Best Of Web
Best Of The Web
CNET
SEC Orders Disclosure Of 'Potential' Security Breaches
The Securities and Exchange Commission says potential data security breaches also must be disclosed by U.S. companies in some cases
HELP NET SECURITY
What Threats Can We Expect In October?
Search-engine poisoning, spam that promises green cards were among hot exploits in September, GFI says
ZDNET
Seven Myths About Zero-Day Vulnerabilities Debunked
Zero days get a lot of press, but the realities are often different from perception
CNET
FBI Arrests Alleged Celebrity Email Hacker
'Hackerazzi' allegedly posted stolen compromising photos of celebs to the Web
CSO
Raytheon Hit By Cloud-Based Attack
Spear-phishing attack asked employees to access an applications through a link served by a cloud service
FUEL FIX
Cybercrime Becomes Bigger Threat To Energy Industry Than Terrorists
Energy security concerns move from physical to logical
INFO SECURITY
Fortinet Expert Warns On Mobile Malware That Encrypts Its Data Streams
Malware found in wild infected around 100,000 smartphones, researcher says
THREAT POST
Apple Releases iOS 5, Removes DigiNotar Certs From iPhones, iPads
Root certificates from hacked vendor are removed from iOS trusted root list
CYBERWARZONE
Occupy Wall Street: Bankers Data Published By Anonymous
Officials at New York Community Bank get doxed
WIRED
RSA Blames Breach On Two Hacker Clans Working For Unnamed Government
RSA President Tom Heiser says two separate hacker groups were behind the attack on his company and says it was likely a 'nation-state sponsored attack'
WIRED
Get Hacked, Don't Tell: Drone Base Didn't Report Virus
Creech Air Force Base officials knew for two weeks about malware infecting its drone system but didn't report it to the 24th Air Force
THREAT POST
Microsoft Patches 22 Security Holes, 12 Highly Exploitable, In October
Microsoft issued eight security updates this week for 22 security holes
COMPUTERWORLD
Zero-Day Flaws Found In SCADA Systems
An Italian security researcher has revealed a second set of multiple zero-day vulnerabilities in supervisory control and data acquisition (SCADA) systems from various vendors
BANK INFOSECURITY
NY Skimming Incidents May Be Linked
A series of ATM-skimming attacks in New York appear to be related in some way, as other such incidents were reported in Seattle and Florida
MSNBC
German Officials Admit Using Spyware On Citizens, As Big Brother Scandal Grows
Four German states say they have used spyware, but say it was done so legally
ZDNET BLOG
WineHQ Database Hacked, Passwords Stolen
Attackers infiltrated its database and pilfered usernames and passwords
THE WASHINGTON POST
BlackBerry Outages Spread To The U.S.
Research in Motion says its BlackBerry network problems have spread from Europe, Asia, Latin America, and Africa to the United States and the rest of North America
DELL SECUREWORKS
Hacker Attacks Targeting Retailers Up 43 Percent
Old and new exploit kits playing a major role in the spread of attacks, according to Dell Secureworks research
DICE
Robot Informants Successfully Track Hackers
CSIdentity technology uses artificial intelligence to monitor bad guys
PC WORLD
LulzSec Leader Holds Onto Sun Email
Huge cache of stolen email is on a server in China, Sabu says
SOPHOS
Sneaky Fake Company Antivirus Warnings Trick Users Into Installing Malware
"Internal" request to install security package isn't real, researchers warn
THE INQUIRER
Anonymous Prepares For Operation Britain
U.K. to become part of Occupy campaign
THE REGISTER
VeriSign Asks For Web Takedown Powers
Provider asks to be able to shut down unauthorized domain names
V3.CO.UK
London Olympics IT Team Prepares For Cyber And Physical Attacks
Technology team has taken exhaustive measures to protect Olympic systems
FINEXTRA
Anonymous Says NYSE Takedown Threat Was A 'Media Scare Tactic'
Threat to erase stock exchange failed to materialize
YAHOO NEWS
Mitsubishi Heavy 'Targeted By Over 50 Computer Viruses'
