Best Of Web
Best Of The Web
ISS SOURCE
DHS Offers Cyber Threat Tool
Department of Homeland Security's National Cyber Security Division (NCSD) is offering a tool that allows organizations to test the security posture of their networks and systems
SALON.COM
What If Anonymous Targeted You?
Large-scale data dumps put personal data -- and privacy -- at risk
TECH HERALD
Vanguard Defense Industries Compromised By AntiSec
Hacker group poised to release thousands of emails, documents from defense contractor
CNET
SF Subway Closes Stations During Anonymous Protest
Hacker group achieves its first physical denial-of-service attack
COMMTOUCH
A Wild Malware Rollercoaster -- Over 500 Percent Increase
Scams involving U.S. Postal Service, UPS, lead the way
EWEEK
The World's Top 10 Groundbreaking Hackers
A who's who of hacking history
GUARDIAN
Phone Hacking: News Of The World Reporter's Letter Reveals Cover-Up
Letter says phone hacking was 'widely discussed' at NoW meetings
TELECOMS.COM
Samsung Hires Android Hacker 'Cyanogen'
Notorious hacker goes to work for maker of Android-compatible devices
THREAT POST
Five Questions About Aaron Barr's DEFCON
Former HBGary Federal chief speaks out about Anonymous, and how he got in to see the DEFCON panel about himself
THE TELEGRAPH
Fraudster Used Facebook To Hack Bank Accounts
A hacker stole money from his neighbors' online bank accounts after working out the answers to their security questions from information they posted on Facebook and Friends Reunited
MOBILEDIA
Congress Wants Answers On World's Largest Security Breach
Representative Mary Bono-Mack (R., Calif.) sent a letter to Internet security firm McAfee's Dmitri Alperovitch asking him to brief her on how Congress could best respond to the five-year long 'Operation Shady RAT'
NETWORK WORLD
PCI Group Outlines Technology To Conceal Sensitive Account Information
Best practices for tokenization include strong authentication and access controls and all components within the tokenization system must be located in a PCI DSS compliant environment
GOVERNMENT COMPUTER NEWS
Can The Nation Get Smart About Cybersecurity?
The National Institute of Standards and Technology has released a draft plan for improving cybersecurity awareness, developing educational resources and creating career paths for IT pros
HP BLOG
Security In The Board Room -- Is Anonymous Our Pink Elephant?
IT security pros could use the recent high-profile attacks by Anonymous as a way to articulate their points to high-level executives
NAKED SECURITY BLOG
Anonymous Hacks BART, Creating Even More Innocent Victims
Hactivist collective waged SQL injection attack against BART website and grabbed more 2,000 records containing names, usernames, passwords (plain text), emails, phone numbers, addresses, and ZIP codes
THE HACKER NEWS
AOL Postmaster Website Hacked By HODLUM
The postmaster.aol.com website was hacked this weekend by an attacker who goes by the handled "HodLuM" -- his message: "AOL S3RV3RZ ROOT3D BY HODLUM LOLZ!"
BOSTON.COM
Hacker's Memoir Fascinates, Frustrates
Kevin Mitnick's "Ghost in the Wires" is fascinating and filled with insights, but has little to say about how security practices have changed
EWEEK
Security Breach Hits Wisconsin University Server Storing Student, Faculty SSNs
The University of Wisconsin-Milwaukee says malware discovered on a database server that stored the names and Social Security numbers of 75,000 students and faculty members.
BANK INFOSECURITY
Pay-At-The-Pump Skimming: 'Epidemic'
The National Association of Convenience Stores has issued a statement about skimming trends in Tampa, Fla., saying the theft of debit and credit card numbers at pay-at-the-pump gas terminals has become nearly epidemic
LINKEDIN BLOG
Privacy, Advertising, And Putting Members First
LinkedIn has quickly pulled its controversial �social ads� feature that included users pictures and names with ads as well as added a way for users to opt out of social ads altogether
ROBERT SICILIANO BLOG
Researchers Say Identity Theft Has Lasting Psychological Effects
Most identity theft victims say they thought they had taken appropriate precautions and had no idea how their data fell into the wrong hands, and they often still feel vvery vulnerable
PHYSORG
After Cyber Attack, Canada Unveils Network Changes
The Canadian government will consolidate email programs and network services to boost cybersecurity in the wake of its recent hacks
NAKED SECURITY BLOG
Hong Kong Stock Exchange Attacked For Second Day In A Row
The Hong Kong stock exchange come under a distributed denial of service attack (DDoS) for the second day in a row on Thursday
BLACKBERRY KNOWLEDGE BASE
Vulnerabilities In Blackberry Enterprise Server Components That Process Images Could Allow Remote Code Execution
BlackBerry is warning of a high severity series of vulnerabilities in the BlackBerry Enterprise Server that process PNG and TIFF images for rendering on the BlackBerry smartphone
FORBES
Codebreaker Karsten Nohl: Why Your Phone Is Insecure By Design
Karsten Nohl and fellow researcher Luca Melette cracked another data protocol on GSM phones: GPRS, or General Packet Radio Service, used for everything from sending texts and emails to browsing the Internet
SECTECHNO
Pirated Copies Of Windows XP Top Rootkit Target
Most rootkit infections take place via MBR, Avast study says
FINEXTRA
Two Thirds Of Banks Believe Cybercrime Is Uncontrollable
Fraud monitoring and detection tools will play key role, study says
THREAT POST
One Third Of Drug-Related Searches Lead To Illicit Pharmacy Sites
Widespread manipulation of search results puts consumers at risk, university researchers say
ZDNET
Lush Hack Let Slip 5,000 People's Bank Details
Four-month hack led to 95 reports of fraud, authorities say
IT WORLD
Are Your Searches Going Where You Think They Are?
