Best Of Web
Best Of The Web
ROME REPORTS
Hackers Strike The Vatican's Website...Again. Vatican Radio Is Also Targeted
Hackers associated with Anonymous have hit the Vatican�s website again as well as Vatican Radio via database and posting journalists' names and passwords
THE HACKER NEWS
Hacker Exposes 40,000 Credit Cards From Digital Playground
A new hacking group called The Consortium has broken into the porn site Digital Playground and apparently has stolen 72,000 usernames and passwords and 40,000 credit-card numbers.
V3
Malware Writers Hijack SIM Data For Mobile Bank Scam
Security firm Trusteer has spotted a series of attacks that either steal or convince users to hand over the international mobile equipment identity number on their handsets, and the information is then used to obtain a SIM card connected to the account and to grab online banking credentials
INFOSEC ISLAND
FTC Says Tax Fraud Is On the Rise And Here's Why
Tax and wage-related fraud accounted for 24 percent of consumer complaints last year -- that has doubled since 2009 -- and in the five states with the highest level of identity theft, tax-and wage-related fraud was about one-third or more of the consumer ID theft complaints
SECURITY WEEK
Secunia Slams Apple Over Vulnerability Handling, Publicizes Safari Flaws
Secunia published two Safari flaws and says it went public with them because Apple has remained silent about them for more than six months
HELP NET SECURITY
New P2P Botnet Soon Available For Sale
The development of a new botnet that will rely on a decentralized architecture based on P2P technology is nearing completion and will soon be offered for sale for a sum of $8,000 on a number of underground hacking forums
CNN MONEY
LinkedIn Is A Hacker's Dream Tool
Security experts say LinkedIn could be a key tool for cyberespionage spear-phishing attacks, demonstrating potential scenarios of attack
GOOGLE INSIDE SEARCH BLOG
Bringing More Secure Search Around The Globe
Google over the next few weeks will begin rolling out SSL/HTTPS to its search page and results
ZDNET BLOG
Chinese Spies Used Fake Facebook Profile To Friend NATO Officials
Chinese cyberspies created a fake Facebook profile of U.S. Navy admiral James Stavridis and successfully friended various NATO officials, getting access to their personal data
ISC SANS DIARY
An Analysis Of Jester's QR Code Attack
Hacker Th3J35t3r claims to have successfully targeted and grabbed personal information from members of Anonymous, LulzSec, and AntiSec using a QR code in his Twitter account icon that served as a lure for potential victims
TEAM SHATTER BLOG
It's Back: March Madness Meets Higher Education Data Breach "Brackets"
The Second Annual Higher Education Data Breach Madness Brackets shows that 48 institutions were hit by breaches, with Virginia Commonwealth University at No.1 with the biggest breach of 176,567 records last year
ASSOCIATED PRESS
Serbia Arrests Member Of Anonymous Hacking Group
Serbian authorities have arrested a member of the Anonymous hacking group in the Balkan country
THE DAILY MAIL
Study Finds 50 Per Cent Of Americans Won't Return Lost Smartphones -- And Most Will Rifle Through Your Personal Information
Symantec left 50 smartphones planted around busy cities in the U.S. and Canada as an experiment and found that half of Americans would not return a lost cell phone, and even more would access personal information, including passwords, online banking information, and e-mails
READ WRITE WEB
Security Leaders: How Can Something This Dumb Be Called A "Smart Grid?"
Former assistant secretary for policy at the Department of Homeland Security in a new book criticizes the relative state of readiness and resilience of the computer equipment protecting America's energy distribution networks and industrial control systems
INTERNATIONAL BUSINESS TIMES
Anonymous And FBI's OpAntiSec War Is Hurting Civilians: Analyst
Some analysts say that the "war" between Anonymous and the FBI is only hurting the people the two organizations claim to be helping
THE WASHINGTON POST
China Testing Cyber-Attack Capabilities, Report Says
A new congressional report says Chinese military officials have talked about conducting cyberwarfare and are testing attack capabilities during exercises, but would likely target transportation and logistics networks first
THE NEW YORK TIMES
Hacker, Informant And Party Boy Of The Projects
Profile of "Sabu" found he was raising the two young children of his imprisoned aunt in a public housing project, paying bills with stolen credit cards, selling drugs, playing loud music late at night, and offering to use his hacking skills to help neighbors with their credit ratings
INTERNATIONAL BUSINESS TIMES
Anonymous And FBI's OpAntiSec War Is Hurting Civilians: Analyst
Some analysts say that the "war" between Anonymous and the FBI is only hurting the people the two organizations claim to be helping
THREAT POST
Mobile Security Research Rife With Legal Pitfalls
One big problem is research on mobile devices doesn't just just pertain to a single vendor: An Android may be manufactured by one company, have software from another, and service from a third party
RAPID 7 BLOG
Adobe Flash And The Iranian Nuclear Program
Metasploit now has a working, general purpose exploit for the brand new Adobe Flash vulnerability exploited in the recent "Iran's Oil and Nuclear Situation.doc" email attack campaign spotted by Contagio on March 5
THE REGISTER
Researchers Find MYSTERY Programming Language In Duqu Trojan
Researchers ask for help in identifying unknown programming language
COMPUTERWORLD
Chrome Succumbs To Pwn2Own Contest Hack
Google's "Pwnium" snares a Chrome sandbox-escape exploit with a $60,000 bait
THREAT POST
Chats, Car Crushes And Cut 'N Paste Sowed Seeds Of LulzSec's Demise
Bad blood within the ranks of Anonymous, coupled with a series of small errors, provided clues that led investigators to group�s leaders
ZDNET
Charlie Miller Skipping Pwn2Own As New Rules Change Hacking Game
Annual hacker contest troubled by new rules, controversy over disclosure
INFOWORLD
Do IT Execs Know Sensitive Data When They See It?
