Best Of Web
Best Of The Web
THE HACKER NEWS
Core Security Technologies Victim Of Latest Hack
Snscope hacker defaces site, may cause concerns about security company
BOSTON.COM
Two Million Mass. Residents Hit By Data Breach Leaks
Nearly one out of three Massachusetts residents have had their personal information exposed via data theft or loss since the beginning of 2010, according to the Massachusetts Attorney General�s office
THE YOMIURI SHIMBUN
Chinese Used In MHI Cyber-Attack
One of the malware samples used in the attack on Mitsubishi Heavy Industries contained Chinese language -- on a screen for an attacker to remotely control the infected PCs
THE REGISTER
Hackers Break SSL Encryption Used By Millions Of Sites
A newly discovered flaw in most websites protected by SSL could let an attacker decrypt data that's passing between a Web server and the user's browser
THREAT POST
Nation-State Attackers Are Adobe's Biggest Worry
Brad Arkin, senior director of product security and privacy at Adobe, says his company's main adversaries are state-sponsored attackers
INFOSEC ISLAND
Scammers Exploiting Bogus DigiNotar SSL Certificates
Spamming campaign targeting Royal Bank of Canada customers under way that contains the bank's logo, a link pointing to a suspicious domain, and uses a spoofed email header
ZDNET BLOG
Bank Of Melbourne Twitter Account Hacked, Spreading Phishing Links
The Bank of Melbourne, Australia's Twitter account was hijacked this week and was used to spread phishing links as direct messages to its followers
JONATHAN ZDZIARSKI'S DOMAIN
OnStar Begins Spying On Customers' GPS Location For Profit
OnStar's new terms and conditions allow the service to sell its customers' personal GPS location information, speed, safety belt usage, and other information to third parties, including law enforcement
H ONLINE
Smart Meters Reveal TV Viewing Habits
Researchers found that it is possible to use electricity-usage data from smart electricity meters to determine which TV show consumers are watching on a standard TV set
FAST CASUAL
Why Credit Card Stystems Will Always Be In Scope
P2P protects credit cards reliably, but firewalls, antivirus, policies and procedures, physical security, and all of the other things that PCI requires won�t become obsolete
FORBES INDIA
Hackers' Haven
India is an easy target for cybercriminals and foreign governments, and must lock down its cybersecurity
THREAT POST
Cloud Security Needs Continuous Monitoring to Reassure Enterprises, Panel Says
Cloud providers need to be more transparent about their security -- and to include continuous monitoring processes
BBC
UK Firm Denies 'Cyber-Spy' Deal With Egypt
A U.K. firm offered to supply "cyber-spy" software used by Egypt to target activists, according to documents
ESET BLOG
The Good News About Security And Privacy Breaches: An Opportunity To Learn
Recent high-profile healthcare breaches demonstrate what can happen when medical data isn't handled or secured properly
SC MAGAZINE
Russian Cracker Helps Hoist $10M, Fined $310K
A Russian cybercriminal sold two apartments to cover a $309,000 fine for his role in hacking into the Royal Bank of Scotland's RBS WorldPay service and stealing more than $10 million from ATMs
ACUNETIX BLOG
Barack Obama's Email Servers Hacked Using XSS
Researchers have discovered a persistent XSS vulnerability in the official website of Barack Obama
COMPUTERWORLD
5 Secrets To Building A Great Security Team
Caterpillar exec shares tips on how to set up a strong security team, including writing a strategy or operating plan
MSNBC
Intel Officials' Emails Posted After Hack Of Cybersecurity Group
Names and emails of hundreds of U.S. intelligence officials were posted online by hackers who hit the Intelligence and National Security Alliance
TREND MICRO BLOG
Soldier SpyEyes A Jackpot
A young Russian cybercriminal a.k.a. 'Soldier' stole $3.2 million in six months using various crimeware packages
WIRED
Sony Forces Gamers to Promise They Won't Sue En-Masse for Hacks
Sony has updated its terms of service such that online gamers must waive their right to any class-action lawsuits
BETA NEWS
Are Cyber Spies Looking At You?
