Best Of Web
Best Of The Web
HELP NET SECURITY
Confidential Documents Are Leaving The Workplace
Ninety percent of Americans believe people remove confidential documents from the workplace, even though it is grounds for termination
SOPHOS
Want To Use Your Gadgets At Takeoff And Landing? U.S. FAA To Review Policy
FAA to take 'fresh look' at using personal devices such as e-readers and tablets during takeoff and landing
HELP NET SECURITY
Phishers Trick Gamers With Adult Cam Show Offer
Popular gaming brand is NOT introducing low-cost peep shows, so don't try to sign up
INFOWORLD
How To Defeat The New RDP Exploit --The Easy Way
While you're installing the patch, consider using nondefault port assignments for added security
COMPUTERWORLD
MDM: Part Of The Mobile Security Solution?
Mobile device management (MDM) applications and services can help with security issues but an MDM-only mobile security program is not enough
PC MAGAZINE
Study: Free Android Apps Can Steal Your Phone's Power
A study conducted by Purdue University and Microsoft found that that as much of 75 percent of the power a smartphone application uses is for serving up third-party ads
NETWORK WORLD
Computer Viruses Could Cross Frontier Into Biological Realm, Researchers Say
Cybercriminals could write malicious software that crosses the line from technology to biology, crafting viruses that could spread dangerous epidemics, researchers said at Black Hat Europe said
HELP NET SECURITY
US Government And Military Email Addresses Offered For Sale
Webroot recently discovered an offer for sale of millions of email addresses harvested by a cybercrime underground service via a database based on country or generic top-level
INFOSEC ISLAND
Spoofed LinkedIn Messages Serving BlackHole Exploit
LinkedIn users have reported receiving email notifications containing a malicious link infected with a BlackHole exploit
THE REGISTER
Brit LulzSec Suspect Charged Over NHS, Plod Web Attacks
Alleged LulzSec member Ryan Ackroyd, 25, appeared in a London court on Friday charged to face charges for cyberattacks against websites maintained by the CIA and the UK's Serious Organised Crime Agency
CNET
Imuler/Revir Trojan For OS X Resurfaces
A new variant of the Trojan malware scam Revir and Imuler was uncovered that tried to lure Mac users into installing the malware, which then stole their personal information � the new version is hidden in ZIP files
NAKED SECURITY BLOG
Google: 130 Million Scam Ads Axed In 2011
Google says it has trimmed scam ads by more than 50 percent year over year from 2010 to 2011, according to a new Google blog post
THE REGISTER
Hackers Hit 112 Indian Gov Sites In Three Months
The Indian government this week said that more than 100 of its websites had been hacked in just three months at the beginning of the year, including that of a state-owned telecom company
TECHTARGET BLOG
NSA Mobile Security Plan Could Be Roadmap For All Mobile Device Security
The NSA's recommended Enterprise Mobility Architecture could be the blueprint needed for the private sector
ZDNET BLOG
Exploit Code Published For RDP Worm Hole; Does Microsoft Have A Leak?
Signs indicate that Microsoft's prepatch vulnerability-sharing program has been breached or has suffered a major leak as Chinese hackers have released proof-of-concept code that provides a road map to exploit the newly disclosed and patched Remote Desktop Protocol vulnerability
THE NEW YORK TIMES BLOG
Daily Report: Pressure Builds Over App Store Fraud
Facing hijacked accounts and phony apps, consumers are reporting Apple's iTunes Store and, in particular, its App Store, are not as secure as advertised
THREAT POST
Can Google Be Forced ByTthe FBI To Unlock Users' Phones?
