Best Of Web
Best Of The Web
CSO ONLINE
University of Glamorgan To Study Deadly AET Cyberattacks
The University of Glamorgan, in a partnership with Stonesoft, will study so-called Advanced Evasion Techniques (AETs)
NEW YORK TIMES
Patient Data Landed Online After A Series Of Missteps
Stanford Hospital data breach is detailed
TECH WORLD
UK Banks Announce Online Fraud Losses Drop 32 Percent
Customers losing less cash thanks to better fraud detection
BANK INFO SECURITY
UBS: A Lesson For Banks
Risk management expert discusses takeaways from the unauthorized trading at UBS
NETWORK WORLD
Feds Want Uber Cybersecurity Compliance Standard
Security compliance has become the bane of federal CIOs, CSOs
CYBER CRIMES UNIT
Zeus Trojan Gang Member Gets Jail For Huge UK Fraud
Latvian man gets two years for his role in cybercrime gang
CSO ONLINE
SpyEye Trojan Targets Online Banking Security Systems
Attacks target systems that use text messaging as a second form of authentication
QNRQ
Zero-Day Full Disclosure: American Express
American Express can be a tough company to penetrate -- even when you want to inform them of a zero-day vulnerability
THE REGISTER
Android Malware Under Blog Control, Says Trend Micro
Malware is disguised as Chinese e-book reader
COMPUTERWORLD
Mozilla Aims To Add Silent Updating To Firefox 10
Mozilla plans to return to behind-the-scenes updates to the Firefox browser by early next year
THE L.A. TIMES
China Cyber Attacks Threaten U.S. Security, Official Says
Chairman of the House Intelligence Committee yesterday said China's "predatory" activity against intellectual property theft aimed at the U.S. and other Western countries is hurting U.S. security
SOPHOS NAKED SECURITY BLOG
The M00p Malware Investigation -- Was Justice Done?
The m00p malware operation was shut down after a multiyear, multination effort, but not all of the gang behind it was caught
M86 LABS
New Google AdWords Phish In-Ihe-Wild
New spam email takes victims to Google-looking phishing page that compromises their Google AdWord, Gmail, and Google+ accounts
ZDNET BLOG
Google Shells Out $10,000 To Fix 10 High-Risk Chrome Browser Flaws
New Google Chrome version 14.0.835.202 includes Adobe Flash Player 11 and other security fixes
TECH CRUNCH
NuCaptcha Brings User-Friendly Captchas To Mobile Phones And Tablets
Startup that offers video CAPTCHA technology is rolling out a CAPTCHA produt for all mobile platforms
NCSU NEWS
NC State, IBM Researchers Develop Technique That Offers Enhanced Security For Sensitive Data In Cloud Computing
Researchers have come up with an experimental method of protecting data in the cloud by reducing the attack surface
WIRED
Hayden Urges Congress To Let NSA Monitor Public Networks For Threats
Former NSA and CIA director Michael Hayden told Congress yeserday that the NSA should be allowed to monitor public networks for cybersecurity purposes
THE REGISTER
HTC To Plug Private Data Backdoor Leak Slurp Vuln
Android device maker concedes problem, says it is taking steps to repair
TECH REPUBLIC
Why Isn't Everyone Hacked Every Day?
Trouble befalls only a fraction of those who ply the Internet. Why is that? A researcher offers some explanation
GOVERNMENT INFO SECURITY
Too Much Cybersecurity Awareness
At the outset of Cybersecurity Awareness Month, chief of RSA says there's too much awareness and not enough being done about it
WASHINGTON POST
Congressman Lambastes Chinese Cyber-Espionage
Chairman of House Intelligence committee says attacks have reached "intolerable level"
SC MAGAZINE
Can We Stop Hacktivism?
Loosely knit groups can't be stopped, but they can be contained
PC WORLD
Massive DDoS Attacks A Growing Threat To VoIP Services
TelePacific attack offers lessons on potentially overwhelming exploits
THE REGISTER
Facebook To Scrub Itself Clean Of Filthy Malware Links
Websense to sniff out stinky URLs on social network
GOVERNMENT INFO SECURITY
DoD Names Cyber Policy Leader
Eric Rosenbach to work with Panetta to help formulate strategies
ZDNET BLOG
China's Blue Army: When Nations Harness Hacktivists For Information Warfare
Government-sponsored cyberwarfare units like China's new Blue Army have it all wrong when it comes to offensive methods
SYDNEY MORNING HERALD
Microsoft Bug Inadvertently Removes Google Chrome Browser From PCs
Some Google Chrome users had the browser removed from their Windows PCs after Microsoft's Security Essentials inadvertently uninstalled it
CNET
Hackers Post Data On JP Morgan Chase CEO
Hackers put online chief executive of J.P. Morgan Chase's address, family, political contributions and legal information as a show of support for the Occupy Wall Street protests
BANK INFOSECURITY
Bank Of America Site Not Hacked
Problems with Bank of America's website that began on Friday were not related to a hack, the bank says
CIO
Betfair Security Chief Leaves After Massive Customer Data Theft
The former director of security at online gambling site Betfair has left the company in the wake of a breach of 3.15 million customer account details
KREBS ON SECURITY
Monster Spam Campaigns Lead To Cyberheists
A wave of massive email spam efforts attempting to spread password-stealing Trojans highlight the importance of taking precautions to protect online banking credentials for SMBs
PC ADVISOR
Crackdown On Online Peddlers Nets $6.3 Million In Drugs
International effort by 81 countries pulled some 2.3 million potentially harmful drugs from the online black market
THE AUSTRALIAN IT
Wall Street Warned About Possible Hacking Attack By 'Anonymous'
The U.S. Department of Homeland Security told financial services firms that "publicized events," like Occupy Wall Street, could motivate Anonymous to target these institutions
CNN
Amazon's 'Cloud' Browser Raises Privacy Concerns
Silk, Amazon's in-house Internet browser for its tablet computer, will let Amazon capture and control users' Web transactions, privacy experts say
MALWARE DIARIES
Virus Removal Site Infects Its Users
laptopvirusrepair.co.uk., which advertises virus removal from laptops, has been hacked and is serving malware
GOVERNMENT COMPUTER NEWS
NIST Puts Together A Plan For Securing Wireless LANs
'Guidelines for Securing Wireless Local Area Networks' offers recommendations for improving security and monitoring of wireless networks and devices
ARS TECHNICA
Secret Memo Reveals Which Telecoms Store Your Data The Longest
Justice Department internal memo reveals data retention policies of largest wireless providers in the U.S., including AT&T, Sprint, T-Mobile and Verizon
THE REGISTER
Qualys Endorses Alternative To Crappy SSL System
Qualys will run two of the notary servers for Moxie Marlinspike's SSL certificate-vetting Convergence project
ZDNET
Hire Hackers To Catch Other Hackers?
TED speaker discusses whether to hire not-so-ethical hackers
GSN MAGAZINE
Police WiFi Public Education Effort Shelved In Austin After Red Flags
'Operation Wardrive,' where the Austin, Texas police department would sniff out unsecured private WiFi networks in the city and warn their owners of the dangers, was cancelled due to privacy worries
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
- Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-3270 (vnx_control_station, celerra_control_station)
EMC VNX Control Station before 7.1.70.2 and Celerra Control Station before 6.0.70.1 have an incorrect group ownership for unspecified script files, which allows local users to gain privileges by leveraging nasadmin group membership.
CVE-2013-1014 (itunes)
Apple iTunes before 11.0.3 does not properly verify X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate.
CVE-2013-1011 (itunes)
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
CVE-2013-1010 (itunes)
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
CVE-2013-1008 (itunes)
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.