Welcome Guest. | Log In | Register | Membership Benefits
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173


Best Of The Web

BANK INFOSECURITY
Michaels Breach: Patterns Showed Fraud
Financial institutions and card issuers were able to link incidents of debit and credit fraud to the Michaels retail chain, experts say

THE GUARDIAN
Osborne: Treasury Under Sustained Cyberattack
U.K. Chancellor says the U.K. Treasury is under malicious software attacks led by foreign intelligence agencies, and that government systems are the target of up to 20,000 malicious emails each month

ADOBE BLOG
Adobe Flash Player 10.3 For Desktop And Android Devices Now Available
Flash Player 10.3 is out for Android, Linux, MacOS, and Windows and includes enhanced security features

THE REGISTER
Dropbox 'Insecure And Misleading' --Crypto Researcher
A security researcher is asking the FTC to investigate Dropbox for misleading users into thinking it is more secure than it really is

IT PRO PORTAL
LimeWire And RIAA Reach Settlement, Accused To Pay $105 Million
LimeWire has settled out of court with the record labels that had sued it for allegedly promoting music piracy -- LimeWire will pay $105 million to all of the 13 complainant music companies

NAKED SECURITY BLOG
Facebook Dislike Button Spreads Fast, But Is A Fake--Watch Out!
If you click, it sends the message to all of the victim's friends and runs an obfuscated Javascript on your system

IB TIMES
Sony PlayStation Network Attack Shows Amazon EC2 A Hackers' Paradise
Amazon's cloud-based Infrastructure-as-a-service, EC2, was used by the hackers who stole personal details of more than 80 million users from Sony's PlayStation Network

THE REGISTER
How Bin Laden Thwarted U.S .Electronic Surveillance
Osama bin Laden didn't have a phone or Internet, but used email by saving messages to a thumb drive and having them sent from an Internet cafe, the Associated Press reports

GOVERNMENT COMPUTER NEWS
White House Cyber Plan Would Expand Role Of DHS, Private Sector
The Obama administration has proposed cybersecurity legislation that would clarify the government?s role in protecting the nation's critical infrastructure and favor public/private cooperation over regulation

PC WORLD
Rambus Buying Cryptography Research For $342.5 Million
Rambus will acquire security technology company Cryptography Research for $342.5 million in a cash and stock deal in a deal that could encourage chip makers to add security features to their hardware

NAKED SECURITY BLOG
Hackers Steal Fox TV Passwords, Deface Twitter And LinkedIn Pages
A group of hackers that goes by "Lulz Security" hacked a Fox Broadcasting server and published details of hundreds of employees usernames and passwords on the Internet

MSNBC
Study: Android Malware Up 400 Percent
Application downloads are "the single greatest distribution point for mobile malware," but many smartphone users aren't using antivirus tools

IT PRO
WebGL Flaws Hit Firefox And Chrome
US-CERT is telling Firefox and Chrome users to turn off WebGL after a security firm warns of "inherent" issues with the rendering tool

GOVINFOSECURITY
Senators Ask SEC To Issue IT Security Guidance
Five Democratic senators have asked the Securities and Exchange Commission to issue guidance on the disclosure of data breaches and other cybersecurity risks due to inconsistencies in reporting and investor confusion

ZERO DAY LABS BLOG
Possible PlayStation Network Attack Vectors
Veracode says it appears an application vulnerability was initial point of entry for the Sony breach, and it was more a crime of opportunity than a targeted attack

THE REGISTER
CERT Warns Of Critical Industrial Control Bug
Flaw in popular software could enable remote control by an attacker, researchers warn

KREBS ON SECURITY
Anonymous Splinter Group Implicated In Game Company Hack
Eidos Interactive is defaced and plundered

NETWORK WORLD
Smartphones Attract Organized, International, Profit-Driven Scammers
Department of Justice, FTC define mobile security, privacy threats

PARETO LOGIC
Hacked Chinese ".gov" Site Leads To Phishing And Banking Trojan
Vulnerability could cause trouble for banks and their customers, researcher says

TECH RADAR
Asia Is Now The Spam Continent Of The World
Asia has replaced Europe as the primary spam source, report says

CNET
Software Piracy Hits Record High Of $59 Billion
New figure is a 14 percent increase over 2009

THREAT POST
Google Fixes Two Chrome Bugs, Adds Flash 10.3 To Browser
Patches designed to shore up security holes, company says

