Best Of Web
Best Of The Web
V3
Hidden Data Trick Could Be Malware Writer's Boon
Researchers have found a way to secretly write data onto a hard drive, with no chance that it could be detected by computer forensic or antivirus tools
BUSINESSWEEK
Skype's Been Hijacked in China, And Microsoft Is O.K. With It
A university researcher has figured out how China's version of Skype -- TOM-Skype -- spies on users
REUTERS
Google Nears $7 Million Settlement With U.S. States Over Wifi Incident: Source
Google is near reaching a $7 million settlement with 30 U.S. states over a 2010 incident in which its Street View mapping cars collected passwords and other personal data from home wireless networks
NEXGOV
iS Carhacking A Serious Threat? Some Analysts Think So
Cars can expose personal information through features like OnStar and Ford SYNC and allow hackers to unlock doors, stop the engine, and deactivate the starter, for example
THREAT POST
Mozilla And Google Patch Browser Flaws Used In Pwn2Own
Less than 24 hours after vulnerabilities in Firefox and Chrome were used and disclosed to the browser vendors, both Mozilla and Google have issued patches for flaws employed by participants in this week's Pwn2Own contest
SECURITY WEEK
Asian Card Fraud Ring Busted In The EU
Finland authorities and the European Cybercrime Center have taken down a criminal syndicate in Asia that ran a stolen credit-card ring
NAKED SECURITY
Germans Bombarded In Malware Attack, Shipment Firm Caught In Crossfire Forced To Suspend Email Address
An aggressive malware campaign has been under way via spam in the past 24 hours, targeting German users
V3
Security Cameras Continue To Pose Snooping Risk
Security researcher was able to access hundreds of publicly accessible IP camera feeds via Google
FORRESTER BLOG
RSA 2013: The Age Of Security Commercialism
Forrester's take on RSA Conference is a desperate need for innovation rather than more of the same tools and boxes
FIERCEMOBILE
F-Secure: Android To Blame For 79% Of All Mobile Malware In 2012
Malware targeting the Android mobile operating system was responsible for 79 percent of all mobile threats last year, up from 66 percent the previous year, says F-Secure
THREAT POST
Twitter OAuth API Keys Leaked
OAuth keys and secrets that official Twitter applications use to access users' Twitter accounts were leaked on Github this morning
BLOOMBERG
Companies Want Lawsuit Shield To Share Cyber Threat Data
Companies such as Dow Chemical, AT&T, and Intel want Congress to provide incentives for including protection from lawsuits in exchange for sharing intelligence with other firms and government
SOFTPEDIA
Class-Action Lawsuit Filed Against LinkedIn After Password Hack Dismissed
A judge has dismissed the class-action lawsuit filed against LinkedIn in the wake of a data breach on the social network last year after concluding the plaintiffs could not prove they had suffered any harm from the incident
SC MAGAZINE
Attackers Use Stolen Certificate To Sign Malicious Java Applet
A malicious Java applet was signed with a stolen digital certificate and designed to look like a security update
ZDNET
Google, Opera 'Reported Microsoft's Browser Breach To EU'
Microsoft's $731 million fine for failing to offer 15 million Europeans a "browser ballot" screen with new Windows 7 Service Pack 1 machines may have been prompted by its browser rivals, Google, and Opera
THE NEXT WEB
Despite Its Efforts To Fix Vulnerabilities, Yahoo�s Mail Users Continue Reporting Hacking Incidents
Users of Yahoo Mail users for months now have had their email accounts broken into despite Yahoo's fixing at least two security holes
SECURITY WEEK
Kaspersky Lab Discovers AlbaBotnet, An Emerging Botnet Targeting Chilean Banks
A botnet appears to be gearing up to inflict financial damage on accounts at banks in Chile
COMPUTERWORLD
U.S. Military Networks Not Prepared For Cyber Threats, Report Warns
Consequences of a full-scale cyber conflict could be major, Defense Science Board warns
BANK INFOSECURITY
New Wave Of DDoS Attacks Launched
Hacktivist group says today it will launch a third wave of distributed-denial-of-service attacks on U.S. banking institutions
INFOWORLD
Java Zero-Day Holes Appearing At The Rate Of One A Day
Tongue-in-cheek tracker site makes the point that as soon as Oracle fixes new bugs, more crop up to take their place
THE HACKER NEWS
Oil Producer Saudi Aramco's Twitter Account Hacked
The official Twitter account of Saudi Aramco, the world's biggest oil producer, was taken over by a hacker who goes by the handle 'Mister Rero'
SPIDER LABS BLOG
Kelihos Is Dead… No Wait… Long Live Kelihos! Again!
