Best Of Web
Best Of The Web
SOFTPEDIA
Anonymous Tries, But Fails To Interrupt Obama's State Of The Union Address -- Video
The White House live streams of the address worked without a glitch during the president's speech despite threats by Anonymous to hack it
THE REGISTER
Get Up, Shake Off The Hangover: These 57 Microsoft Holes Won't Fix Themselves
Fat Patch Tuesday came with 12 security bulletins that fix 57 vulnerabilities, including five critical ones
SECURITY WEEK
Cross-Platform Attacks Discovered On Google Play
More multiplatform malware found that works across Android and Windows PCs
BANK INFOSECURITY
Hacktivists Threaten More DDoS Attacks
Hacktivist group Izz ad-Din al-Qassam Cyber Fighters warned in a posting yesterday that it will soon resume waging distributed-denial-of-service attacks against U.S. banks and credit unions
COMPUTERWORLD
DaVinci Surveillance Malware Distributed Via Zero-Day Flash Player Exploit, Researchers Say
Kaspersky Lab researchers say political activists from the Middle East were targeted in attacks that exploited a previously unknown Flash Player vulnerability to install a so-called lawful interception program designed for law enforcement use
ARS TECHNICA
Zero-Day Attack Exploits Latest Version Of Adobe Reader
A newly discovered bug in the latest version of Adobe Reader and earlier versions is being exploited in attacks that install malware on end-user computers, according to FireEye, and Adobe says it's investigating the report
HELP NET SECURITY
Cryptome Site, Twitter And Email Account Hacked Again
The online repository of documents concerning cryptography, freedom of speech, spying, and surveillance was hacked again as well as the email account of its founder
INFOSEC ISLAND
What 'Identity Thief' The Movie Gets Wrong
The new film brings welcome mainstream attention to a serious problem, but is misleading in areas such as jurisdiction of the thief, success in prosecution, and sophistication of the criminals involved
NPR
In Cyberwar, Software Flaws Are A Hot Commodity
Zero-day vulnerabilities are basic raw materials for cyberweapons designers
SECURITY AFFAIRS
Adobe Zero-Days Exploited For IEEE Aerospace Spear Phishing Attacks
Lockheed Martin discovers attack aimed at U.S. aerospace companies
WASHINGTON POST
Anonymous Threatens To Hack State Of The Union Address
Hacktivist group threatens to take down live streams and fill the event's hashtag with protest tweets
MICROSOFT
Microsoft Issues 12 Security Updates In Big Patch Tuesday
Release of updates corrects 57 vulnerabilities; five updates considered critical
THREAT POST
Mega Bug Bounty Makes First Payouts
At least three payments have been made as MegaUpload makes good on its offer
MICROSOFT
Installing And Configuring EMET
Software giant offers advice on deploying its Enhanced Mitigation Experience Tookit
ADOBE
Adobe Security Bulletins Posted
Updates for Adobe Flash Player, Shockwave Player are designed to fix vulnerabilities
FOX NEWS
Obama To Issue Executive Order On Cybersecurity
Long-anticipated order will direct federal agencies to share information with critical infrastructure companies
CSO
New Whitehole Exploit Toolkit Emerges On The Underground Market
Trend Micro researchers have discovered a new exploit kit that uses similar code to Blackhole
SOFTPEDIA
Iranian Regime Launches Cyberattack Against The National Council Of Resistance Of Iran
The Iranian regime has launched a distributed denial-of-service attack against the website of opposition group the Foreign Affairs Committee of the National Council of Resistance of Iran (NCRI) in the wake of an air strike by the government
ZDNET
Almost All US Networks Can Be Hacked: Intelligence Committee
U.S. House Intelligence Committee chair says hackers from China and Iran are stealing not only military documents but also civilian intellectual property, and that the U.S. government is sitting by idly
SECURITY WEEK
Adobe's Hunt For Sandbox Bypass Flaw A Frustrating Exercise
Adobe security researchers detail their experience tracking a sandbox bypass flaw that was partially disclosed
THREAT POST
New Version Of Kelihos Botnet Appears
New version of Kelihos better deters sinkholing and can remain dormant on infected machines for long periods of time
NAKED SECURITY BLOG
Ex-President Bush Doxed -- Family Photos, Personal Email, Bathtub Portraiture Leaked
A hacker who goes by 'Guccifer' says he hacked the email accounts of Bush family members and friends and leaked the contents online
THE WASHINGTON POST
U.S. Said To Be Target Of Massive Cyber-Espionage Campaign
The National Intelligence Estimate report concludes that the U.S. is the target of a massive, sustained cyberespionage campaign that is threatening the country's economic competitiveness
ARS TECHNICA
At Facebook, Zero-Day Exploits, Backdoor Code Bring War Games Drill To Life
