Best Of Web
Best Of The Web
REUTERS
Romania Believes Rival Nation Behind Miniduke Cyber Attack
Romania secret service says another foreign state was behind the targeted attack that hit its national security institutions as well as NATO and other European countries
SC MAGAZINE
RSA Conference: FBI Calls For Collaboration Between Government Departments And Private Sector
FBI director Robert Mueller says working with the private sector and ensuring U.S. government departments work together are key to thwarting future attacks
CNN
Hayden: Chinese Cyber Theft 'On Unprecedented Scale'
Says all nations spy, but U.S. and others don't steal trade secrets, just secrets to keep U.S. safe
THREAT POST
The Java Zero-Day Procession Continues
FireEye security researchers confirmed yesterday that they found yet another zero-day vulnerability in Java 6 Update 4 and Java 7 Update 15, along with attacks in the wild
SEARCHSECURITY
DHS Cybersecurity Boss Pushes 'Cyber 911', New Voluntary Standards
Mark Weatherford, deputy undersecretary for cybersecurity at the Department of Homeland Security at RSA shared his strategy for using the capabilities and influence of DHS to improve national cybersecurity
WIRED
Flame Windows Update Attack Could Have Been Repeated In 3 Days, Says Microsoft
Microsoft Security Respones Center director says Microsoft had about 12 days to fix flaws before less sophisticated attackers duplicated the attack
COMPUTERWORLD
IT Security Managers Too Focused On Compliance, Experts Say
'Check-the-box' mentality is causing companies, government agencies to overlook real threats
EWEEK
RSA Conference: Embrace Big Data Analytics For Security, Coviello Says
Art Coviello, executive chairman of EMC's RSA security division, says big data analytics will push organizations toward intelligence-driven security
THREAT POST
Anti-Tibetan Attack Stems From Nvidia Abuse, Old RTF Vulnerability
A series of targeted attacks use a signed Nvidia application for dropping a backdoor that lets attackers root their way through the systems of Tibetan sympathizers
CHRISTIAN SCIENCE MONITOR
Exclusive: Cyberattack Leaves Natural Gas Pipelines Vulnerable To Sabotage
A government report says a cyberattack against 23 natural gas pipeline operators stole crucial information that could compromise security -- experts strongly suspect China's military
SEARCH SECURITY
RSA 2013: Charney Optimistic About The Future Of Information Security
Scott Charney, corporate vice president of Trustworthy Computing at Microsoft, in his keynote at RSA Conference 2013 said the future of information security looks good
REUTERS
China Says U.S. Routinely Hacks Defense Ministry Websites
Two Chinese military websites were hit by 144,000 hacking attacks a month last year, almost two-thirds of which came from the U.S. the Chinese defense ministry said today
PC MAGAZINE
RSA: We Are Living In A 'Cyber Warm War'
There's a cold war, where there's only digital espionage moving between states, and then there's a hot war, a catastrophic event
SECURITY LEDGER
Bit9: 32 Pieces Of Malware Whitelisted In Targeted Hack
Bit9 this week said the attack against its systems were part of a larger operation that was aimed a firms in a 'very narrow market space' to gather intelligence
CRN
CERT: Insider Threats Can Have Costly Security Consequences
Most insider fraud cases involve lower-level support employees such as help desk personnel or bank tellers who conspire with outsiders
THREAT POST
MiniDuke Espionage Malware Hits Governments In Europe Using Adobe Exploits
Researchers have discovered new cyberespionage malware that targets a patched sandbox-bypass vulnerability in Adobe Reader and is targeting government victims in 23 countries, mainly in Europe
THE REGISTER
Anonymous Leaks 'Bank Of America Secrets' In Spy Revenge Hack
The Anonymous Intelligence Agency (Par:AnoIA) has leaked 320 MB of emails and other information that suggests Bank of America is running an online intelligence gathering operation against hacktivists
PC WORLD
Third Time's The Charm? Adobe Patches Even More Critical Flash Vulnerabilities
Adobe released yet another security patch for Flash player that fixes critical vulnerabilities that would allow attackers to take control of affected computers -- targeted attacks have been spotted in the wild
NETWORK WORLD
RSA 2013: Keynotes Highlight State Of Optimism And Fear
RSA Conference 2013 keynote themes emphasized that while there have been plenty of security failures in recent years, all is not lost in the battle to regain control over IT systems and data
EWEEK
McAfee Will Add Malware Sandboxing To Its Securityware
AV firm has acquired the ValidEdge sandboxing technology from LynuxWorks to augment its anti-malware portfolio
COMPUTERWORLD
Facebook To Fix Bug Leaking Users' Phone Numbers
Facebook has patched a bug in its API that leaked users' phone numbers to app developers
