Best Of Web
Best Of The Web
KASPERSKY
More On DigiNotar
News report from the Netherlands says Yahoo.com, mozilla.org, torproject.org, wordpress.org, and Iranian blogging platform Baladin are all also domains targeted in the DigiNotar hack, and the CA says it can't track rogue certificates generated, which is worrisome
HELP NET SECURITY
Many Parents Unaware If Cyberbullying Is An Issue
Nearly 90 percent of parents say they talk to their children about Internet safety, but 40 percent don�t know if cyberbullying is an issue at their child's school or not
IT WORLD
Facebook's New Privacy Controls: Still Broken
Facebook�s new "improved" privacy controls come with some caveats, including one with photo-tagging where you can tag someone else in a photo and then keep them from seeing it
ORACLE BLOG
Those Who Can't Do, Audit
Oracle security exec Mary Ann Davidson says static analysis-as-a service offering made sense for small businesses, but criticizes those who she says spreads "FUD" in order to attract various organizations use their services to test vendors' code
INFOSEC ISLAND
Researchers Find LinkedIn Spam Downloads Trojan
Researchers at Barracuda Labs have discovered a spam campaign with headers spoofing LinkedIn -- it uses an exploit toolkit that bypasses HTTPS protection and allows the downloading of a password-stealing Trojan
BANK INFOSECURITY
Why IT Security Careers Remain Hot
Many jobs are left unfilled because employers want experienced people, but the question is whether the talent pool has sufficient technology and communications skills for the positions
CISCO BLOG
Life After Anonymous: Interview With A Former Hacker
Cisco talks to Anonymous expatriot "SparkyBlaze," who says he agreed with the hacktivist group going after governments, but putting user names and passwords of people you fight for is wrong
COMPUTERWORLD BLOG
Wikileaks Data Leaked; Website Denies It, Via Twitter
Wikileaks website's secret cables allegedly have themselves been leaked, although WikiLeaks participants on Twitter say it�s not so
SECURITY WEEK
Click Fraud Botnet Intercepted 87 Million Web Searches Per Year
Symantec researchers say one click fraud operation earned more than $46,000 in revenue between September 27, 2010 and June 27, 2011: it was intercepting up to 87 million Web searches a year and feeding users unwanted ads
BANK INFOSECURITY
The Future of Payments: SWIFT Exec Says Security, Data Management Will Play Key Roles
Kosta Peric, head of innovation for the Society for Worldwide Interbank Financial Telecommunication, says financial institutions have an opportunity to lead in security
THREAT POST
http://threatpost.com/en_us/blogs/weaknesses-webkit-becoming-problematic-082811
The popularity of the open-source HTML rendering engine makes it an attractive platform for attack, especially given its presence in smartphone browsers
TECH CRUNCH
Nokia Shuts Down Developer Forum After Hacker Accesses Member Records
Nokia shut down its developer community website in the wake of a database hack that exposed forum members� email addresses and other information � the attacker waged a SQL Injection attack
SOURCEFIRE BLOG
Securing the Cloud: Not Just Hype
Loss of governance, potential security issues in a shared infrastructure, and data loss and leakage are among the security challenges of going to the cloud
COMPUTERWORLD UK
Hackers Could Use Microsoft Patches To Design Malware Attacks
A proof-of-concept demonstrates how a Microsoft patch could be reverse-engineered to launch a denial-of-service attack on a Windows DNS Server
BHASKAR DAILY
India's Key Ministries Face Largest Strategically Targeted Cyber Attack
Officials from India�s ministries of home affairs, defense, external affairs and the armed forces were hit by targeted email-borne attacks and have been asked to shut down systems in the wake of infections
BETA NEWS
DOJ Pharmacy Investigation Undermines Google Credibility
The Department of Justice investigation of Google allowing online Canadian pharmacies to place advertisements via AdWords, and Google�s subsequent penalty, indicates how Google ignores its own policies when it�s profitable to do so, columnist says
FORBES BLOG
FBI Issues Warnings About Hurricane Irene Charity Scams
The Federal Bureau of Investigation is urging citizens to be on alert for fraudulent e-mails and websites claiming to handle charitable relief efforts
THREAT POST
Microsoft Releases New Versions of Software Security Tools
Microsoft�s Threat Modeling Tool now has improved support for Visio 2010 and Team Foundation Server, and Microsoft released new versions of some of its free fuzzers
INFOWORLD
Mozilla Defends 'Rapid Release' Of Firefox Versions
Chair of the nonprofit acknowledges that new versions of Firefox every six weeks can be disconcerting and hard to manage for enterprises, but that the release cycle is necessary and Mozilla will improve it
NAKED SECURITY BLOG
Welcome To Apple iCloud Phishing Attacks
Phishers already are using Apple�s move from MobileMe to iCloud to trick users into handing over their credit card details, address, social security number, date of birth, mother's maiden name, and Apple ID credentials
SYMANTEC BLOG
Xpaj Botnet Intercepts Up To 87 Million Searches per Year
Sophisticated file infector W32.Xpaj.B�s command and control servers contained encrypted binary data, encryption keys, databases, and Web applications
SECULERT BLOG
Your APT Can Be A Botnet, And Vice Versa
Operation Shady RAT is an APT that utilizes a botnet infrastructure to manage the attack
