Best Of Web
Best Of The Web
ASSOCIATED PRESS
Iowa GOP Worried By Hacker Threat To Caucus Vote
In the wake of a threat allegedly from Anonymous, the Iowa Republican Party is tightening security of the electronic systems it will use to count the first votes of the 2012 presidential campaign
BLOOMBERG
Juniper Networks Sues Palo Alto Networks Over U.S. Patents
Juniper Networks has filed a lawsuit claiming that Palo Alto Networks infringed on six of its U.S. patents for firewall technology
INTERNET NEWS
Microsoft Issues 13 Security Bulletins For December
Microsoft's Patch Tuesday includes 13 bulletins -- but does not include a fix for 'The Beast' SSL issue
THE NEW YORK TIMES
Digital Data On Patients Raises Risk Of Breaches
As patient records have been digitized, health data breaches have surged
NVISIUM SECURITY
Kindle Fire Security, Part III: Making Purchases With A Deregistered Device
Amazon will issue a fix by month' end for a newly discovered security flaw in Kindle Fire that allows anyone with access to the device to continue purchasing via the Amazon store for three days after deregistering devices
MCAFEE BLOG
Zeus Spam Changes Tactics
A new malicious spam campaign spreads password-stealing Trojans associated with the Zeus/Zbot family
TEAM SHATTER
Gamers: Hackers Latest Hot Target
Gaming companies need to redirect IT security efforts away from the network perimeter and start putting protections around the databases that house customer information and intellectual property
EWEEK
Cisco: Younger Employees Ignore IT Policies, Don't Think About Security
Younger employees tend to ignore IT policies and don't think corporate IT security is their responsibility at all, according to a recent Cisco report.
WIRED
Forensic Examiner Found No Match Of Cables On Manning's Laptop To WikiLeaks
A government forensics expert who yesterday testified that he had discovered thousands of diplomatic cables on the Army computer WikiLeaks source suspect Bradley Manning said under cross-examination that none of the cables that he compared to those released by WikiLeaks actually matched
THREAT POST
Report: UK Newspaper Computer Hacking Could Be As Widespread As Phone Hacking
A BBC report indicates a widening probe into alleged computer hacking by reporters at Rupert Murdoch's News of the World
THE REGISTER
'Self-Aware' Bank Account Robbing Code Unleashed By Hacker
A hacker has published code for a high-powered cross-site scripting (XSS) attack that lets attackers put up content on a trusted site
CHRISTIAN SCIENCE MONITOR
Exclusive: Iran Hijacked US Drone, Says Iranian Engineer
An Iranian engineer says the country's engineers exploited a known GPS vulnerability in the RQ-170 Sentinel that tricked the drone into landing in Iran
THREAT POST
Adobe To Patch Reader Zero Day On Friday
Adobe was set to release an out-of-band patch today for the zero-day vulnerability in its Reader and Acrobat applications on Windows being used in targeted attacks
BANK INFOSECURITY
POS Fraud: How Hackers Strike
The case of Romanian suspects indicted by the U.S. Department of Justice earlier this month for their alleged connection to a multimillion-dollar point-of-sale fraud scheme used war-driving
THE WASHINGTON POST
China's Cyberwar
A look at China's mostly invisible but massive cyberwar against the U.S. to steal most sensitive military and economic secrets -- � and how relatively little is being done about it despite the high stakes
M86 SECURITY LABS
Prevalent Exploit Kits Updated With A New Java Exploit
M86 Security Labs found that the Blackhole exploit kit version 1.2.1, Phoenix exploit kit 3.0, and Metasploit, were outfitted with a an exploit for a new Java vulnerability
IT BUSINESS
Bahn, Supplier Of Hotel Internet Services, Denies Breach
Bahn -- which provides Internet service to 3,000 hotels worldwide -- denied reports that its network was infiltrated by hackers out of China
GOV INFOSECURITY
White House Unveils Cybersecurity R&D Plan
Program calls for research must be aimed at underlying cybersecurity deficiencies and root causes of vulnerabilities
PACKETSTORM SECURITY
GlobalSign Confesses To Certificate Attack
The certificate authority says it was targeted, but its systems and certificates were not compromised
TECHNOLOGY REVIEW
Seven Ways To Get Yourself Hacked
Among the dangers are running Windows XP and using kiosk computers at hotels, airports, libraries, and "business centers"
BETA BEAT
As Banks Start Nosing Around Facebook and Twitter, The Wrong Friends Might Just Sink Your Credit
Micro-lending startup calls itself "the first credit scoring service that uses your online social network to assess credit"
INFOSEC ISLAND
Army Officially Activates First Dedicated Cyber Brigade
The U.S. Army last week launched its new 780th Military Intelligence Brigade, which will support U.S. and Army Cyber Commands with their missions "to provide a proactive cyber defense"
