must deal with DNS changer malware or risk losing Internet in July
THREAT POST
Firefox 12 Debuts With Silent Update Mechanism
Mozilla has released version 12 of Firefox and the browser now includes an automatic update mechanism so users don't have to install patches themselves anymore
ASHIMMY BLOG
Hiding Behind A Mac Is No Longer An Option
The honeymoon is over for Macs, with the recent Flashback malware attack that infected more than 600,000 machines, and Apple's not-so smooth response to the attack
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- How Hackers Fool Your Employees: People are your most vulnerable endpoint. Make sure your security strategy addresses that fact.
- Not All Or Nothing: Effective security doesn't mean stopping all attackers.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-3342 (acrobat_reader)
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 do not properly handle operating-system domain blacklists, which has unspecified impact and attack vectors.
CVE-2013-3341 (acrobat_reader)
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, and CVE-2013-3340.
CVE-2013-3340 (acrobat_reader)
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, and CVE-2013-3341.
CVE-2013-3339 (acrobat_reader)
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3340, and CVE-2013-3341.
CVE-2013-3338 (acrobat_reader)
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.