Best Of Web
Best Of The Web
INFORMATIONWEEK
Healthcare's Checklist Security Mentality Failing, Report Says
Despite conducting regular risk analysis, 27% of healthcare organizations suffered a data breach in the last 12 months, twice the percentage reported in 2010
BBC
Insecure Websites To Be Named And Shamed After Checks
Nonprofit Trustworthy Internet Movement (TIM) plan to publish a list of secure and unsecure websites
WEBSENSE BLOG
Weibo Accounts Compromised To Spread Phishing Campaign
New phishing campaigns are rapidly spreading on the Chinese social network Sina Weibo, which has more than 300 million registered users
GOVERNMENT COMPUTER NEWS
Major Cyberattack On U.S. 'Inevitable,' Experts Tell Congress
A panel of cybersecurity experts told Congress yesterday that voluntary guidelines for securing the nation's critical infrastructure have failed and that lawmakers need to enact strong cybersecurity legislation that sets basic security standards
FORBES
Chinese Espionage: The Risks Within U.S. Companies
An equally dangerous cyberespionage threat is from employees or other insiders who steal trade secrets from their corporate employers and hand it over to foreign governments or companies
F-SECURE BLOG
A Tumblr Of Rogues
Rogue AV is now lurking in Tumblr accounts, according to F-Secure
ARBOR NETWORKS
DDoS Attacks On SSL: Something Old, Something New
As more transactions and services are protected by SSL, DDoS attacks on SSL secured services are on the rise
THE REGISTER
Hackers Now Pick Tools From Script Kiddies' Toybox -- Report
Automated attack weapons help black hats spread the pain
HELP NET SECURITY
Web Application Attack Report From Firehost
Company says it has blocked more than 19 million attacks
MARKETWATCH
One In Every Five Mac Computers Harbors Malware, Sophos Research Reveals
Mac devices may be "carriers" of Windows infections, study says
COUNCIL ON FOREIGN RELATIONS
Understanding Illicit Networks
Globalization is benefiting transnational criminal enterprises as well as mainstream business
RAPID7
Automated Security Assessments Can Stop Untargeted Attacks
Nothing can replace a manual security assessment, but with so many untargeted attacks, why are penetration testers still doing most of their work by hand?
INFOWORLD
Cyber Crime Not A Big Deal? Get Real
Microsoft report indicates that cybercrime stats are wildy inflated, but expert says those stats underestimate the problem
THE REGISTER
UK Biz Pays Heavy Price For Skimping On Security -- PwC
One in seven big firms penetrated by cybercrime, study says
HELP NET SECURITY
New WordPress Update A Must For Users
Open-source blogging tool WordPress has issued an update that fixes some major security flaws
HUFFINGTON POST
Cybersecurity Bill Loses Key Provision, Dem Blames 'Extremely Partisan' House Republicans
House Republicans removed a key provision from the PRECISE Act bill for securing the power grid and other critical infrastructure -- allowing the Department of Homeland Security to help create cybersecurity standards that companies must meet
TREND MICRO BLOG
Bogus Olympics 2012 Email Warning Blindside Users With Malware
New Olympics scam email warns recipients of fake websites and organizations selling tickets to this summer�s London Olympics
CIO
Weak Passwords Still Subvert IT Security
Data breach at the Utah Department of Health last month that exposed Social Security numbers of more than 280,000 people demonstrated how weak and default passwords can be deadly
THREAT POST
Accountability -- Not Code Quality -- Makes iOS Safer Than Android
Apple's policies that demand accountability from iOS developers as well as stricter controls on what apps can do on Apple devices have made the platform more secure than Android
WLTX
228,000 South Carolinians Medicaid Info Sent To Email
A state employee for the South Carolina Department of Health and Human Services has been fired after transferring Medicaid information on 228,000 people to his own e-mail account -- thus far, the agency doesn't know why he stole the sensitive information
ARS TECHNICA
TV-Based Botnets? DoS Attacks On Your Fridge? More Plausible Than You Think
Vulnerabilities in Samsung and Sony TVs demonstrates how these consumer devices could also be attacked for denial-of-service purposes
ZSCALER BLOG
French Budget Minister Website Hijacked
The French Minister of Budget�s website was recently hijacked and rigged with obfuscated JavaScript at the top of the page
NAKED SECURITY BLOG
MG0893.zip: Your Photo All Over Facebook? Naked? Malware Campaign Spammed Out