WIRED
Congress Authorizes Pentagon To Wage Internet War
The House and Senate gave the U.S. military the power to conduct "offensive" strikes online, as part of a provision in the military's 2012 funding bill
THREAT POST
Internet Pioneers, Security Experts Send Letter To Congress Blasting SOPA
Steve Bellovin, Paul Vixie, Vint Cerf, Jon Callas, Tony Li, Robert W. Taylor, Esther Dyson and Fred Baker, and others, signed a letter to Congress criticizing the SOPA and PIPA bills and asking lawmakers not to pass the legislation
THE WASHINGTON TIMES
U.S. Authorities Probing Alleged Cyberattack Plot By Venezuela, Iran
U.S. officials are investigating reports that Iranian and Venezuelan diplomats in Mexico helped plan cyberattacks against U.S. targets, including nuclear power plants
INFOSEC ISLAND
Windows Phone Denial Of Service Attack Vulnerability
Newly discovered flaw would late an attacker use an SMS text or Facebook chat message to disable the Windows Phone Messaging Hub , according to Winrumors.com
THE REGISTER
York CompSci Student Pleads Guilty To Facebook Hack
Social network wet pants in fear of industrial espionage
COMPUTERWORLD
Microsoft Scratches BEAST Patch At Last Minute, But Fixes Duqu Bug
Software giant admits Duqu-like browser-based attacks are possible
HELP NET SECURITY
A New Perspective On The Insider Threat
Employees who are fooled--and don't report it--could be just as dangerous as malicious insiders, expert says
SANS INSTITUTE
SANS Seeks Participants For Log And Event Management Survey
Study will show trends in the use of security logs and SEM tools
NATIONAL CYBERSECURITY
FBI Nabs Another Alleged Anonymous Member
Twenty-four-year-old is charged with waging denial of service attack against KISS rock star Gene Simmons
CRN
Cybercriminal Attack Strategy Shifting To Corporate Networks
Spam, botnets giving way to more lucrative corporate espionage, researchers say
BUSINESSWEEK
China-Based Hacking Of 760 Companies Shows Cyber Cold War
Hack of iBahn network might have exposed data of millions of users, experts say
ZDNET
Top Ten Security Worries For 2012
Small businesses could suffer even more attacks in the coming year, study says
PC WORLD
Three Bulgarians Arrested In Connection With Phishing Scheme Against U.S. Banks
Gang sent emails that appeared to originate from major U.S. banks
CTO LABS.COM
NSA Launches New Crypto Mobile Game App
Outreach efforts designed to attract young adults to support cybersecurity initiatives
THE REGISTER
Espionage Hack Attack Preys On Chemical Firms
Nitro Part II spotted in the wild; malware attack targets dozens of companies
BANK INFO SECURITY
Heartland Breach: Claims Dismissed
Court denies compensation to institutions
SYMANTEC
Nitro Attackers Have Some Gall
Attackers infect users with Poison Ivy by promising a download of Symantec software that defends against Poison Ivy
THREAT POST
Carrier IQ Says Bug Can Cause Some SMS To Be Recorded In Coded Form
Document outlines how intelligence-gathering software is deployed
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- Endpoint Security: End user security requires layers of tools and training as employees use more devices and apps.
- Security Isn't A Piece Of Cake: It's time we rethink the conventional wisdom about security layering.
- BYOD Is Here To Stay: Trying to keep employees' devices off the network is futile.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-1612
Buffer overflow in secars.dll in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1.x before 12.1.3, and Symantec Endpoint Protection Center (SPC) Small Business Edition 12.0.x, allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2013-2866
The Flash plug-in in Google Chrome before 27.0.1453.116 does not properly determine whether a user wishes to permit camera or microphone access by a Flash application, which allows remote attackers to obtain sensitive information from a machine's physical environment via a clickjacking attack, as demonstrated by an attack using a crafted Cascading Style Sheets (CSS) opacity property.
CVE-2013-2969
Cross-site scripting (XSS) vulnerability in IBM Sterling Control Center (SCC) 5.2 before 5.2.0.9, 5.3 before 5.3.0.4, and 5.4 through 5.4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving invalid characters.
CVE-2013-2968
An unspecified buffer-read method in IBM Sterling Control Center (SCC) 5.2 before 5.2.0.9, 5.3 before 5.3.0.4, and 5.4 through 5.4.0.1 allows remote authenticated users to cause a denial of service via a large file that lacks end-of-line characters.
CVE-2013-4622 (droid_incredible)
The 3G Mobile Hotspot feature on the HTC Droid Incredible has a default WPA2 PSK passphrase of 1234567890, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area.