Best Of Web
Best Of The Web
SOPHOS
LulzSec Reborn Claims Responsibility For Military Dating Site Hack, Accounts Exposed
Group that broke into MilitarySingles.com claims to be new incarnation of notorious cybergang
THE REGISTER
Spooked Spooks Made Symantec End Huawei Fling -- New Claim
Security vendor stopped deal with Chinese telecom vendor because it feared the joint venture would prevent it from gaining access to classified cyberintelligence
WALL STREET JOURNAL
U.S. Outgunned In Hacker War
FBIs top cybercop offers grim appraisal of nation's efforts to keep hackers at bay
ALIENVAULT
MS Office Exploit That Targets MacOS X Seen In The Wild -- Delivers "Mac Control" RAT
A look at some new Mac Trojans and the MS Office files that deliver them
GOOGLE CHROME
Stable Channel Update
The Chrome Stable channel has been updated to 17.0.963.83 on Windows, Mac, Linux, and Chrome Frame -- among the flaws fixed were use-after free, memory corruption, and cross-origin violation vulnerabilities that were discovered at the Pwnium contest
MICROSOFT TECHNET BLOG
Peace Games -- Bluehat Prize Update And Countdown
Microsoft's BlueHat Prize contest deadline is April 1st, and the top prize is $200,000 in cash for winning security defense research
ZDNET BLOG
Celebrity Hacker To Plead Guilty
Christopher Chaney, who was charged with hacking into the e-mail accounts of celebrities such as Christina Aguilera and Scarlett Johansson, faces a maximum sentence of 60 years in prison but will likely receive a reduced sentence
THE HACKER NEWS
Facebook Profiles Can Be Hijacked By Chrome Extensions Malware
Researchers at Kaspersky Lab say malicious Chrome browser extensions are being uploaded to the Chrome Web Store and being used to take over Facebook accounts
PC WORLD
Android Gets Bad Rap For Risk, Security Researchers Say
The general consensus is that while Android malware is not yet close to the problem it is for computers, it is a legitimate and growing problem, worth the attention of major enterprises
TREND MICRO BLOG
A Look Into The Most Notorious Mac Threats
The Mac OS has been threatened by various attacks, including several DNS Changers, backdoors and worms, scareware and spyware -- a look at the �dirty dozen� threats
SCHNEIER ON SECURITY
Congressional Testimony On The TSA
Security expert Bruce Schneier was scheduled to testify today about the TSA at the House Committee on Oversight and Government Reform, but on Friday was removed from the witness list at the request of the TSA
SECURELIST BLOG
Carberp: It's Not Over Yet
Recent arrest by Russian authorities of suspects allegedly using the Carberp for financial fraud was good news, but the developers of Carberp are still at large and selling the crimeware
WORLD NEWS TRIBUNE
Paralysis Warfare: China's Cyber Focus Is To Cripple U.S. Infrastructure
China has the capabilities to disrupt key elements of the U.S. national defense infrastructure in a pre-emptive attack, a new report reveals
FORBES
Shopping For Zero-Days: A Price List For Hackers' Secret Software Exploits
A look at how hackers such as "the Grugq" work as middlemen for selling zero-day exploits to governments -- he could make up to $1 million revenue this year from commissions
MCAFEE BLOG
5 Lessons Learned from RSA
Among the themes of the recent RSA Conference: social networking sites are hotbeds for cybercriminals; intellectual property is in the bull's eye; and multiple layers of defense is the best defense
THE WASHINGTON POST
Anonymous Targets The Pope
Pope Benedict XVI's upcoming pilgrimage to Mexico and Cuba is under threat from hacktivists, as a Mexican-based Anonymous group has blocked websites for the pontiff's visit and called the Pope''s visit a political move in support of Mexico's conservative National Action party
INFOWORLD
Mobile Malware: Beware Drive-Bby Downloads On Your Smartphone
Drive-by downloads are coming to your smartphone, and they're harder to detect than traditional PC-based versions. Here's how you can protect yourself
SEARCH SECURITY
University Researchers Document Android Adware Privacy Risks
Some Android apps have adware that expose a user's personal information, researchers at NC State say in a new report
SECURITY WEEK
IBM: Attackers Change Techniques As Unpatched Software Vulnerabilities Fall
A new report from IBM's X-Force says the number of unpatched vulnerabilities in 2011 dropped to 36 percent from 43 percent in 2010, and attackers are upping their game in response to these better security practices
THE WALL STREET JOURNAL
Can Job Applicants Be Asked For Facebook Passwords?
