Best Of Web
Best Of The Web
HELP NET SECURITY
PHP 5.3.8 Fixes Security Issues
PHP developers have released PHP 5.3.8, which fixes two major security issues introduced in the recent PHP 5.3.7 release
SOPHOS
First Malware Using Android Gingerbreak Root Exploit
Live sample is found on Chinese alternative Android marketplace
LIVE HACKING
Facebook Launches Its Official Security Guide
Twenty-page guide offers help on protecting data and avoiding scammers
ARS TECHNICA
How The FBI Investigates The Hacktivities Of Anonymous
A detailed look at an FBI investigation
FREE REPUBLIC
MIT: Simple Security For Wireless
Man-in-the-middle attack on 4G wireless network starts wave of discussion -- and some solutions
SOFTPEDIA
Sony Hacker Quits Anonymous, Criticizing The Movement
"SparkyBlaze" says group should not expose personal information of innocent users
SC MAGAZINE
McAfee Fires Back At Shady RAT Criticism
Criticism from Kaspersky misses the point, company says
HOST EXPLOIT
Ukrainian Cybercriminals Stole $20 Million From Bank Accounts
Long-term operation involved more than 20 people and some high-technology equipment, authorities say
THREAT POST
Google Fixes 11 Flaws In Chrome
Search engine giant pays out more than $8,500 in bug bounties
INFOSEC ISLAND
Authorities Arrest Man Over Stock Exchange Attack
Hong Kong officials have arrested a man on suspicion of conducting a cyberattack against the Hong Kong Exchange two weeks ago
THE SACRAMENTO BEE
Hacked Cybersecurity Firm HBGary Storms Back After Ridicule Fades
HBGary's revenue will grow 60 percent this year and the company is hiring, its president says
MSNBC
Hackers Crack Purdue University Server
A server containing Social Security numbers and course records of more than 7,000 former Purdue University students was broken into by attackers more than one year ago, the university says
THE HUFFINGTON POST
Child Identity Theft Takes Advantage Of Kids' Unused Social Security Numbers
Children represent a growing target for identity thieves who steal their Social Security numbers because they offer clean slates that can be used to commit fraud for years without detection
THE REGISTER
AES Crypto Broken By 'Groundbreaking' Attack
Cryptographers have figured out a method of breaking the Advanced Encryption Standard, but expert says it does not 'compromise AES in any practical way'
THE EPOCH TIMES
Slip-Up In Chinese Military TV Show Reveals More Than Intended
Chinese military propaganda screened in mid-July included shots from a computer screen showing a Chinese military university going after the University of Alabama in Birmingham
THREAT POST
Serious Crypto Bug Found In PHP 5.3.7
PHP scripting language officials says there's a serious crypto problem in the latest release and that users should not upgrade to PHP 5.3.7 until the bug is resolved
CNBC
Yale Security Breach Reveals Data About Students And Staff
Yale University sent letters to alumni, faculty, and staff informing them that the names and Social Security numbers of 43,000 people affiliated with the university have been available to Google search engine users for the past 10 months
MSNBC
Cyber Attack Hits 350,000 Epson Korea Customers
Phone numbers, emails, names and coded data are compromised
CIO
How To Prevent IT Sabotage Inside Your Company
Recent cases of rogue employees offer lessons for companies that don't want to fall victim to similar attacks
ALL SPAMMED UP
Court Ruling Makes Some Forms Of Spam Legal
U.S Appeals court says protesters could clog up a company's email system with spam
GOVERNMENT INFO SECURITY
Scared Straight: Jittery Agency Heads Take IT Security More Seriously
Government agency chiefs and IT leaders are motivated to keep their organizations out of the headlines
THE REGISTER
Microsoft, McDonald's Absolved Of Tracking Cookie Abuse
Judge guts lawsuit accusing behemoths of misusing private browsing histories
USA TODAY
German Privacy Watchdog Dislikes Facebook's 'Like'
Data protection commissioner orders state institutions to shut down fan pages and remove the "Like" button from their websites
EWEEK
Cyberattackers Find It's Easy To Trick Bank Workers Into Divulging Passwords
Bank employees often fall for social engineering techniques
SECURITY BREACHING
Venezuela's Supreme Court Of Justice Website Is Hacked And Database Leaked
Pastebin dump claimed by SwichSmoke
RISKY.BIZ
Leaked 'RSA Dump' Appears Authentic
Massive Pastebin dump of domain names and IP addresses supposedly linked to a cyberespionage ring could be the real deal