Efforts to manipulate search engines are increasing, experts say
THE REGISTER
Why Do Defenders Keep Losing To Smaller Cyberwarriors?
Security expert attempts to debunk conventional wisdom about cyberwar
BANK INFO SECURITY
Citigroup Slapped With $500,000 Fine
Financial institution should have detected internal fraud scheme that went on for eight years, Financial Industry Regulatory Authority says
APP RIVER
Zeus Works The Tax Angle
Emails bearing malware appear to originate from the IRS or Federal Reserve
MASHABLE
Hacker Group Anonymous Aims To Destroy Facebook On Nov. 5
An Anonymous video vows to "kill Facebook" on November 5 in protest of its privacy policies, but a tweet from one of Anon's accounts says not everyone in the hacktivist collective agrees with the attack
TECH CRUNCH
Android Malware Eavesdrops, Records Your Conversations
New Android malware records all of your conversations to your SD card when activated
TACTICAL WEB APP SEC BLOG
What Web Application Security Monitoring Can Learn From Casino Surveillance
Web app security and monitoring has similar issues with casino surveillance: It�s not so much about who you are, but what you are doing
WALNUT PATCH
Cal Poly Notifying Faculty Of Security Breach
A California Polytechnical Institute employee inadvertently put names and Social Security numbers of 38 current and faculty members on a shared network accessible by students, staff, and other faculty
CNET
New IE9 Update Fixes Several Security Flaws
Among the Microsoft patches issued yesterday is a critical one that resolves issues in IE9 and in 6, 7, and 8 as well, plus four other IE flaws
PC WORLD
Booz Allen CEO Downplays Effect Of Anonymous Hack
Anonymous stole source code, e-mail addresses, and other data from Booz Allen and dumped it online last month, but Booz Allen CEO says the costs of remediation won�t 'have a material affect' on its financials
HUFFINGTON POST
Anonymous Clashes With Its Adversaries At Hacker Conference
Panelists were trying to discuss how they infiltrated and gathered intelligence on Anon members
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- Endpoint Security: End user security requires layers of tools and training as employees use more devices and apps.
- Security Isn't A Piece Of Cake: It's time we rethink the conventional wisdom about security layering.
- BYOD Is Here To Stay: Trying to keep employees' devices off the network is futile.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-3927
Unspecified vulnerability in the client library in Siemens COMOS 9.2 before 9.2.0.6.10 and 10.0 before 10.0.3.0.4 allows local users to obtain unintended write access to the database by leveraging read access.
CVE-2013-3647
The WebView class in the Cybozu Live application before 2.0.1 for Android allows attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL. NOTE: this vulnerability exists because of a CVE-2012-4009 regression.
CVE-2013-3646
The Cybozu Live application before 2.0.1 for Android allows remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site. NOTE: this vulnerability exists because of a CVE-2012-4008 regression.
CVE-2013-3644
Unspecified vulnerability in JustSystems Ichitaro 2006 through 2013; Ichitaro Pro through 2; Ichitaro Government 6, 7, and 2006 through 2010; Ichitaro Portable with oreplug; Ichitaro Viewer; and Ichitaro JUST School through 2010 allows remote attackers to execute arbitrary code via a crafted document.
CVE-2013-4616 (iphone_os)
The WifiPasswordController generateDefaultPassword method in Preferences in Apple iOS 6 and earlier relies on the UITextChecker suggestWordInLanguage method for selection of Wi-Fi hotspot WPA2 PSK passphrases, which makes it easier for remote attackers to obtain access via a brute-force attack that leverages the insufficient number of possible passphrases.