A spammed email campaign purports to have information about a revealing photo posted online of the recipient, but instead spreads a Trojan
ARS TECHNICA
Accused Estonian Fraudster Extradited To The U.S. Appears In Federal Court
An Estonian man allegedly was among seven Estonian and Russian men who headed up the DNSChanger exploit that infected 4 million users worldwide in a click-fraud scheme
SAN INTERNET STORM CENTER
OpenSSL Security Advisory -- CVE-2012-2110
The OpenSSL team has issued a pathc for a newly found vulnerability that exposes applications that use specific features of OpenSSL
ZDNET BLOG
3 Million Bank Accounts Hacked In Iran
An Iranian hacker who discovered a security vulnerability in Iran�s banking system reported it to the banks nationwide; when they ignored his findings, he hacked 3 million bank accounts, belonging to at least 22 different banks, to prove his point
THE WORLD
US And China Prepare Cyber Defenses In Face of Increased Hacking Threat
Former Chinese patriotic hacker says hacking is about searching for the truth, and provides a peek at the mindset of the Chinese hacker
BREAKINGPOINT SYSTEMS
Ready For DNSSEC?
As global DNSSEC deployment begins, concerns arise for carriers and enteprises -- performance of security devices and bandwidth issues, for example � so proper testing is crucial
FORBES
Cybercrime Game Theory: Why Apple's Malware Grace Period Ended Early
Malware writers started targeting Macs sooner than expected, and Sourcefire's Adam O'Donnell talks about how this transpired
THREAT POST
FBI Investigating Election Tampering Following Arrest Of CSUSM Student
The FBI is investigating an allegation that a candidate for student body president at California State University San Marcos stole 700 student identities in an attempt to alter election results
BLOOMBERG
Chinese Espionage Campaign Targets U.S. Space Technology
China is stealing U.S. military and civilian space technology in effort to disrupt U.S. access to satellites, State Dept. says
FIERCE GOVERNMENT IT
FBI: Our Social Media Monitoring Is 'Targeted'
FBI officials say they are choosy about when to watch users' social networking activity
BBC
The Memory Stick That Self-Destructs
If you lose it, you can track its location -- and even remotely scramble its content
BBC
Web Surveillance Plans Create 'Nation Of Suspects'
In U.K., government proposals to watch what people do online creates huge privacy concern
HELP NET SECURITY
Businesses Unable To Comply With EC 24-Hour Breach Notification
U.K. businesses say they can't meet the deadlines for notification under new guidelines
CSO
Compliance Isn�t Security, But Companies Still Pretend It Is, Survey Says
HIMSS Analytics Report says increased compliance hasn't slowed increase in breaches of medical records
ELECTRONIC FRONTIER FOUNDATION
Yes, CISPA Could Allow Companies To Filter Or Block Internet Traffic
Proposed U.S. cybersecurity legislation could enable service providers to spy on users, pass their information to government agencies
INFOSEC ISLAND
On The Value Of Security Conferences
Many security conferences spend too much time preaching to the choir, expert says
THREAT POST
Teen's Arrest Underscores Need for More Secure Web Development
A 15-year-old Austrian boy arrested for breaking into nearly 260 companies during the first three months of this year says he got into hacking because he was bored
FORBES BLOG
Flashback Mac Botnet Shrinking, But Researchers Disagree Wildly On How Much
Data is all over the map on whether the Flashback Trojan targeting Macs is now dead in the water or a plague that hasn't been eradicated
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- How Hackers Fool Your Employees: People are your most vulnerable endpoint. Make sure your security strategy addresses that fact.
- Not All Or Nothing: Effective security doesn't mean stopping all attackers.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-3342 (acrobat_reader)
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 do not properly handle operating-system domain blacklists, which has unspecified impact and attack vectors.
CVE-2013-3341 (acrobat_reader)
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, and CVE-2013-3340.
CVE-2013-3340 (acrobat_reader)
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, and CVE-2013-3341.
CVE-2013-3339 (acrobat_reader)
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3340, and CVE-2013-3341.
CVE-2013-3338 (acrobat_reader)
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.