Best Of Web
Best Of The Web
SYMANTEC
A Decade In Review: Cybercriminal Motivations Behind Malware
A look at the decade's big hacks and the reasons behind them
THREAT POST
Evidence Of Infected SCADA Systems Washes Up In Support Forums
A researcher says evidence that viruses and spyware have access to industrial control systems is found in on Web-based user support forums
THE HACKER NEWS
20 Famous Websites Vulnerable To Cross Site Scripting (XSS) Attack
A hacker known as '*Invectus*' has posted links to sites such as the State Department, The Telegraph, Google, and McDonalds, that harbor XSS flaws
INFOSEC ISLAND
Citigroup Executive Pleads Guilty To Insider Theft Of Millions
Gary Foster, former vice president in Citigroup's treasury finance department, has pled guilty to bank fraud for embezzling more than $22 million from Citigroup
THE GUARDIAN
Anonymous And LulzSec Case: Four Accused Males Appear In Court
Peter David Gibson, Ashley Rhodes, Christopher Weatherhead, and a 17-year-old student were all released on bail under the condition that they did not use their online nicknames on the Net or the Internet Relay Chat channel
COMPUTING
Expert Says UK Government Is Too Preoccupied With Launching Cyber Attacks
Ross Anderson, professor of security engineering at the Cambridge University computer laboratory, says 90 percent of the U.K. government's new cybersecurity funding went to its offensive operations
NAKED SECURITY BLOG
Microsoft Revokes DigiNotar Certificates From Windows, Mac Users Still Vulnerable
Mac users should run BootCamp and Windows 7 until Apple provides a patch
ITAC IDENTITY BLOG
New Hero: Average Consumer Stops International Hacker Ring That Targets Merchants
A customer who found that $700 missing from his account contacted his online retailer and ask where the goods were shipped and gave the address to the police, who arrested the suspect who was part of an international hacker ring
KREBS ON SECURITY
Rent-a-Bot Networks Tied To TDSS Botnet
TDSS botnet is the most sophisticated threat today, according to experts at Russian security firm Kaspersky Lab
GOVERNMENT COMPUTER NEWS
A Digital 9/11 Might Be Under Way Already
Probing efforts from nation-states may be precursors to broader attack
GEEK TECH
U.S. Department Of Homeland Security Warns Of Planned Anonymous Attacks
Employees of financial companies may be at risk, DHS says
FINANCIAL TIMES
Police Hunt Scares Hackers Offline
Manhunt for members of Anonymous, LulzSec could send some members on the run
BBC
Turkish Net Hijack Hits Big-Name Websites
Visitors to Vodafone, Daily Telegraph, and UPS are redirected to a malicious website
PC WORLD
Ex-Employee Wiped Financial Data While At A Bikini Bar
Angry former IT worker wiped out payroll files from military contractor
V3.CO.UK
Cloud Computing And Mobile Devices Increase The Risk Of E-Crime
Business leaders concerned about threats posed by new technology, KPMG study says
ISRAEL NATIONAL NEWS
Israeli-Turkish Cyberwar Begins
Turkish hackers launch DNS attack on 350 Israeli websites in what may be a test for future attacks
IT WORLD
Microsoft: Stolen SSL Certs Can�t Be Used To Install Malware Via Windows Update
Updates also code-signed by separate certificate that Microsoft controls
EWEEK
California Updates Data Breach Law To Require More Incident Details
California's data breach notification law now requires victim organizations reveal what type of personal information was exposed, what happened, the time of the breach, and other information
SC MAGAZINE
Anonymous Attacked WikiLeaks
Anonymous members are claiming they launched a denial-of-service attack against WikiLeaks this week using a custom-built tool that exploits a SQL server flaw
TG DAILY
Pentagon's Cyber Strategy Is 'Confused'
The GAO says the the U.S. military is apparently "unsure" how to execute cyberoperations, and confusion reigns "among the combatant commands about command and control over cyber operations"
SECURELIST
Was DigiNotar's PKIoverheid CA Breached Too?
