Best Of Web
Best Of The Web
SACRAMENTO BEE
Virginia Firm Completes Purchase Of HBGary In Sacramento
ManTech International Corp. completes buyout of troubled security firm
INFOSEC ISLAND
NIST: Technical Guidance For Evaluating Electronic Health Records
Federal standards group outlines formal procedures for evaluating the usability of HER systems
STUFF.CO.NZ
Anonymous Blamed For McCully Email Hack
New Zealand Foreign Minister's private Web mail account was compromised, though not by a self-described Russian hacker, who took credit
IT PRO PORTAL
Hackers Compromise 50,000 Credit Cards
Visa and MasterCard confirm that more than 50,000 cards were breached in Global Payments hack
CYBER WAR NEWS
Anonymous And LulzSec Hackers Evolving To Target Corporate Data To Cause Financial Pain
Hacktivists groups want to hurt companies in the pocketbook rather than just making them look bad online, experts say
KREBS ON SECURITY
Global Payments: Rumor And Innuendo
Selected news from the major breach affecting Visa and MasterCard users
SOPHOS
UK Government Plans To Spy On Email, Web, And Internet Phone Use
Proposed legislation would allow authorities to monitor users' Internet activity
PC WORLD
Malware, Phishing Gather In North America
Annual study by Websense indicates that more malware hosting and phishing are coming out of the U.S. and Canada
BBC
Pastebin: Running The Site Where Hackers Publicize Their Attacks
A look at the place where Anonymous and other hackers often roll out their booty
INFOSEC ISLAND
Cyber Criminals Top Secret Service Most Wanted List
Sophisticated cyberschemes have overtaken tradition check washing and counterfeiting operations, officials say
NDU PRESS
Sailing The Cyber Sea
Maritime law and Internet regulation offer some interesting parallels
PC WORLD
IT Must Change Security Strategies To Keep Up With Cybercriminals
Organizations must adopt a more strategic approach to risk management, experts say
INFO SECURITY
Blackhole: The One-Day Exploit Kit
Newest update includes a new Java vulnerability, ESET says
THE NEW YORK TIMES
Case Based In China Puts A Face On Persistent Hacking
Cyberattacks on companies in Japan and India and to Tibetan activists has been linked to a former graduate student at a Chinese university that receives government financing for its research in computer network defense
GOOGLE SECURITY BLOG
An Improved Google Authenticator App To Celebrate Millions Of 2-Step Verification Users
Millions of users now use Google's two-factor authentication now, and the search engine giant has now released Google Authenticator, a mobile app for Android users that supports two-factor authentication
TREND MICRO BLOG
More Than 90 Attacks Uncovered In APT Campaign
The so-called Luckycat advanced persistent threat-style cyberattack campaign not only targeted military research in India, but also organizations in Japan and India, including Tibetan activists. Among the other industries targeted are aerospace, energy, engineering, and shipping
VANITY FAIR
World War 3.0
A look at the struggle among who should control the Internet, including a look at repressive regimes, corporations, hackers, and law enforcement
ASSOCIATED PRESS
Lost Data May Have Exposed 800,000 People In Calif.
A disaster preparedness exercise for data in California's child support system went awry when four storage devices containing the Social Security numbers and other information of about 800,000 adults and children went missing between Boulder, Colo., and Sacramento, Calif., this month as IBM and Iron Mountain were in possession of the devices
CRICKET ON DNS
Could A DDoS Attack Against The Roots Succeed?