Facebook execs staged an elaborate breach drill to test its security response that included a phony FBI e-mail, zero-day exploit, and backdoor code
SECURITY WEEK
Probe Launched Over Email Hacking Of Bush Family
A criminal investigation was launched Friday into how a hacker appeared to breach email accounts belonging to former presidents George H.W. Bush and George W. Bush, as well as other members of their family
BANK INFOSECURITY
NIST To Fund Online Credentials Pilots
The National Institute of Standards and Technology will award grants of up to $4 million to fund pilot projects for privacy-enhancing trusted online credentials that go beyond simple user IDs and passwords
COMPUTERWORLD
Microsoft Prepares Monster Security Update For Next Week
Software giant will patch a near record 57 bugs in IE, Windows, Office and Exchange Server
ARS TECHNICA
Data Siphoned In Fed Reserve Hack A 'Bonanza' For Spear Phishers
Sensitive information on thousands of banking executives were exposed via the Federal Reserve breach, providing major ammo for spear phishers
THREAT POST
Microsoft Report Examines Socio-Economic Relationships To Malware Infections
Regions such as Europe with well-defined, enforceable policies fare better than less developed nations where crime per capita is higher
REUTERS
Hackers Breached Security Firm Bit9, Then Attacked Its Customers
Bit9 said attackers breached its network, then launched a second round of attacks against some of its customers by forging its digital signature with malware
HELP NET SECURITY
Twitter Users Hit With Typo-Squatting Phishing Campaign
Phishing messages via DMs and tweets are trying to get users to click on malicious shortened URL links via "Did you see this pic of you?" lures
THREAT POST
Researcher Warns Of D-Link Router Vulnerabilities
Bugs in D-Link's DIR-300 and DIR-600 routers could allow an attacker to inject arbitrary shell commands
HELP NET SECURITY
EU Proposes To Make Data Breach Disclosure Mandatory
EU member states called upon to create independent CERTs
MICROSOFT
MICROSOFT
Eleven software updates to roll out; five are considered critical
ADOBE
Security Updates Available For Adobe Flash Player
New vulnerability is being exploited in the wild, software company says
PCI
PCI Issues New Cloud Computing Guidelines
New guidelines designed to improve security in cloud environments
HELP NET SECURITY
Learn By Doing: Phishing And Other Online Tests
A look at some do-it-yourself tests
OFFICE OF INADEQUATE SECURITY
Alabama Employee Indicted For Providing Names To A Million-Dollar Identity Theft Scheme
Employee indicted for conspiring to file false tax returns using stolen identities
HELP NET SECURITY
Cyber Risk Perceptions Revealed
Corporate executives more worried about cyberthreats than other major business risks, study finds
OFFICE OF INADEQUATE SECURITY
Insurance Company Need Not Defend Accountant Who Lost Sensitive Client Information
Homeowner's insurance is a good idea, but don't count on it to protect you if client data is stolen from your property
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- Endpoint Security: End user security requires layers of tools and training as employees use more devices and apps.
- Security Isn't A Piece Of Cake: It's time we rethink the conventional wisdom about security layering.
- BYOD Is Here To Stay: Trying to keep employees' devices off the network is futile.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-1612
Buffer overflow in secars.dll in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1.x before 12.1.3, and Symantec Endpoint Protection Center (SPC) Small Business Edition 12.0.x, allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2013-2866
The Flash plug-in in Google Chrome before 27.0.1453.116 does not properly determine whether a user wishes to permit camera or microphone access by a Flash application, which allows remote attackers to obtain sensitive information from a machine's physical environment via a clickjacking attack, as demonstrated by an attack using a crafted Cascading Style Sheets (CSS) opacity property.
CVE-2013-2969
Cross-site scripting (XSS) vulnerability in IBM Sterling Control Center (SCC) 5.2 before 5.2.0.9, 5.3 before 5.3.0.4, and 5.4 through 5.4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving invalid characters.
CVE-2013-2968
An unspecified buffer-read method in IBM Sterling Control Center (SCC) 5.2 before 5.2.0.9, 5.3 before 5.3.0.4, and 5.4 through 5.4.0.1 allows remote authenticated users to cause a denial of service via a large file that lacks end-of-line characters.
CVE-2013-4622 (droid_incredible)
The 3G Mobile Hotspot feature on the HTC Droid Incredible has a default WPA2 PSK passphrase of 1234567890, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area.



