Best Of Web
Best Of The Web
THE WASHINGTON POST
Several Nations Trying To Penetrate U.S. Cyber-Networks, Says Ex-FBI Official
At least six countries are rooting through U.S. corporate and military computer systems looking for data and establishing a presence for possibly disrupting or destroying those networks, says Shawn Henry, who retired from his post last month
SAN JOSE MERCURY NEWS
Homeland Security Chief Contemplating Proactive Cyber Attacks
Homeland Security Secretary Janet Napolitano this week said she would consider having technology companies work with the government in "proactive" efforts to stop attackers outside the U.S.
TIME MAGAZINE
Anonymous Named To Time's 100 Most Influential People In The World List
The hacktivist collective's disruptive hacks of Arab dictatorships, the Vatican, banking and entertainment firms, the FBI, CIA, Stratfor, and San Francisco's BART transport system helped earn it a spot on the list this year
CNET
White House Questions CISPA Cybersecurity Bill
The Obama administration says information-sharing bills must preserve 'privacy and civil liberties' but stopped short of a veto threat
ESECURITY PLANET
Report: Stuxnet Malware Planted By Iranian Double Agent
Security expert Mikko Hypponen, chief research officer at F-Secure, says this latest theory doesn't add up: "If they had a mole inside who could plant it to the right place, why write a worm at all? I don't buy it," he told one news outlet
THREAT POST
Google Warns 20,000 Webmasters About 'Weird Redirects'
Google has warned around 20,000 website owners that their sites may be compromised and are performing "weird" redirections, possibly to malicious sites
THREAT POST
New Mac Malware, SabPub, Used In Targeted Attacks
Kaspersky Lab says new malware named SabPub exploits the same Java security hole as the Flashback Trojan and can be used for targeted attacks against Mac users
NAKED SECURITY BLOG
Apple Ratchets Up Security On App Store And iTunes
Apple is forcing some iTunes/App Store/iOS customers to set up three new security questions and an alternate email as another layer in anti-phishing and protection from online fraud
CSO ONLINE
Law Firms See Big Money In Healthcare Breach Cases
Filing privacy breach cases as class actions is new and new legal precedents will be made, and plenty of money is at stake
THE NEW YORK TIMES
The Cybercrime Wave That Wasn't
The true measure of the cybercrime problem is the fallout on victims rather than on the gains by the bad guys
CLEVELAND.COM
Bridgestone Trade Secrets Case Against Scientist Follows FBI Probe
A former scientist at Bridgestone Americas Center for Research & Technology in Akron has been arrested for giving trade secrets that he copied onto CDs to a Chinese polymer maker
ZDNET BLOG
New Version Of Mac OS X Trojan Exploits Word, Not Java
A second variant of the Mac OS X Trojan called SabPub is exploiting a Microsoft Word security hole, not Java vulnerabilities that were used before
BBC
Facebook Supports CISPA Cyber-Security Bill
Facebook is backing the new HR 3523 Cyber Intelligence Sharing and Protection Act that would let government agencies access data of users under suspicion of posing a cyberthreat as well as enable better information-sharing among security agencies and online firms
THE LOS ANGELES TIMES
With So Much At Stake, Companies Turn To Hired Hackers
Aerospace industry firms such as Boeing are recruiting cybertalent in more nonconventional areas, such as job candidates with experience and talent in cybersecurity contests and efforts
INFO SECURITY
Dirt Jumper DDoS Bot Family Has Over 300 Varieties
New version of commercial crimeware kit has already been used to attack numerous websites
THREAT POST
Apple Releases Fix For Flashback Malware
Apple rolls out Java update that is designed to remove Flashback Trojan
GOVERNMENT INFO SECURITY
Assessing Medical Device Security
Panel calls for pre-market security reviews
TECHWORLD
BlackBerry Still Trumps Android For Security, Analysis Finds
Android lags badly, is too fragmented, experts say
SECURITY & DEFENSE AGENDA
CISPA Debate Heats Up
Public backlash to Cyber Intelligence Sharing and Protection Act forces bill's sponsors to step forward
INFOWORLD
Oracle To Issue 88 Security Patches
Latest patch batch will be even larger than the last one, company says
THE LOCAL
Anti-Nazi Hacktivists Vow To Continue Cyberwar
German hackers pledge to continue campaign against the far right, despite crackdown on hacktivism
SECURITY WEEK
Analyzing the Verizon Breach Report
Hacktivists, organized crime take different approaches to enterprise attacks
NEXGOV
Cyber Czar: Power Companies Need To Watch Their Backs
White House cybersecurity coordinator Howard Schmidt yesterday at a McAfee conference said utilities must regularly identify security flaws in their electricity delivery systems as the U.S. Department of Energy, the White House, Homeland Security Department, and power companies test a voluntary reporting model
WEBROOT BLOG
Spamvertised LinkedIn Notifications Serving Client-Side Exploits And Malware
A spam campaign of LinkedIn themed messages is under way that tries to trick users into clicking on malicious links embedded in the emails
THE HACKER NEWS
Iran Replacing Google, Hotmail With Its Own Internal Search Engines And Email Services
Iran has disputed a report that quoted an Iranian minister for information and communications technology saying Iran was replacing Internet services, such as Google, Yahoo, and Hotmail, with homegrown services by the country
RSA BLOG
Time To Push The Reset Button?