Japanese defense contractor has been hit by more than 50 separate computer viruses in a series of attacks so far this year, a report says, including some that could have been stopped with antivirus software
HELP NET SECURITY
Virus Bulletin News Tweets Spread Malware
Malicious links being spread via Twitter using Virus Bulletin conference news as a lure
CNBC
London 2012 Safe From Cyber Attacks, Say Officials
Olympic organizers say their technology infrastructure for the summer games next year is well-equipped to fend off cyberattacks
COMPUTERWORLD
111 Arrested In Massive ID Theft Bust
Restaurant workers and bank insiders are charged in what's being called the largest-ever ID theft round-up
F-SECURE BLOG
Possible Governmental Backdoor Found ("Case R2D2")
Chaos Computer Club from Germany discovered a backdoor Trojan used by the German government that includes a keylogger that targets Firefox, Skype, MSN Messenger, ICQ and other apps
INFOSEC ISLAND
Citigroup Faces Class-Action Lawsuit For May Breach
A New York couple has filed the suit in a Manhattan federal court seeking a class-action case against Citigroup, alleging that Citigroup failed to take the proper steps to prevent fraudulent of stolen financial information
WIRED
DoJ's WikiLeaks Probe Widens To Include Gmail, ISP
New report reveals that the feds used secret orders to gather information from Google and ISP Sonic.net on former WikiLeaks spokesman Jacob Appelbaum
KREBS ON SECURITY
Identity Theft More Profitable Than Car Theft
Recent hacker break-ins at several car dealerships nationwide demonstrate treasure trove of data those companies hold
THREAT POST
Microsoft To Ship 8 Bulletins In October
Microsoft will issue eight bulletins on Patch Tuesday, two of which are "critical"
NAKED SECURITY BLOG
Facebook/Twitter Hacks By 'Friends' On The Rise For Teens And Young Adults
Three out of every 10 teenagers and young adults have had their Facebook, Twitter, or MySpace accounts broken into for snooping or impersonation purposes
ARBOR NETWORKS
DDoS Watch: Keeping An Eye On Aldi Bot
Aldi Bot is a newer, inexpensive DDoS bot that is growing in popularity
PC ADVISOR
UBS: Our Risk Systems Did Detect �1.3bn Rogue Trader
UBS says its IT systems spotted unusual and illicit trading activity before a rogue trader did his damage, but that it wasn't acted upon
THE NEW YORK TIMES
White House Orders New Computer Security Rules
The new directive makes official several temporary measures made by the Pentagon, the State Department, and CIA after the WikiLeaks case last year, plus more accountability and information-sharing rules
COMPUTERWORLD
Windows XP Usage Share Falls By Record Amount
Windows XP lost almost two percentage points during September to end the month with a 50.5 percent share of all desktop operating systems
INFOWORLD
Facebook API Abuse Can Expose Private User Data, Say Hackers
Researchers say Facebook is ignoring a problem in its APIs that could lead to unauthorized password changes, for instance
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
- Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-2059
OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API, which allows remote authenticated users to retain access via the token.
CVE-2013-2007
The qemu guest agent in Qemu 1.4.1 and earlier, as used by Xen, when started in daemon mode, uses weak permissions for certain files, which allows local users to read and write to these files.
CVE-2013-2006
OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the (1) admin_token and (2) LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file.
CVE-2013-1977
OpenStack devstack uses world-readable permissions for keystone.conf, which allows local users to obtain sensitive information such as the LDAP password and admin_token secret by reading the file.
CVE-2013-1964
Xen 4.0.x and 4.1.x incorrectly releases a grant reference when releasing a non-v1, non-transitive grant, which allows local guest administrators to cause a denial of service (host crash), obtain sensitive information, or possible have other impacts via unspecified vectors.