Best Of Web
Best Of The Web
SC MAGAZINE
Adobe Releases Patches For Critical Vulnerabilities In Flash, Shockwave And Photoshop
Adobe rolled out critical security updates for Shockwave Player, Flash Media Server, Flash Player, and Photoshop CS5
ELEVEN EMAIL
Eleven Email Security Reports -- August 2011
For the first time, U.S. drops out of global top 10 spammers list
HELP NET SECURITY
4300+ Compromised WordPress Blogs Poison Google Image Search Results
Images lure users to compromised sites and provide a gateway to malicious code
ASSOCIATED PRESS
Expert: Rural U.S. Websites Easy Targets For Hackers
Anonymous attacks on 70 law enforcement agencies shows that no site is too small to be a target
MICROSOFT
Microsoft Releases 13 Updates On Big Patch Tuesday
Two updates considered critical, software giant says
ZDNET
56 Percent Of Enterprise Users Using Vulnerable Adobe Reader Plug-ins
Majority of users have outdated version installed, ZScaler says
COMPUTERWORLD
Syrian Hackers Retaliate, Deface Anonymous' Social Network
Attack counters Anonymous' earlier sabotage of nation�s Ministry of Defense site
COMPUTER WEEKLY
U.S. Standards Body Issues Warning To Energy Suppliers Over Cyber Attacks
NERC joins with security researchers to highlight newly found vulnerabilities in critical infrastructure systems
WEBROOT THREAT BLOG
TDL3 And ZeroAccess: More Of The Same?
ZeroAccess rootkit behaves much like TDL3 rootkit, security researchers say
SC MAGAZINE
Hershey Hacked By Attacker Who Changes Recipe Rather Than Steal Data
Hershey's website was hacked and the attackers changed a baking recipe, but also had access to passwords, email addresses, mailing addresses, and birthdays of any consumers that registered on the site
REUTERS
Oracle, Other Companies 'Punk'd' In Hacking Contest
In the annual DefCon social engineering contest, where callers try to get as much potentially useful information out of companies as they can, Oracle Corp. gave up the most information
APP RIVER
AppRiver Releases Threat And Spamscape Report
A new malware kit designed specifically to steal credentials for phishing sites from other cybercriminals debuted last month
THE REGISTER
Gordon Ramsay Sues Father-In-Law Over Alleged Spyware Plot
Celebrity chef Gordon Ramsay is suing members of his wife's family, alleging they used spyware to hack his business and personal email accounts
IANS RESEARCH
Marcus Ranum: Dangerous Cyberwar Rhetoric
We need to pay close attention to evidence bolstering attribution in cyberspace -- more than just IP addresses
SYMANTEC BLOG
The Truth Behind The Shady RAT
Symantec researcher says the attack described in Operation Shady RAT was not a truly advanced persistent threat due to the errors made in configuring the servers and the relatively non-sophisticated malware and techniques used
PC WORLD
Hackers Use Frequent Flyer Miles As Currency
Cybercriminals are stealing frequent flyer miles and using them as currency in the black market, according to a report by Kaspersky Lab
INTERNATIONAL BUSINESS TIMES
AntiSec Hackers Breach 10GB U.S. Law Enforcement Data In Retaliation For Arrests
Anonymous leaked more than 10 GB of information from 70-plus law enforcement agencies in the U.S. on Friday in order to "embarrass, discredit and incriminate police officers across the U.S."