ECONOMIC TIMES
Cyberscams Rife At Social Networks: Microsoft Security Report
Social nets are becoming "lucrative hot beds" for crime, according to report

SC MAGAZINE
More Than 30 Hospital Workers Fired For Snooping
Employees peeked at records belonging to Minnesota patients who overdosed at a house party

FEDERAL NEWS RADIO
Cyberwarfare Rules Included In Defense Bill
Legislation includes language outlining rules of engagement

BANK INFO SECURITY
Banking On .Bank For Security
Banks plan to become more involved in top-level domain naming

MICROSOFT
Microsoft Improves Exploitability Index
Rating system evolves to become more "clear and digestible" for customers

INFOWORLD
Everything Is Hackable--And Cybercriminals Can't Be Tracked
Cybercrime will be difficult to stop until fundamental changes are made to the Internet, expert says

TRUSTEER
Windows Malware Targets Financial Industry
Previously known malware adapts to new targets

THE TECH HERALD
The Fighting Continues As AnonOps Stages A Comeback
Hacker alleges that IRC operations team was giving orders to others for attacks

F-SECURE
Russian Newspaper Pravda Is Hacked
English-language version of Russia's major newspaper contains malicious exploits, researcher says

TECH RADAR
Limewire Did Break Copyright Law, Says Founder
Well duh, says the rest of the world

CNN
Yes, Microsoft Is Buying Skype
$8.5 billion buyout brings software giant new capabilities -- and maybe some security issues

WALL STREET JOURNAL
Google And Apple Defend Data Privacy Controls
Companies defend practices in Senate hearing

IT BUSINESS.CA
Canada's Phishing Activity Booming, Report Warns
Country has become No. 2 host for phishing sites, according to research

KREBS ON SECURITY
Breach At Michaels Stores Extends Nationwide
Compromise of point-of-sale devices in Chicago also occurred in other cities, retail craft chain says

NETWORK WORLD
WebGL Hit By Hard-To-Fix Browser Security Flaw
Graphics technology built into Firefox and Chrome could pose serious security risks, experts say

CNET
DOJ Wants Wireless Providers To Store User Info
Request pits DOJ against privacy advocates and even other federal agencies

THE REGISTER
Finnish Police Close Case On Phishing Trojan Gang
Seventeen people arrested in scam of Nordea Bank

THE JURIST
U.S. Lawmakers Release Draft Online Child Privacy Act
Edward Markey (D-MA) and Joe Barton (R-TX) have drafted a bill that would restrict companies from tracking the Internet activity of minors without parental consent


Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173








Bugs
ENTERPRISE VULNERABILITIES
Vulnerability:ssl-vpn end-point interrogator/installer activex control
Published:2010-11-03
Severity:High
Description:Stack-based buffer overflow in SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX control (Aventail.EPInstaller) before 10.5.2 and 10.0.5 hotfix 3 allows remote attackers to execute arbitrary code via long (1) CabURL and (2) Location arguments to the Install3rdPartyComponent method.
Vulnerability:gvim
Published:2010-11-03
Severity:High
Description:Untrusted search path vulnerability in VIM Development Group GVim before 7.3.034, and possibly other versions before 7.3.46, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse User32.dll or other DLL that is located in the same folder as a .TXT file. NOTE: some of these details are obtained from third party information.
Vulnerability:cforms
Published:2010-11-03
Severity:Medium
Description:Multiple cross-site scripting (XSS) vulnerabilities in wp-content/plugins/cforms/lib_ajax.php in cforms WordPress plugin 11.5 allow remote attackers to inject arbitrary web script or HTML via the (1) rs and (2) rsargs[] parameters.
Vulnerability:links, wsn links, wsn links
Published:2010-11-03
Severity:High
Description:Multiple SQL injection vulnerabilities in search.php in WSN Links 5.0.x before 5.0.81, 5.1.x before 5.1.51, and 6.0.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) namecondition or (2) namesearch parameter.
Vulnerability:deluxebb
Published:2010-11-03
Severity:Medium
Description:SQL injection vulnerability in misc.php in DeluxeBB 1.3, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the xthedateformat parameter in a register action, a different vector than CVE-2005-2989, CVE-2006-2503, and CVE-2009-1033.



Briefing Centers
POWERFUL INFORMATION
AT YOUR FINGERTIPS
(SPONSORED LINKS)