Keep confidential information on non-Internet connected systems
GOOGLE CHROME BLOG
Stable Channel Update
Google has issued Chrome 14.0.835.163 release that includes security fixes for use-after-free flaws
ORACLE
Oracle Security Alert For CVE-2011-3192
Oracle 'strongly recommends' users apply a new patch ASAP to fix a denial-of-service vulnerability in Apache HTTPD
THREAT POST
New Attack Breaks Confidentiality Model Of SSL, Allows Theft Of Encrypted Cookies
Researchers have come up with an attack on TLS 1.0/SSL 3.0 that lets them decrypt client requests and hijack sessions on online banking, e-commerce and payment sites
INFOSEC ISLAND
FBI Investigating Over 400 Corporate Account Takeovers
Gordon M. Snow, assistant director of the Cyber Security Division at the FBI, told Congress that the FBI is currently investigating more than corporate account takeovers that account for $85 million in losses
BUSINESS WEEK
On the Internet, Nobody Knows You're A Robot
CSIdentity's artificial intelligence tool extracts data from cybercriminals
ESECURITY PLANET
Targeted Attacks Aren't As Targeted As You Think
Organizations hit by breaches that bypass their up-to-date and well-secured systems assume a successful attack against them would be from a targeted attacker -- but not necessarily
COMPUTERWORLD
Bot Army Being Assembled, Awaiting Orders
Mass malicious email attachments sent last month could mean millions of infected machines, according to Commtouch
SC MAGAZINE
Millions Of Student Exams, Tests And Data Exposed
Multiple zero-day security vulnerabilities were discovered in Blackboard, some of which would let an attacker grab administrative access to databases in which student exams and grades reside
GOVERNMENT SECURITY NEWS
Protest Of Government-Financial 'Coziness' Planned For Wall Street Area On Sept. 17th
FBI warns of physical and online protests held Sept. 17, with Anonymous launching its �US Day Of Rage� DDoS attacks
SCHNEIER ON SECURITY
Domain-In-The-Middle Attacks
This simple attack lets an attacker register a domain similar to its target except for a typo
THREAT POST
Researchers Find Ads On Bing, Yahoo Leading To Malware Downloads
Researchers have found advertisements in Yahoo and Bing search results redirecting users who searched for Firefox, Skype, or other apps to malicious sites that install rootkits and other malware
MICROSOFT
Windows 8: Protecting You From Malware
Microsoft details how Windows 8 will come with new anti-malware features for Windows Defender and improved performance
NAKED SECURITY BLOG
Will Windows 8's New Interface Herald Full-Screen Scareware?
With the new Windows 8 interface, those browser-based fake antivirus warnings will be shown full-screen, which could make it easier to dupe victims
INTERNET EVOLUTION
Blumenthal Bill Would Punish Security Negligence
Sen. Richard Blumenthal (D-Conn.) is sponsoring a breach disclosure bill that among other things, would help the sharing of information among companies after a breach
TG DAILY
What Would A Future Cyberwar Look Like?
Army Gen. Keith Alexander, commander of the new U.S. Cyber Command, says computer-based combat will likely include widespread power outages and destruction
ARS TECHNICA
Anon's Foil Aaron Barr Is Back--And He Wants More Cybersecurity Offensives
Barr, who is now director of cyber security for government contractor Sayres and Associates, says more money should be invested in offense
SC MAGAZINE
Researchers Uncover First Active BIOS Rootkit Attack
What is believed to be first in-the-wild rootkit that targets BIOS has been discovered
US-CERT
Cisco Releases Multiple Security Advisories
Cisco has released two security advisories to address vulnerabilities in CiscoWorks LAN Management Solution: the Cisco Unified Service Monitor and the Cisco Unified Operations Manager
TALKING POINTS MEMO
Defending 'Anonymous': Lawyers For Alleged 'Hacktivists' Speak Out
Suspects all plead not guilty, range in age from 20 to 42, and in filings are identified by their names and alleged nicknames, including "Anthrophobic," "Toxic," "MMMM," and "Reaper���
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
- Remote Data Replication: Combat Disasters And Optimize Business Operations
- Riverbed vs Silver Peak: WAN Optimization Vendors Put to the Test
- Storage Infrastructure as a Service The Best of Cloud and On-premises Storage
- Putting Metaswitch's SBC Software to the Test
- When It Makes Sense to Move to Desktop Virtualization: Seven Key Indicators
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- Endpoint Security: End user security requires layers of tools and training as employees use more devices and apps.
- Security Isn't A Piece Of Cake: It's time we rethink the conventional wisdom about security layering.
- BYOD Is Here To Stay: Trying to keep employees' devices off the network is futile.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-4612 (redcap)
Multiple cross-site scripting (XSS) vulnerabilities in REDCap before 5.1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving different modules.
CVE-2013-4611 (redcap)
Multiple unspecified vulnerabilities in REDCap before 5.1.1 allow remote attackers to have an unknown impact via vectors involving (1) the Online Designer page or (2) the Manage Survey Participants page.
CVE-2013-4610 (redcap)
Unspecified vulnerability in the Data Search utility in data-entry forms in REDCap before 5.0.3 and 5.1.x before 5.1.2 has unknown impact and remote attack vectors.
CVE-2013-4609 (redcap)
REDCap before 5.0.4 and 5.1.x before 5.1.3 does not reject certain undocumented syntax within branching logic and calculations, which allows remote authenticated users to bypass intended access restrictions via (1) the Online Designer or (2) the Data Dictionary upload, as demonstrated by an eval call.
CVE-2013-4608 (redcap)
Cross-site scripting (XSS) vulnerability in REDCap before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via vectors involving the Graphical Data View & Descriptive Stats page.