RSA says it's time to accept that intrusions are inevitable, and start to build a path that moves payment security forward so that while intrusions may be inevitable, they don't result in data loss
COMPUTERWORLD
Mac Security Software Sales Jump After Flashback Infections Make News
Some antivirus vendors have seen an increase sales or in downloads of free Mac Antivirus and security programs in the wake of the recent revelation of a massive OS X botnet
HELP NET SECURITY
0-day In Backtrack Linux Found, Patched
InfoSec Institute says a student found a zero-day vulnerability affecting the last version of Backtrack Linux -- the flaw has now been fixed
ISS SOURCE
Stuxnet Loaded By Iran Double Agents
The Stuxnet virus was installed in the Natanz Iranian nuclear facility by an Iranian working for Israel who used an infected USB stick to spread the virus, according to former and serving U.S. intelligence officials
SYMANTEC BLOG
OSX.Flashback.K -- Suffering A Slashback -- Infections Down To 270,000
Symantec says that the number of Apple Macintosh computers infected with Flashback in the past 24 hours is about 270,000, down from 380,000
F-SECURE BLOG
F-Secure: Free Flashback Removal Tool
The antivirus firm is now offering a free tool that automatically detects and removes the widespread Flashback Trojan malware from Mac OS X machines
THREAT POST
Google Fixes SSL Certificate Error In Chrome
Update for Chrome fixes issue where when connecting to sites via HTTPS, the browser misidentified some legitimate sites as having invalid certificates when that was not the case
ARS TECHNICA
Rise Of 'Forever Day' Bugs In Industrial Systems Threatens Critical Infrastructure
Security vulnerabilities that vendors have no intention of fixing in control systems are growing
DAMBALLA BLOG
The APT Deception
China isn�t the only advanced persistent threat actor: Traffic originating from China could include attack traffic tunneled through open proxies and bot-infected hosts in the country but from cybercriminals in other regions
THE REGISTER
Malware-Infected Flash Cards Shipped Out With HP Switches
HP found it was shipping virus-laden compact flash cards with its HP ProCurve 5400zl switches, the company is warning
THE WASHINGTON POST
Police, Feds Target Cellphone Thieves By Limiting Their Resale Market
AT&T, T-Mobile, Verizon, and Sprint will create a database of identification numbers embedded in smartphones so when one is reported stolen, service will be denied when someone tries to use it
WIRED
Board Urges Feds To Prevent Medical Device Hacking
Pressure is on the FDA and the feds to analyze the security of wireless medical devices before they to go market, as well as to set up a vulnerability reporting system via the U.S. CERT for tracking security flaws in these devices
WASHINGTON POST
Pentagon To Fast-Track Cyber Weapons Acquisition
U.S. military could develop weapons against specific targets in a matter of days
FOX NEWS
Grandpa, Patriot Who Goes By 'The Raptor,' Claims Credit For Taking Down Al Qaeda Websites
American grandfather says he is waging his own war on terror
ADOBE
Security Updates Available For Adobe Reader And Acrobat
Updates to eliminate current vulnerabilities, software vendor says
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- Endpoint Security: End user security requires layers of tools and training as employees use more devices and apps.
- Security Isn't A Piece Of Cake: It's time we rethink the conventional wisdom about security layering.
- BYOD Is Here To Stay: Trying to keep employees' devices off the network is futile.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-2866
The Flash plug-in in Google Chrome before 27.0.1453.116 does not properly determine whether a user wishes to permit camera or microphone access by a Flash application, which allows remote attackers to obtain sensitive information from a machine's physical environment via a clickjacking attack, as demonstrated by an attack using a crafted Cascading Style Sheets (CSS) opacity property.
CVE-2013-2969
Cross-site scripting (XSS) vulnerability in IBM Sterling Control Center (SCC) 5.2 before 5.2.0.9, 5.3 before 5.3.0.4, and 5.4 through 5.4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving invalid characters.
CVE-2013-2968
An unspecified buffer-read method in IBM Sterling Control Center (SCC) 5.2 before 5.2.0.9, 5.3 before 5.3.0.4, and 5.4 through 5.4.0.1 allows remote authenticated users to cause a denial of service via a large file that lacks end-of-line characters.
CVE-2013-4622 (droid_incredible)
The 3G Mobile Hotspot feature on the HTC Droid Incredible has a default WPA2 PSK passphrase of 1234567890, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area.
CVE-2013-0484 (cognos_tm1)
The server process in IBM Cognos TM1 10.1.x before 10.1.1 FP1 allows remote attackers to cause a denial of service (daemon crash) via an undocumented API call that triggers the transmission of unexpected data.