Best Of Web
Best Of The Web
CSO ONLINE
Can Corporate Hacking Have A Bright Side?
Stratfor hack might be a wake-up call for the industry
HELP NET SECURITY
The Decline Of Trust In Social Networking Platforms
Cloudmark study says consumers are worried about security threats to popular platforms
WDTV
Spammers Use Election To Target Your Bank Account
Legitimate-looking election emails are really phishing attacks, authorities say
THE REGISTER
Panda Cops Anonymous Retribution
Defacing of website appears to be backlash for Lulzsec arrests
SEARCHSECURITY
OpenDNS Hires Websense CTO To Guide Enterprise DNS Security Services
DNS services provider OpenDNS is laying the groundwork for a variety of DNS layer security services and products aimed at enterprises
THREAT POST
The Security Game Needs To Change
Frustation was clear at RSA as industry is wondering whether there's any change or improvement on the horizon as security approaches have failed
WIRED
Is Antivirus Software A Waste Of Money?
Several security experts don't run antivirus software because they feel if someone is going to try and attack them, they're likely to use a new technique, one that most antivirus products will miss
SYMANTEC
Anonymous Supporters Tricked Into Installing Zeus Trojan
On the day of the MegaUpload raid, an attacker modified a Pastebin guide used by Anonymous for denial-of-service tools and injected a Trojanized version of the Slowloris tool
NETWORK WORLD
FBI: Cyberattacks Could Shove Aside Terrorism As No. 1 Threat To US
Terrorism remains the FBI's top priority, but FBI director says he expects cyberthattacks to usurp that in the near future
TORRENT FREAK
Police Censor Google, Facebook And 8,000 Other Sites By Accident
Thousands of websites were blocked at the DNS level yesterday for Danish users due to "human error" by the High Tech Crime Unit
DVLABS BLOG
Pwn2Own 2012 And Google Pwnium
ZDI responds to Google's withdrawl of sponsorship of this year's Pwn2Own contest and plans for a similar contest focused solely only on its products
PC WORLD
Concern Rises Over The Capabilities Of Anonymous Hacktivists
Hacktivist group openly discusses potential threats to Internet DNS, power grid
FOX NEWS
Internet Outage At The Pentagon
Defense Information Systems Agency says downtime is not the result of a cyberattack
THE REGISTER
FBI Boss Warns Online Threats Will Outpace Terrorism
In the not-too-distant future, cyber will become the No. 1 threat to the U.S., Mueller says
THREAT POST
Debate Over Active Defense And Hacking Back Crops Up At RSA
Former intelligence officials and technologists say offensive defense need to differentiate between retaliating against a known attacker and using offensive techniques to deter a potential attacker
NETWORK WORLD
Microsoft's Azure Cloud Suffers Serious Outage
Microsoft's Azure cloud infrastructure and development service went down on Wednesday after its service management component experienced a serious outage worldwide
SEARCH SECURITY
Research Into Cryptographic System Limitations Crucial, RSA Panel Says
Cryptographer's Panel at RSA concluded that while the cryptosystems have remained unbroken for years, researchers are doing key work by testing these technologies
CIO
NTIA: Mobile Privacy May Be A Top Priority In New Push
The National Telecommunications and Information Administration solicits public comments as it begins to write privacy codes of conduct
CNET
In The World Of Big Data, Privacy Invasion Is The Business Model
Privacy invasion is the business model in the information economy as companies sell your information
WASHINGTON TECHNOLOGY
Mantech Deal Expands Cybersecurity Chops
In an a move to expand its cybersecurity capabilities, ManTech International Corp. plans to acquire HBGary
EWEEK
Google Privacy Policy Changes Coming Despite Regulatory Disdain
Google contends that its new privacy policy will quality of service to users, but critics say it's just another way for Google to target ads
CSO ONLINE
FBI Vows To Catch Insider Traders On Facebook And Skype
The FBI is upping its Operation Perfect Hedge investigations aimed at catching hedge funds and associates involved in illegal trading
INTERNET SOCIETY
ICANN Publishes List Of Domain Registrars Supporting DNSSEC
ICANN has released a list of domain name registrars that support DNSSEC and says the list may be relatively short, but it's a 'good start'
SOFTPEDIA
Security Holes Found In 25 'Verisign Trusted' Online Stores
A hacker has found multiple cross-site scripting (XSS) vulnerabilities in 25 online shops from the United Kingdom
SOURCEFIRE BLOG
Would You Like Some Malware With Your Recovery?