SCIENCE DAILY
First Flaws In The Advanced Encryption Standard Used For Internet Banking Identified
New attack can recover the key four times easier than anticipated by experts
FRAUD CONSULTING
Dial-Through Fraud/Phreaking Scams On The Rise
Hackers route calls through corporate switchboards, adding fraudulent charges to company bills
EUGENE KASPERSKY'S BLOG
A Smart Green (An)droid Going Places, No Matter What
Security guru says Android is set to take over the world, even if there are patent wars
THE TELEGRAPH
Student Hacker 'Penetrated' Facebook
Hacker developed program that repeatedly broke through Facebook defenses, according to court testimony
BANK INFO SECURITY
FFIEC Authentication And The Link To Debit
Experts discuss ways to leverage synergies between online and debt fraud prevention
ARMORIZE
K985ytv Mass Compromise Ongoing, Spreads Fake Antivirus
Drive-by download served by modified version of BlackHole exploit
BUSINESS INSIDER
Whistleblower Claims Massive Pattern Of Document Destruction At The SEC
Attorney claims agency destroyed thousands of documents related to investigations of banks and hedge funds
BETA NEWS
Anti-Malware Vendors Unite To Fight Cybercriminals
AV companies such as F-Secure, Symantec, McAfee, Trend Micro, and help one other out regularly, sharing virus samples and information
SOFTPEDIA
Firefox 6 Addresses Critical Vulnerabilities
Mozilla has released Firefox 6, addressing a number of critical vulnerabilities that can be exploited to compromise systems
COMPUTING
Harnig Botnet Returns
FireEye has seen the Harnig botnet using 26 different command-and-control servers and different variants
NAKED SECURITY BLOG
Stealing ATM PINs With Thermal Cameras
Researchers testing thermal cameras as ATM-sniffing tools has an around 80 percent success rate at detecting all digits from a frame 10 seconds after the users entered their PIN
TELECOM ENGINE
California Adopts Security Standards For Smart Meters
The California Public Utilities Commission has approved rules to protect the privacy and security of customer usage data generated by smart meters as part of its efforts to build a smart grid
CONSUMER AFFAIRS
FBI Warns Online Car Shoppers Of New Swarm Of Scams
The FBI says there has been a rise in online, fraudulent vehicle sales, and false claims of vehicle protection programs
THE REGISTER
IT Admin Cops To Crippling Ex-Employer's Network
A former IT professional has pleaded guilty for charges that he allegedly accessed the network of his former pharmaceutical company using an old account and deleted the contents of VMware hosts used for email, employee Blackberrys, order tracking, and other applications
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
- Three Principles to Improve Data Security and Compliance
- Aligning IT with strategic business goals: A proactive approach to managing IT risk to your business
- Connecting the Dots: Are You Seeing the Complete Big Data Picture?
- How crowdsourced testing has changed the game for innovative software companies
- Ensuring Your Apps Work in the Real World
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
- Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-3562
Multiple integer signedness errors in the tvb_unmasked function in epan/dissectors/packet-websocket.c in the Websocket dissector in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (application crash) via a malformed packet.
CVE-2013-3561
Multiple integer overflows in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (loop or application crash) via a malformed packet, related to a crash of the Websocket dissector, an infinite loop in the MySQL dissector, and a large loop in the ETCH dissector.
CVE-2013-3560
The dissect_dsmcc_un_download function in epan/dissectors/packet-mpeg-dsmcc.c in the MPEG DSM-CC dissector in Wireshark 1.8.x before 1.8.7 uses an incorrect format string, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
CVE-2013-3559
epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.8.x before 1.8.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (integer overflow, and heap memory corruption or NULL pointer dereference, and application crash) via a malformed packet.
CVE-2013-3558
The dissect_ccp_bsdcomp_opt function in epan/dissectors/packet-ppp.c in the PPP CCP dissector in Wireshark 1.8.x before 1.8.7 does not terminate a bit-field list, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.