The ACLU is warning that some prospective employers are asking job applicants for their Facebook credentials as part of their vetting of the candidates
NETWORK WORLD
US ISPs Commit To New Cybersecurity Measures
FCC advisory committee recommendations target botnets, domain name fraud, and Internet route hijacking
ZDNET
Anonymous: LulzSec Returns On April Fools' Day?
Does the hacktivist group have big plans forthcoming? It all seems farfetched -- any maybe it is
COMPUTING.CO.UK
Report: Criminals Switching Tactics To Breach Cyber Defenses
Phishing via social networks, mobile exploits replace older tactics, new report says
BUSINESS WIRE
Study: Organizations Unsure How To Secure Their Software
Security and development professionals disclose distinctly different priorities
THE REGISTER
8,400 Email Addresses Spaffed By Student Loans Company
SLC apologizes after inadvertently leaking the email addresses of students
COMPUTERWORLD
University Of Tampa Says Student Info Was Exposed For Eight Months
Accidental online leak involved more than 6,800 students; another 22,000 may also be affected
THREAT POST
Mass WordPress Compromise Fuels CRIDEX Worm Outbreak
Compromised sites on popular blogging platform are actively infecting users
FORBES
Meet The Hackers Who Sell Spies The Tools To Crack Your PC (And Get Paid Six-Figure Fees)
A look at the fallout from the recent Pwn2Own hackathon
THE REGISTER
Report: Feeble Spam Filters Catch Less Junk Mail
Independent tests conducted by Virus Bulletin of 20 corporate email filtering products found that enterprise spam filters are blocking less junk mail; several missed more than twice as much spam as in previous editions of VB's tests
INFOSEC ISLAND
U.S. Nuclear Facility Networks "Under Constant Attack"
Undersecretary for Nuclear Security and Administrator of the National Nuclear Security Administration said networks that control the U.S.'s nuclear arsenal are "under constant attack" from millions of hacking attempts by mostly governments and other non-state actors every day
THREAT POST
As Data Breaches Mount, PwnedList.com Finds A Market Identifying Victims
A website that gathers and provides information on victims of data breaches is rolling out a commercial service that will charge for daily monitoring of a customer's email addresses against a growing database of more than 12 million email-login credentials
H ONLINE
Alleged LulzSec Hacker Ackroyd Released On Bail
Alleged LulzSec hacker Ryan Ackroyd was released on bail under the condition that he would not access the Internet or use any device with Internet access
THE HILL
Pentagon Invests Heavily In New Arsenal Of Cyberweapons
The Defense Department is investing about $3.4 billion into cyberwarfare accounts across the services and various combat commands, including $154 million for the department's new Cyber Command, which is the first-ever combat command focused on network warfare
ZDNET BLOG
Spoofed LinkedIn Emails Serving Client-Side Exploits
Look out for phony but convincing-looking LinkedIn emails that attempt to fool users into clicking on client-side exploits
SECURITY WEEK
Application Security Processes Not Implemented At Many Enterprises, Survey
New survey by Ponemon found that many organizations are still not building security into their application development process
FORBES
Meet The Hackers Who Sell Spies The Tools To Crack Your PC (And Get Paid Six-Figure Fees)
VUPEN Security hackers who cracked the security of Google's Chrome browser say they weren't planning to share their findings with Google and want to keep the information for their NATO government and NATO partner clients
THE REGISTER
Now CHINA Complains Of Surge In Cyberattacks
Massive pot calls kettle black
THREAT POST
Newly Compiled Driver Shows Duqu Authors Still At Work
Attackers behind industry's most complex attacks developing new exploits, experts say
BBC
Small Firms Easy Targets For Cybercrime
Small businesses are fair game, depending on what they have to offer, hackers say
NETWORK WORLD
Stolen Encryption Key The Source Of Compromised Certificate Problem, Symantec Says
Kaspersky Lab's discovery of Mediyes malware signed with Conpavi digital certificate sets off search
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
- Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-3270 (vnx_control_station, celerra_control_station)
EMC VNX Control Station before 7.1.70.2 and Celerra Control Station before 6.0.70.1 have an incorrect group ownership for unspecified script files, which allows local users to gain privileges by leveraging nasadmin group membership.
CVE-2013-1014 (itunes)
Apple iTunes before 11.0.3 does not properly verify X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate.
CVE-2013-1011 (itunes)
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
CVE-2013-1010 (itunes)
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
CVE-2013-1008 (itunes)
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.