Best Of Web
Best Of The Web
ASSOCIATED PRESS
Iowa GOP Worried By Hacker Threat To Caucus Vote
In the wake of a threat allegedly from Anonymous, the Iowa Republican Party is tightening security of the electronic systems it will use to count the first votes of the 2012 presidential campaign
BLOOMBERG
Juniper Networks Sues Palo Alto Networks Over U.S. Patents
Juniper Networks has filed a lawsuit claiming that Palo Alto Networks infringed on six of its U.S. patents for firewall technology
INTERNET NEWS
Microsoft Issues 13 Security Bulletins For December
Microsoft's Patch Tuesday includes 13 bulletins -- but does not include a fix for 'The Beast' SSL issue
THE NEW YORK TIMES
Digital Data On Patients Raises Risk Of Breaches
As patient records have been digitized, health data breaches have surged
NVISIUM SECURITY
Kindle Fire Security, Part III: Making Purchases With A Deregistered Device
Amazon will issue a fix by month' end for a newly discovered security flaw in Kindle Fire that allows anyone with access to the device to continue purchasing via the Amazon store for three days after deregistering devices
MCAFEE BLOG
Zeus Spam Changes Tactics
A new malicious spam campaign spreads password-stealing Trojans associated with the Zeus/Zbot family
TEAM SHATTER
Gamers: Hackers Latest Hot Target
Gaming companies need to redirect IT security efforts away from the network perimeter and start putting protections around the databases that house customer information and intellectual property
EWEEK
Cisco: Younger Employees Ignore IT Policies, Don't Think About Security
Younger employees tend to ignore IT policies and don't think corporate IT security is their responsibility at all, according to a recent Cisco report.
WIRED
Forensic Examiner Found No Match Of Cables On Manning's Laptop To WikiLeaks
A government forensics expert who yesterday testified that he had discovered thousands of diplomatic cables on the Army computer WikiLeaks source suspect Bradley Manning said under cross-examination that none of the cables that he compared to those released by WikiLeaks actually matched
THREAT POST
Report: UK Newspaper Computer Hacking Could Be As Widespread As Phone Hacking
A BBC report indicates a widening probe into alleged computer hacking by reporters at Rupert Murdoch's News of the World
THE REGISTER
'Self-Aware' Bank Account Robbing Code Unleashed By Hacker
A hacker has published code for a high-powered cross-site scripting (XSS) attack that lets attackers put up content on a trusted site
CHRISTIAN SCIENCE MONITOR
Exclusive: Iran Hijacked US Drone, Says Iranian Engineer
An Iranian engineer says the country's engineers exploited a known GPS vulnerability in the RQ-170 Sentinel that tricked the drone into landing in Iran
THREAT POST
Adobe To Patch Reader Zero Day On Friday
Adobe was set to release an out-of-band patch today for the zero-day vulnerability in its Reader and Acrobat applications on Windows being used in targeted attacks
BANK INFOSECURITY
POS Fraud: How Hackers Strike
The case of Romanian suspects indicted by the U.S. Department of Justice earlier this month for their alleged connection to a multimillion-dollar point-of-sale fraud scheme used war-driving
THE WASHINGTON POST
China's Cyberwar
A look at China's mostly invisible but massive cyberwar against the U.S. to steal most sensitive military and economic secrets -- � and how relatively little is being done about it despite the high stakes
M86 SECURITY LABS
Prevalent Exploit Kits Updated With A New Java Exploit
M86 Security Labs found that the Blackhole exploit kit version 1.2.1, Phoenix exploit kit 3.0, and Metasploit, were outfitted with a an exploit for a new Java vulnerability
IT BUSINESS
Bahn, Supplier Of Hotel Internet Services, Denies Breach
Bahn -- which provides Internet service to 3,000 hotels worldwide -- denied reports that its network was infiltrated by hackers out of China
GOV INFOSECURITY
White House Unveils Cybersecurity R&D Plan
Program calls for research must be aimed at underlying cybersecurity deficiencies and root causes of vulnerabilities
PACKETSTORM SECURITY
GlobalSign Confesses To Certificate Attack
The certificate authority says it was targeted, but its systems and certificates were not compromised
TECHNOLOGY REVIEW
Seven Ways To Get Yourself Hacked
Among the dangers are running Windows XP and using kiosk computers at hotels, airports, libraries, and "business centers"
BETA BEAT
As Banks Start Nosing Around Facebook and Twitter, The Wrong Friends Might Just Sink Your Credit