TECH WORLD
McAfee And Check Point Turn To Sandboxing To Fend Off APTs
McAfee shows off ValidEdge acquisition
THREAT POST
Latest Kelihos Botnet Shut Down Live At RSA Conference 2013
Third iteration of well-known botnet is shuttered in front of a an audience at conference
ADOBE
Security Updates For Adobe Flash Player
Updates correct new vulnerabilities found in Flash
HELP NET SECURITY
HTC Agrees To Fix Vulnerabilities Found In Millions Of Its Devices
HTC America will settle FTC charges that it failed to secure its Android devices properly due to bugs that left sensitive information at risk for its customers
NETWORK WORLD
Start-Up Tracks Risky Security Behavior In The Cloud
Skyhigh's cloud service call detect rogue cloud use in enterprise, risky employee behavior
THE REGISTER
McAfee Dumps Signatures And Proclaims An (Almost) End To Botnets
McAfee has said it's adapting its security suite to behavioral-based technology to detect botnets
EWEEK
Cyber-Attackers Most Often Target Nine Business Apps: Research Report
New analysis of exploit traffic inside corporate networks found that social networks account for few attacks, while 97 percent of exploit traffic focused on 10 applications, nine of which were critical business applications
CROWDSTRIKE BLOG
CrowdStrike Falcon Unveiled: The Power Of The Platform
One year after its official launch, CrowdStrike has now released a beta version of its big data-based security platform called Falcon aimed at raising the cost of attacks for the bad guys and offering stronger defense
ARS TECHNICA
Java's Latest Security Problems: New Flaw Identified, Old One Attacked
Flaw in latest Java version allows bypass of Java security sandbox
REUTERS
Analysis: The Near Impossible Battle Against Hackers Everywhere
More organizations are getting 'owned,' but even so, cyberattacks remain underdisclosed
THREAT POST
Microsoft Azure Cloud Storage Suffers Major Outage Over Expired SSL Certificate
Microsoft's public cloud storage service suffered a global outage due to a lapsed security certificate last week
CSO ONLINE
NBC.com Hacked To Serve Up Banking Malware
NBC's website, as well as that of Jimmy Fallon's and Jay Leno's sites, yesterday were found serving up malware intended to steal online banking credentials
GCN
China's Cyber Spying: Time For A Cold War Response?
Diplomatic pressure and economic sanctions backed by intelligence could make it politically difficult for China to continue cyberspying, so this Cold War strategy could work
SOFTPEDIA
Central Hudson Gas & Electric Hacked, 110,000 Customers Affected
New York utility says customer information may have been compromised in the wake of a hack into its network
BANK INFOSECURITY
New DDoS Warning Issued By Regulator
The National Credit Union Association has alerted its member institutions about the wave of DDoS attacks and how to protect themselves
SANS INTERNET STORM CENTER
SSHD Rootkit In The Wild
An SSHD rootkit hitting mainly RPM based Linux distributions is actually a nasty, Trojanized library
TRUSTWAVE BLOG
Trustwave TrustKeeper PCI Scan Notification -- Phishing ALERT
Trustwave says individuals have been reporting receiving fake emails purported to be from Trustwave that contain malicious URLs
THREAT POST
Chrome 25 Fixes Nine High-Risk Vulnerabilities
Google has fixed nine serious bugs in Chrome 25, which also also disables the MathML implementation in the browser due to security concerns with it
THE GUARDIAN
LulzSec's 'Sabu' Has Sentencing Postponed -- But Could Face 124 Years
Hector Xavier Monsegur, who led the LulzSec hacking crew as "Sabu" ended up working as a double-agent for the FBI
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
- Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-3496 (vipnet_client, vipnet_coordinator, vipnet_personal_firewall, vipnet_safedisk)
Infotecs ViPNet Client 3.2.10 (15632) and earlier, ViPNet Coordinator 3.2.10 (15632) and earlier, ViPNet Personal Firewall 3.1 and earlier, and ViPNet SafeDisk 4.1 (0.5643) and earlier use weak permissions (Everyone: Full Control) for a folder under %PROGRAMFILES%\Infotecs, which allows local users to gain privileges via a Trojan horse (1) executable file or (2) DLL file.
CVE-2013-2849 (chrome)
Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome before 27.0.1453.93 allow user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) drag-and-drop or (2) copy-and-paste operation.
CVE-2013-2848 (chrome)
The XSS Auditor in Google Chrome before 27.0.1453.93 might allow remote attackers to obtain sensitive information via unspecified vectors.
CVE-2013-2847 (chrome)
Race condition in the workers implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via unknown vectors.
CVE-2013-2846 (chrome)
Use-after-free vulnerability in the media loader in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2013-2840.