When AV fails, malware can inadvertently be spread to a company's data backup and cause reinfections when users restore their systems
ZDNET
Microsoft Partners With Good Technology For Encrypted Mobile Email
The Good for Enterprise app will be available for Windows Phones starting early in the second quarter of 2012
THE LA TIMES
Smartphone Security Gap Exposes Location, Texts, Email, Expert Says
A researcher with startup CrowdStrike says his team has converted a remote access tool out of China to take control over an Android smartphone
FORBES
WikiLeaks Tightens Ties To Anonymous In Leak Of Stratfor Emails
WikiLeaks announced that it will release 5.5 million emails from Stratfor in what it says will show Stratfor's involvement in monitoring activists and insider trading
THE WALL STREET JOURNAL
Tech Giants Agree To Deal On Privacy Policies For Apps
The state of California has reached an agreement with Apple, Google, Amazon, Microsoft, HP, and RIM over privacy issues in the mobile market
BANK INFOSECURITY
ATM Crime Boss Sentenced
An alleged Bulgarian crime boss who pleaded guilty to heading up several ATM-skimming attacks in the U.S. was sentenced to 41 months in prison
THE REGISTER
New Password-Snatching Mac Trojan Spreading In The Wild
A new variant of a Mac-specific password-snatching Trojan has been spreading in the wild that at first tries to install via Java vulnerabilities
EWEEK
FCC: ISPs Need to Protect Users From Botnets, DNS Fraud, Cyber-Threats
ISPs, experts, academics, and others need to do more to protect users from botnets, IP hijacking, domain-name fraud, and other threats, FCC head says
THREAT POST
Video: Expert Proves Stuxnet's Link To Iran Nuclear Facilities
Ralph Langner shows how he isolated specific lines of code used in the Stuxnet attack that proves that it was written to attack the Iranian uranium enrichment facility in Natanz
ZDNET BLOG
XSS Flaw Discovered In Skype's Shop, User Accounts Targeted
A researcher has discovered cross-site scripting flaws in shop.skype.com and api.skype.com, which if exploited could let an attacker hijack the user�s session and steal the account
NAKED SECURITY
Activists Creating Decentralized Mesh Networks That Can't Be Blocked, Filtered Or Silenced
Activists are building alternative mesh networks, often called an "internet in a suitcase," in order to keep online access
SYMANTEC BLOG
Zeusbot/Spyeye P2P Updated, Fortifying The Botnet
The botnet was previously sending messages two and from the command and control servers, but is now doing so via the P2P network so any bot can serve as a C&C
CNN
U.S. Gears Up For Cyberwar Amid Conflicting Ideas On How To Fight It
Congress, former government officials and private sector experts often have conflicting ideas about how to address cyberwar
SCHNEIER ON SECURITY
Computer Security When Traveling To China
A China expert with the Brookings Institution says that when he travels to China, he leaves his cellphone and laptop at home and instead brings loaner devices, which he erases before he leaves the United States and wipes clean when he returns
REUTERS
WikiLeaks Suspect Manning Defers Plea, Court Martial Begins
Man accused of largest leak of classified documents in U.S. history faces life sentence
EWEEK
FCC: ISPs Need To Protect Users From Botnets, DNS Fraud, Cyber Threats
Internet stakeholders should do more to protect end users, commission says
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- How Hackers Fool Your Employees: People are your most vulnerable endpoint. Make sure your security strategy addresses that fact.
- Not All Or Nothing: Effective security doesn't mean stopping all attackers.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-3342 (acrobat_reader)
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 do not properly handle operating-system domain blacklists, which has unspecified impact and attack vectors.
CVE-2013-3341 (acrobat_reader)
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, and CVE-2013-3340.
CVE-2013-3340 (acrobat_reader)
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, and CVE-2013-3341.
CVE-2013-3339 (acrobat_reader)
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3340, and CVE-2013-3341.
CVE-2013-3338 (acrobat_reader)
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.