A look at why reported threats by Anonymous to "shut down the Internet" on March 31 would be difficult given Anycast and caching
TECH TARGET
Future Of SIEM Market Hinges On Lessons Learned From Past Mistakes
Interfaces and wizards are a lot easier to use, and automated threat responses have become more reliable and SMBs are finally able to use them more easily and affordably
KREBS ON SECURITY
New Java Attack Rolled Into Exploit Packs
Powerful exploit takes advantage of newly disclosed hole in Java
HEALTHCARE INFO SECURITY
VA Ramps Up Security Training
Will deny network access to those lacking updated education
THE INQUIRER
European Hackers Will Face Two Years In Prison
Europe votes in favor of strict sentencing
HELP NET SECURITY
Scammers Advertise Pinterest Bots On Facebook
Internet fraudsters launch paid advertising campaign on Facebook targeting Pinterest fans
THE REGISTER
Everything You Thought You Knew About Cybercrime Is Wrong
Forget teen hackers, the bad guys are aging gangsters with off-the-shelf Web weapons
INFO SECURITY
Keeping The Customer Satisfied: Cybercriminals Focus On Service
Malware-as-a-service offerings enable exploit authors to provide extra services to customers
HELP NET SECURITY
MasterCard Releases Tool That Predicts E-Commerce Fraud
New tool could help merchants mitigate the risk of fraud in online transactions
ARS TECHNICA
Death Of A Data Haven: Cypherpunks, WikiLeaks, And The World's Smallest Nation
Could WikiLeaks make a new home on Sealand? History suggests it might be difficult
NAKED SECURITY BLOG
Justin Bieber's Twitter Account -- Hacked
The Twitter account of pop singer and heartthrob Justin Bieber was hacked and used to spread a phony message and unfollowed some his Twitter contacts
WALL STREET JOURNAL ONLINE
U.S. Outgunned In Hacker War
FBI cybercrime director Shawn Henry, who is stepping down to take a new position in the private sector, said of the nation's efforts to thwart hacking and breaches: "We're not winning"
VENTURE BEAT
Google's Controversial Privacy Changes Give Birth To Cross-Product Insights Tool
In the wake of its new ability to pool consumer data across all of its products under controversial new privacy policy changes, Google is offering users Account Activity, a new cross-product report that users can sign up for to receive account insights on a monthly basis
THE TELEGRAPH
Twitter Admits 'Unfollowing Bug'
A flaw in Twitter "unfollow" an accountholders' list of people they follow without their permission
ADOBE ASSET BLOG
An Update For The Flash Player Updater
An update to Flash Player includes a new background updater that prompts Windows users to choose an automatic update option for future updates to ensure they are running the most recent versions of the app
THREAT POST
RockYou Agrees To $250K FTC Fine Over Loss Of 32m Passwords
The Federal Trade Commission reached a settlement with RockYou over violations of the Children's Online Privacy Protection Act (COPPA) after hackers accessed personal information of its 32 million members, saying the site collected data on some 179,000 children under the age of 13 without the consent of their parents
SMITHSONIAN MAGAZINE
Richard Clarke On Who Was Behind the Stuxnet Attack
Former U.S. counterrorism czar says "it's pretty clear that the United States government did the Stuxnet attack" with Israel playing a "minor role"
THE REGISTER
Sality Botnet Takedown Plans Posted Online
A hacker has posted attack plans against the Sality botnet on the Full Disclosure security mailing list, jokingly warning readers not to take the steps because it would be illegal
SC MAGAZINE
Hacker Who Stole Racy Photos Of Celebrities Pleads Guilty
Thirty-five-year-old man admits to hacking the email accounts of Scarlett Johansson and dozens of other celebrities
ZDNET
Chinese Hacker Arrested For Leaking 6 Million Logins
Leak is biggest hacking case in China's Internet history
COMPUTERWORLD
Soldier Accused Over Microsoft Founder ID
FBI accuses U.S. soldier of stealing the identity of Microsoft's billionaire co-founder, Paul Allen
V3.CO.UK
Games Company Faces Penalties For Exposing User Data
RockYou agrees to pay $250,000 for leaving 32 million user accounts vulnerable to hackers
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
- Three Principles to Improve Data Security and Compliance
- Aligning IT with strategic business goals: A proactive approach to managing IT risk to your business
- Connecting the Dots: Are You Seeing the Complete Big Data Picture?
- How crowdsourced testing has changed the game for innovative software companies
- Ensuring Your Apps Work in the Real World
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
- Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-3661
The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not check whether linked-list traversal is continually accessing the same list member, which allows local users to cause a denial of service (infinite traversal) via vectors that trigger a crafted PATHRECORD chain.
CVE-2013-3660
The EPATHOBJ::pprFlattenRec function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly initialize a pointer for the next object in a certain list, which allows local users to obtain write access to the PATHRECORD chain, and consequently gain privileges, by triggering excessive consumption of paged memory and then making many FlattenPa...
CVE-2013-3634
The SNMPv3 functionality on Siemens Scalance X200 IRT switches with firmware before X-200IRT 5.1.0 does not properly validate credentials, which allows remote attackers to execute arbitrary SNMP commands by leveraging knowledge of a username.
CVE-2013-3633
The web interface on Siemens Scalance X200 IRT switches with firmware before X-200IRT 5.1.0 relies on client-side privilege checks, which allows remote authenticated users to execute arbitrary commands via unspecified vectors.
CVE-2013-1022 (quicktime)
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted mvhd atoms in a movie file.