In the wake of the DigiNotar breach, one of the big questions is whether the government CA branch, called DigiNotar PKIoverheid, has also been compromised
ARMORIZE BLOG
Yahoo YieldManager, Spreading Ransomeware Acting As Federal German Police
Researchers spot malvertising on Yahoo YieldManager (RightMedia) serving up malware to German visitors under the guise of crime-detection software from the Federal German Police
TREND MICRO BLOG
Targeting The Source: FAKEAV Affiliate Networks
Trend Micro investigates two FAKEAV affiliate networks -- BeeCoin and MoneyBeat -- that aggregated malicious links and malware provided by top-tier FAKEAV affiliates
FTC
FTC Warns Small Businesses: Don't Open Email Falsely Claiming To Be From FTC
A phishing email with a subject line "URGENT: Pending Consumer Complaint" purportedly from the FTC is circulating, and the Federal Trade Commission says it's a hoax targeting small businesses and it may harbor malware
CNET
Alleged Anonymous Members Plead Not Guilty
Fourteen defendants facing felony charges of conspiracy and computer hacking in connection with a DDoS attack against PayPal plead not guilty--among the defendants is Vincent Kershaw, Mercedes Haefer, Jeffrey Puglisi, Josh Covelli, and Christopher Quang Vo
VENTURE BEAT
Hackers Steal 21,000 Passwords From Star Wars Game Fan Site
The Star Wars Galaxies fan site was breached and 21,000 email addresses and 23,000 password stolen by a group of hackers under the AntiSec movement, who posted the stolen goods online
INFOSEC ISLAND
Nine Reasons Why You're Not Ready For DLP
First you have to know your risks, regulatory, and privacy gaps, where your data is, the scope of the initiative, and other things like an established data loss response plan
THE RAW STORY
WikiLeaks Blames Guardian Journalist For Release Of 251,000 Unredacted U.S. Cables
WikiLeaks says a journalist from the British newspaper The Guardian was behind the release of hundreds of thousands of unredacted U.S. State Department documents
SC MAGAZINE
Kaspersky Website Vulnerable To XSS
Reddit published a cross-site scripting (XSS) flaw allegedly discovered on the website of security company Kaspersky Lab
CNET
CEO: PlayStation Network Growth Recovers After Hack
The PlayStation Network, Sony's online game-play system, has bounced back after the hack, is more secure, and on a growth curve, Sony's CEO Howard Stringer said in a speech
THE DAILY MAIL
Naked Photos Of Celebrities, A-List Phone Numbers And Top Secret Scripts
A group that says it's affiliated with the Anonymous movement is now wreaking havoc In Hollywood under the umbrella "Hollywood Leaks," ousting phone numbers of Miley Cyrus, Ashley Green, and the script from Tom Cruise's new musical, "Rock of Ages"
DAN KAMINSKY'S BLOG
These Are Not The Certs You're Looking For
Kaminsky on why X.509 and the CA model fails, and how DNSSEC can help
LINUX.COM
The Cracking Of Kernel.org
The server housing the Linux kernel was hacked by an unknown intruder, and the attacker was able to get root access, but kernel.org says the software and code remains intact
INFOWORLD
4 Simple Steps To Bulletproof Laptop Security
A look at the best techniques and tools to protect Windows notebooks from theft, intrusion, and data loss
NAKED SECURITY BLOG
17-Year-Old Brit Charged In Ongoing Anonymous Investigation
Chester teenager has been charged in connection with attacks by the Anonymous hacktivist group
VERACODE BLOG
Musings On Custer's Last Stand
Veracode's Chris Wysopal responds to Oracle CSO Mary Ann Davidson's veiled criticism of the static binary analysis service provider
CIO.COM
Five Things CIOs Need To Know About Anonymous
Nobody's in charge, the attacks appear random, and they are a capable, international group motivated by publicity
APACHE.ORG
Apache HTTP Server 2.2.20 Released
The Apache Software Foundation and the Apache HTTP Server Project have issued a new version of the server software that fixes the Apache Killer flaw -- it fixes the handling of byte-range requests to use less memory and to deter at denial-of-service attack
THE GUARDIAN
Pakistan To Ban Encryption Software
Pakistani ISPs must inform government officials if their customers use virtual private networks, as part of a government crackdown on the Internet
FACEBOOK
Updates To The Bug Bounty Program
Facebook�'s new vulnerabilities-for-cash program paid out more than $40,000 in three weeks, with one contributor earning more than $7,000 for identifying six different bugs in its social networking platform
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- How Hackers Fool Your Employees: People are your most vulnerable endpoint. Make sure your security strategy addresses that fact.
- Not All Or Nothing: Effective security doesn't mean stopping all attackers.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-3342 (acrobat_reader)
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 do not properly handle operating-system domain blacklists, which has unspecified impact and attack vectors.
CVE-2013-3341 (acrobat_reader)
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, and CVE-2013-3340.
CVE-2013-3340 (acrobat_reader)
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, and CVE-2013-3341.
CVE-2013-3339 (acrobat_reader)
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3340, and CVE-2013-3341.
CVE-2013-3338 (acrobat_reader)
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.