Micro-lending startup calls itself "the first credit scoring service that uses your online social network to assess credit"
INFOSEC ISLAND
Army Officially Activates First Dedicated Cyber Brigade
The U.S. Army last week launched its new 780th Military Intelligence Brigade, which will support U.S. and Army Cyber Commands with their missions "to provide a proactive cyber defense"
WIRED
Congress Authorizes Pentagon To Wage Internet War
The House and Senate gave the U.S. military the power to conduct "offensive" strikes online, as part of a provision in the military's 2012 funding bill
THREAT POST
Internet Pioneers, Security Experts Send Letter To Congress Blasting SOPA
Steve Bellovin, Paul Vixie, Vint Cerf, Jon Callas, Tony Li, Robert W. Taylor, Esther Dyson and Fred Baker, and others, signed a letter to Congress criticizing the SOPA and PIPA bills and asking lawmakers not to pass the legislation
THE WASHINGTON TIMES
U.S. Authorities Probing Alleged Cyberattack Plot By Venezuela, Iran
U.S. officials are investigating reports that Iranian and Venezuelan diplomats in Mexico helped plan cyberattacks against U.S. targets, including nuclear power plants
INFOSEC ISLAND
Windows Phone Denial Of Service Attack Vulnerability
Newly discovered flaw would late an attacker use an SMS text or Facebook chat message to disable the Windows Phone Messaging Hub , according to Winrumors.com
THE REGISTER
York CompSci Student Pleads Guilty To Facebook Hack
Social network wet pants in fear of industrial espionage
COMPUTERWORLD
Microsoft Scratches BEAST Patch At Last Minute, But Fixes Duqu Bug
Software giant admits Duqu-like browser-based attacks are possible
HELP NET SECURITY
A New Perspective On The Insider Threat
Employees who are fooled--and don't report it--could be just as dangerous as malicious insiders, expert says
SANS INSTITUTE
SANS Seeks Participants For Log And Event Management Survey
Study will show trends in the use of security logs and SEM tools
NATIONAL CYBERSECURITY
FBI Nabs Another Alleged Anonymous Member
Twenty-four-year-old is charged with waging denial of service attack against KISS rock star Gene Simmons
CRN
Cybercriminal Attack Strategy Shifting To Corporate Networks
Spam, botnets giving way to more lucrative corporate espionage, researchers say
BUSINESSWEEK
China-Based Hacking Of 760 Companies Shows Cyber Cold War
Hack of iBahn network might have exposed data of millions of users, experts say
ZDNET
Top Ten Security Worries For 2012
Small businesses could suffer even more attacks in the coming year, study says
PC WORLD
Three Bulgarians Arrested In Connection With Phishing Scheme Against U.S. Banks
Gang sent emails that appeared to originate from major U.S. banks
CTO LABS.COM
NSA Launches New Crypto Mobile Game App
Outreach efforts designed to attract young adults to support cybersecurity initiatives
THE REGISTER
Espionage Hack Attack Preys On Chemical Firms
Nitro Part II spotted in the wild; malware attack targets dozens of companies
BANK INFO SECURITY
Heartland Breach: Claims Dismissed
Court denies compensation to institutions
SYMANTEC
Nitro Attackers Have Some Gall
Attackers infect users with Poison Ivy by promising a download of Symantec software that defends against Poison Ivy
THREAT POST
Carrier IQ Says Bug Can Cause Some SMS To Be Recorded In Coded Form
Document outlines how intelligence-gathering software is deployed
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
- HP Newsletter with Gartner Research: Maximizing Your Infrastructure through Virtualization
- Understanding Holistic Database Security 8 Steps to Successfully Securing Enterprise Data Sources
- A How-To Guide on Using Cloud Services for Security-Rich Data Backup
- Holistic Risk Management: Perspectives from IT Professionals
- Aligning IT with strategic business goals: A proactive approach to managing IT risk to your business
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
- Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2012-4697
TURCK BL20 Programmable Gateway and BL67 Programmable Gateway have hardcoded accounts, which allows remote attackers to obtain administrative access via an FTP session.
CVE-2011-4520
Heap-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page.
CVE-2011-4519
Stack-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page.
CVE-2011-4518
Directory traversal vulnerability in the PmWebDir object in the web server in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2012-6563
engine/lib/access.php in Elgg before 1.8.5 does not properly clear cached access lists during plugin boot, which allows remote attackers to read private entities via unspecified vectors.