FBI officials have requested a search warrant that would force Google to "provide law enforcement with any and all means of gaining access, including login and password information, password reset, and/or manufacturer default code ("PUK"), in order to obtain the complete contents of the memory of cellular telephone" in the wake of a case of an alleged gang member's swipe passcode
IT WORLD
SonicWall Buy Signals Dell's Security Ambitions
Dell branches further into security with purchase of security appliance and UTM vendor SonicWall, after previous acquisitions of SecureWorks and Kace
USA TODAY
Caller ID Spoofing Scams Aim For Bank Accounts
Phone-calling scams that steal online banking credentials are on the rise using Caller ID spoofing: In the second half of 2011, Pindrop Security detected more than 1 million fraudulent calls, including 189,439 in December, a 52 percent surge from July
AVAST BLOG
iYogi Support Service Removed
Avast has dropped iYogi as its phone support service for users after reports and confirmation that iYogi service representatives appear to have attempted to increase its sales for a premium support service by falsely leading some users to believe they had other problems on their machines
THE NEXT WEB
Anonymous Claims That The Operating System, 'Anonymous-OS' Is Fake
One of the Anonymous Twitter accounts said that the Anon OS that was recently released does not belong to the hacktivist collective and is a fake software program filled with Trojans -- it has already been downloaded more than 20,000 times in less than four days
ESET BLOG
Google's Data Mining Bonanza And Your Privacy
A look at how much data about its users Google has the potential to mine and questions of privacy
KREBS ON SECURITY
Hackers Offer Bounty For Windows RDP Exploit
A website where independent and open-source software developers can hire one another promises to award at least $1,435 to the first person to develop a working exploit for a newly Remote Desktop Protocol flaw in Windows
BROOKINGS INSTITUTION
Cybersecurity And U.S.-China Relations
In order for the U.S. and China to build a stronger relationship, they must deal with the sticky issue of cybersecurity
INFOSEC ISLAND
Yet Another Chinese-Based Targeted Malware Attack
Targeted attack that uses tensions between West and Iran as a lure to get victims to open infected Word file
COMPUTERWORLD
Tennessee Insurer To Pay $1.5 Million For Breach-Related Violations
BlueCross BlueShield will pay HHS for HIPAA violations tied to 2009 breach that exposed data on 1 million members
MSDN BLOG
Enhanced Memory Protections In IE10
Internet Explorer 10's memory protection features make vulnerabilities harder to exploit in the browser
THREAT POST
Mozilla Releases Firefox 11, Fixes Pwn2Own Bug
Mozilla issued Firefox 11 and acknowledged that the flaw researchers used in the Pwn2Own contest last week was a "memory safety" issue in the array.join function -- something Mozilla had been working fixing
NAKED SECURITY BLOG
US Army Warns About The Risks Of Geotagging
The U.S. Army warns that soldiers and others are exposed by geotagging online, and the British Army has banned the use of mobile phones in operational zones, such as Afghanistan, cautioning soldiers against taking pictures on smartphones
INFOWORLD
Google's Trap For Chrome Exploit Writers Leads To Crashes For Users
Flash exploit mitigation recently built into Chrome by Google to detect and block Flash Player exploits ended up breaking certain Flash-based applications and games for some users
GOOGLE BLOG
Host Resolution In Chromium
In a move that could affect users' online privacy, Google has announced that its Chrome browser will bypass a user system's DNS preferences
THE WALL STREET JOURNAL
Your Posts Can Be Used Against You
Job seekers should be aware that human-resources departments use online searches to vet candidates, and rules are still unclear for how workers should use social media
THE NEW YORK TIMES
New Interest In Hacking As Threat To Security
A major spike in hacking attacks on networks and computers of all types, including critical infrastructure systems, during October 2011 through February 2012 appears to have prompted more intense interest in Congress to pass tougher legislation for new standards for breaches that could incur casualties or economic fallout
BBC
Former Hacker Explains Why Websites Are Targeted
BBC Radio 5 Live's Double Take asked former hacker and online security expert about who hackers are and how much of a risk they pose to government and businesses
HILLICON VALLEY
Obama And Cameron Pledge To Work Together On Cybersecurity
President Obama and U.K. Prime Minister David Cameron have agreed to share information about cyberattacks and to work together to defend against attacks on privacy and government systems
SC MAGAZINE
White House Appoints New Federal CTO
President Obama has named Todd Park as the federal government's new chief technology officer as a replacement for Aneesh Chopra, who resigned last month
THE SMOKING GUN
Hacker-Turned-FBI Informant "Sabu" Ditches Manhattan Court Appearance, Remains In Hiding
Sabu/Hector Monsegur's case for his misdemeanor criminal charge for impersonation was called Tuesday morning at Manhattan Criminal Court, but he did not show and the case was adjourned for an arraignment next month
CSO ONLINE
Ukraine Seen As A Growing 'Haven For Hackers'
An information security official at the Security Service of Ukraine has admitted that: "Ukrainian hackers are well-known in the world. Our country is a potential source of cyber threats to other countries"
KREBS ON SECURITY
Hacked Inboxes Lead To Bank Fraud
Hacked and phished email accounts increasingly are serving as tools for bank fraud schemes targeting small businesses
SECURITY NEWS DAILY
Pro-American Hacker's Attack Threatens Ro Expose Anonymous
Self-described patriotic hacker "The Jester" claims to have broken into smartphones belonging to Anonymous leaders and passed incriminating text messages, emails, address books, and other data to the authorities
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- Endpoint Security: End user security requires layers of tools and training as employees use more devices and apps.
- Security Isn't A Piece Of Cake: It's time we rethink the conventional wisdom about security layering.
- BYOD Is Here To Stay: Trying to keep employees' devices off the network is futile.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-3744
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2400.
CVE-2013-3743
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 45 and earlier and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT.
CVE-2013-2473
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, and CVE-2013-2472.
CVE-2013-2472
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, and CVE-2013-2473.
CVE-2013-2471
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2469, CVE-2013-2470, CVE-2013-2472, and CVE-2013-2473.