KREBS ON SECURITY
Coordinated ATM Heist Nets Thieves $13M
Cybercrime gang stole $13 million from a Florida-based financial institution earlier this year using ATMs worldwide to cash out stolen prepaid debit cards
ITAC IDENTITY BLOG
Financial Institutions: Fraud on the Decline, But Still a Concern
Overall fraud losses to banks is on the decline, according to a Financial Services Information Sharing and Analysis Center (FS-ISAC) survey that says more financial institutions were able to block bank account takeovers in 2010 than in the previous year
FEDERAL COMPUTER WEEK
FBI Deploys Fingerprint System For Mobile Devices
The FBI is using a new mobile system for police officers to check the fingerprints of suspects at the scene
SOPHOS
UK Police Charge Man In Connection With Anonymous DDoS Attacks
Student allegedly played role in attacks on numerous organizations
H ONLINE
Mac OS X Lion Fails To Check Passwords When Authenticating Via LDAP
Authentication bug could allow any password to be accepted during login
PCI GURU
A Carrot For Chip And PIN
Visa offers a waiver on PCI compliance if merchants deploy dual-interface chip technology terminals
EXAMINER
Anonymous Protests Keystone XL Tar Sands Oil Pipeline
Hacker collective joins group vigil in front of White House
ZDNET ASIA
U.S. Battery Firms Reportedly Targeted In Online Attack
DDoS attacks targeting battery retailers are traced to Russia in what could be a corporate sabotage campaign, authorities say
PC WORLD
Experts Positive On Facebook�s New Privacy Controls
Privacy advocates laud social networking site for giving users more control over their information
TG DAILY
U.S. Invokes Patriot Act As WikiLeaks Dumps More Data
Authorities demand information on Julian Assange and other WikiLeaks figures
BANK INFO SECURITY
FFIEC Guidance: What Your Vendors Won�t Tell You (Unless You Ask)
A look at the �dirty little secrets� vendors carry
SOFTPEDIA
New Website Ranks Hacks
RankMyHack.com gives hackers rankings for their hacks and encourages them to score points for high-profile website hacks � so far, huffingtonpost.com, google.com, amazonaws.com, and mozilla.org are among the sites listed as hacked by the participants
CNET
When Hackers Become The Man
Many of the hackers at DefCon 19 now work as security professionals and some even brought their children � the community is growing, and growing up
INFOSEC ISLAND
A Look Inside the Anonymous DDoS Attack Code
Security expert says Anonymous used Reflected Denial of Services (RDoS) attack, which let them do more with fewer DDoS bots -- Anonymous only needed to control a single system to begin the attack, he says
KOMO NEWS
Chase, Bank Of America Credit Cards Too Hacker-Friendly
With automated telephone account information systems at Chase and Bank of America, a hacker could trick the bank�s computer to make the call appear to be coming from the cardholder�s home phone when in fact it wasn�t
NAKED SECURITY BLOG
Twitter Starts Rolling Out HTTPS By Default -- Good News For Security And Ashton Kutcher
Twitter is now turning on HTTPS by default, which would have helped prevent Ashton Kutcher�s Twitter account from being hacked earlier this year
CSO ONLINE
Facebook Data Collection Under Fire in Germany Again
A German privacy protection authority is urging organizations to close their Facebook fan pages and remove the social networking site's "Like" button from their websites, arguing that Facebook harvests data in violation of German and European Union law
COMPUTERWORLD
Lawsuit Accuses Comscore Of Extensive Privacy Violations
Class-action lawsuit filed in federal court this week alleges that online tracking and analytics firm comScore secretly grabbed Social Security numbers, credit card numbers, passwords, and other data from consumer systems
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- Endpoint Security: End user security requires layers of tools and training as employees use more devices and apps.
- Security Isn't A Piece Of Cake: It's time we rethink the conventional wisdom about security layering.
- BYOD Is Here To Stay: Trying to keep employees' devices off the network is futile.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-3927
Unspecified vulnerability in the client library in Siemens COMOS 9.2 before 9.2.0.6.10 and 10.0 before 10.0.3.0.4 allows local users to obtain unintended write access to the database by leveraging read access.
CVE-2013-3647
The WebView class in the Cybozu Live application before 2.0.1 for Android allows attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL. NOTE: this vulnerability exists because of a CVE-2012-4009 regression.
CVE-2013-3646
The Cybozu Live application before 2.0.1 for Android allows remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site. NOTE: this vulnerability exists because of a CVE-2012-4008 regression.
CVE-2013-3644
Unspecified vulnerability in JustSystems Ichitaro 2006 through 2013; Ichitaro Pro through 2; Ichitaro Government 6, 7, and 2006 through 2010; Ichitaro Portable with oreplug; Ichitaro Viewer; and Ichitaro JUST School through 2010 allows remote attackers to execute arbitrary code via a crafted document.
CVE-2013-4616 (iphone_os)
The WifiPasswordController generateDefaultPassword method in Preferences in Apple iOS 6 and earlier relies on the UITextChecker suggestWordInLanguage method for selection of Wi-Fi hotspot WPA2 PSK passphrases, which makes it easier for remote attackers to obtain access via a brute-force attack that leverages the insufficient number of possible passphrases.