Tech officials at a quarter of firms surveyed say they have 'limited or no understanding' of data's sensitivity
ZDNET
FBI Warns Congress Of Terrorist Hacking
Terrorist groups may employ hackers to attack the United States, Mueller warns
BLOOMBERG
Obama To Simulate Cyber Attack On New York Power To Lobby Senate
Simulated power grid hack designed to drum up support for cybersecurity legislation
SECURELIST
DNSChanger -- Cleaning Up 4 Million Infected Hosts
Disinfection will take time, expert warns
H ONLINE
Android Anti-Virus Software Is Frequently Unreliable
AV-Test found only seven Android AV products achieving a detection rate of 95% percent or more and 24 with rates below 65 percent
ICSA LABS
Sponsored Ads Serving Up Scams On Facebook
A look at what appears to be an Amazon ad, but instead takes the user to a page that hides its owner via a proxy service
ARS TECHNICA
"Everything Incriminating Has Been Burned": Anons Fight Panic After Sabu Betrayal
"Avunit," the last of the original LulzSec members who has not yet been caught, doesn't know whether he faces charges and is preparing to leave Anonymous altogether after literally burning all evidence of his activities with the group
WIRED
Researchers Seek Help In Solving DuQu Mystery Language
Kaspersky Lab researchers are asking for help in identifying the thus far unknown language with which the communications module of Duqu was written
RATIONAL SURVIVABILITY
Funny Thing Happened On My Way To Malware Removal...
The blog was infected in the wake of the Dreamhost password compromise in January, via an automated injection of malicious PHP code into a plug-in directory that had poor permissions
GAWKER
'I'm Not Scared of Jail': My Phone Call With Sabu, The FBI's Anonymous Informant
Reporter details his phone conversation with Sabu last year where he may have been attempting to spread disinformation via the FBI
ARBOR BLOG
Analysis Of The Crypto Used By The Trojan.Khan DDoS Bot
The DDoS botnet obfuscates its command and control URLs using a custom crypto algorithm
THE REGISTER
The One Tiny Slip That Put Lulzsec Chief Sabu In The FBI's Pocket
The alleged LulzSec kingpin Hector Xavier Monsegur was discovered by the FBI after he made the mistake of logging into an IRC chat server without using the Tor anonymization service, according to Errata Security
CHICAGO TRIBUNE
Chicago Man, 27, Charged In Cyberattack
Jeremy Hammond tells federal authorities he is a member of AntiSec
COMPUTING.CO.UK
Companies Ignoring Threat From Meeting Room Hackers, Warns Security Expert
Conference room spies may be listening in to private conversations, Zscaler's Sutton warns
THREATMETRIX
ThreatMetrix Labs Report February 2012 -- Man-In-The-Browser: Apple Mac OSX Edition
Second in a series of reports on now to launch MiB attacks on Apple devices
THE AGE
Irish Email Blunder Led To FBI Leak
An Irish police officer's email mistake led to leak of conference call between FBI and Scotland Yard
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
- Three Principles to Improve Data Security and Compliance
- Aligning IT with strategic business goals: A proactive approach to managing IT risk to your business
- Connecting the Dots: Are You Seeing the Complete Big Data Picture?
- How crowdsourced testing has changed the game for innovative software companies
- Ensuring Your Apps Work in the Real World
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
- Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-3562
Multiple integer signedness errors in the tvb_unmasked function in epan/dissectors/packet-websocket.c in the Websocket dissector in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (application crash) via a malformed packet.
CVE-2013-3561
Multiple integer overflows in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (loop or application crash) via a malformed packet, related to a crash of the Websocket dissector, an infinite loop in the MySQL dissector, and a large loop in the ETCH dissector.
CVE-2013-3560
The dissect_dsmcc_un_download function in epan/dissectors/packet-mpeg-dsmcc.c in the MPEG DSM-CC dissector in Wireshark 1.8.x before 1.8.7 uses an incorrect format string, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
CVE-2013-3559
epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.8.x before 1.8.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (integer overflow, and heap memory corruption or NULL pointer dereference, and application crash) via a malformed packet.
CVE-2013-3558
The dissect_ccp_bsdcomp_opt function in epan/dissectors/packet-ppp.c in the PPP CCP dissector in Wireshark 1.8.x before 1.8.7 does not terminate a bit-field list, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.