After a live takedown of the Kelihos botnet at RSA by CrowdStrike researcher, Trustwave SpiderLabs has spotted a resurgence in the botnet's spamming activity -- now at more than half of the spam it had in its traps
SOFTPEDIA
Indian Government Hit By Cyberattacks, China Mentioned But Not Appointed As Attacker
India's National Informatics Center (NIC) says attackers including those out of China have "from time to time" attempted to penetrate the computer networks operated by the country's government
WIRED
Google Says The FBI Is Secretly Spying On Some Of Its Customers
Google has published a 'range' of times it received National Security Letters demanding it divulge account information to the authorities without warrants
BANK INFOSECURITY
Using Diplomacy To Stop Cyber-Attacks
White House cybersecurity coordinator Michael Daniel said diplomacy will play a key role in stemming cyberattacks against American economic interests
SECURITY LEDGER
Evernote Denies Java Exploit Used In Hack
Online storage and productivity service Evernote said the hack of its network that exposed information on 50 million users doesn't appear to have exploited a Java vulnerability
SEARCH SECURITY
RSA 2013: Experts Struggle To Define Offensive Security, Hacking Back
Panelists debate when security crosses the line from defense to offense
PC MAGAZINE
Going After Affiliate Networks, Malware's Achilles' Heel
Cutting off money to affiliates could help curtail malicious activity, experts say
THREAT POST
Google Patches 10 Chrome Flaws Ahead Of Pwn2Own, Pwnium
Google raised the degree of difficulty for Pwn2Own and Pwnium hacking contestants by patching 10 vulnerabilities in its Chrome browser this week
NAKED SECURITY BLOG
Russian Ransomware Takes Advantage Of Windows PowerShell
Attackers demand 10,000 Rubles to undo the damage they wreak on victims' machines
THE REGISTER
Java Malware Spotted Using Stolen Certificate
Malware comes with a signature using credentials stolen from Clearesult Consulting in the US.
YAHOO NEWS
Czech News Media Face Cyberattacks
DDoS attacks hitting Czech news organizations began today
RIDE THE LIGHTNING
U.S. Businessman Videos Chinese Misbehavior In His Hotel Room
Law enforcement shows video of Chinese authorities inserting a flash drive into businessman's laptop, and photographing his papers during his visit to China
THREAT POST
Prompted By Oracle Rejection, Researcher Finds Five New Java Sandbox Vulnerabilities
Polish security firm Security Explorations said today it reported five new vulnerabilities in Java SE 7 to Oracle. If combined, researcher Adam Gowdiak said, they can be used to gain a complete bypass of the Java sandbox
EWEEK
SCADA Security Experts Call For More Public-Private Collaboration
Companies, academia, and government need to work together and exchange information in the critical information security space, experts said at the RSA Conference
THE HACKER NEWS
Samsung Galaxy Note II Lock Screen Bypassed
A hacker found a way to bypass the phone's lock screen without needing a password
MAC RUMORS
Apple Updates Anti-Malware Software To Block Older Versions Of Adobe Flash Player Plug-in
Apple today updated its malware definition file to block older versions of Adobe Flash Player in Safari
CSO ONLINE
Prices Fall, Services Rise In Malware-As-A-Service Market
Webroot has seen prices starting for a U.S. botnet fall from $200 to $120, thanks to competition
THE REGISTER
Banged-Up Brit Hacker Hacks Into His Own Prison's Mainframe
A U.K. hacker behind bars for masterminding the infamous GhostMarket.net cybercrime marketplace hacked into his prison's mainframe during an IT lesson in jail
THE NEW YORK TIMES BLOG
Use, Not Collection, Should Be Focus Of Data Rules, Report Says
Privacy rules should focus on how data is used rather than on the widespread collection of personal data, new World Economic Forum's Personal Data project report concludes
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
- Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-3562
Multiple integer signedness errors in the tvb_unmasked function in epan/dissectors/packet-websocket.c in the Websocket dissector in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (application crash) via a malformed packet.
CVE-2013-3561
Multiple integer overflows in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (loop or application crash) via a malformed packet, related to a crash of the Websocket dissector, an infinite loop in the MySQL dissector, and a large loop in the ETCH dissector.
CVE-2013-3560
The dissect_dsmcc_un_download function in epan/dissectors/packet-mpeg-dsmcc.c in the MPEG DSM-CC dissector in Wireshark 1.8.x before 1.8.7 uses an incorrect format string, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
CVE-2013-3559
epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.8.x before 1.8.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (integer overflow, and heap memory corruption or NULL pointer dereference, and application crash) via a malformed packet.
CVE-2013-3558
The dissect_ccp_bsdcomp_opt function in epan/dissectors/packet-ppp.c in the PPP CCP dissector in Wireshark 1.8.x before 1.8.7 does not terminate a bit-field list, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.