NEW SCIENTIST
U.S. Internet Providers Hijacking Users' Search Queries
A class action suit has been filed against Paxfire and some ISPs, alleging that they are hijacking search results and redirecting them
MICROSOFT TECHNET BLOG
Cybersecurity Report: 84% Believe Risk is Higher Than One Year Ago
East-West Institute Summit report also finds that 61 percent doubt their country could repel a sophisticated cyberattack, and 54 percent doubt their organization could
COMPUTERWORLD
Microsoft Slates 22 Patches For Windows, IE Next Week
Microsoft will issue 13 security updates next week to patch 22 vulnerabilities in Internet Explorer, Windows, Visio, and Visual Studio
ZDNET
China State Media Disputes Recent Hacking Claims As 'Irresponsible'
One of China's top state newspapers, The People's Daily, said it was "irresponsible" to suggest China had carried out hacks against worldwide, high-profile targets in Operation Shady RAT
NETWORK WORLD
Former Cisco Engineer Indicted On Hacking Charges
Alfred-Adekeye has been indicted by a federal grand jury on computer hacking charges
THREAT POST
How Facebook And Facial Recognition Are Creating A Minority Report-Style Privacy Meltdown
Carnegie Mellon University professor and research team demonstrated how facial recognition software can be combined with social network data to match individuals out in public with online personas, such as Facebook and dating websites, as well as gather other sensitive data
SHADYRATCHECKER
Online Tool Checks IP Address For 'Operation Shady RAT' Victims
Free tool created by Seculert helps organizations check if they have been compromised by Operation Shady RAT
FORBES
Defcon Lockpickers Open Card-And-Code Government Locks In Seconds
Researchers demonstrate a series of simple hardware hacks that show flaws in Kaba's E-plex 5800 and its older 5000
FORBES
DoD Cyber Strategy Remains Ambiguous On Threats And Responses
Strategy doesn't do enough to identify who's threatening the U.S., and what they are targeting
MSNBC
Identity Thief Gang Busted For Stealing More Than $1 Million
Money was taken from more than 80 clients of J.P. Morgan Chase Bank, authorities say
THE HACKER NEWS
Backbox Linux Distribution-Based Site Hacked
Hack may affect users who do penetration testing
ZDNET
AT&T Targets Hotspot Jailbreakers, Threatens To Revoke Unlimited Data Plans
Stop illicit tethering or face the consequences, telecommunications giant says
THE WEST
After Cyberattack, Canada Unveils Network Changes
Canadian government unveils plans to consolidate email programs and network services
CNN
North Korean Hackers Targeted South Korean Gaming Sites
Arrest of five men exposes elaborate operation
IT PRO PORTAL
Apple Servers More Vulnerable To Hack Attacks, Reveals Report
Once a hacker breaks into the Apple network, it becomes very easy to roam around, Black Hat researcher says
CNET
Researchers Find Avenues For Fraud In Square
Square payment system, which turns mobile devices into credit card processors, could be abused, Black Hat researchers say
GOVERNMENT COMPUTER NEWS
NIST Testing Secure Ways To Use iPhones, iPads In The Enterprise
Small business gets contract to test out safe methods to support mobile devices
NEW YORK TIMES
Men Robbed ATM Using Dunkin' Donuts Cards, Officials Say
Romanians accused of hacking ATMs with gift cards that worked like bank cards
THE AGE
Hackers Target Anders Behring Breivik's Twitter Account
Anonymous may have hijacked the account of the man behind the shootings in Norway last month
WIRED
Alleged Miley Cyrus Hacker Pleads Guilty To Spamming From Hacked Celebrity Accounts
Man pleads guilty to credit card fraud as well, explains how he did it
THE HACKER NEWS
Anonymous And LulzSec Stand For Jake Davis With #FreeTopiary Operation
Hacker groups offer support for accused LulzSec leader arrested last week
IT PRO PORTAL
Former NSA And CIA Director Suggests Employing Mercenaries For Cyberwarfare
Hayden offers analogy to "Digital Blackwater," a private group formed in 1997
OFFICE OF INADEQUATE SECURITY
Widespread Malware Attack Affects Some Ascensus Clients
Company reports potential data breach that could affect customers' personal information
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
- Three Principles to Improve Data Security and Compliance
- Aligning IT with strategic business goals: A proactive approach to managing IT risk to your business
- Connecting the Dots: Are You Seeing the Complete Big Data Picture?
- How crowdsourced testing has changed the game for innovative software companies
- Ensuring Your Apps Work in the Real World
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
- Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-3562
Multiple integer signedness errors in the tvb_unmasked function in epan/dissectors/packet-websocket.c in the Websocket dissector in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (application crash) via a malformed packet.
CVE-2013-3561
Multiple integer overflows in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (loop or application crash) via a malformed packet, related to a crash of the Websocket dissector, an infinite loop in the MySQL dissector, and a large loop in the ETCH dissector.
CVE-2013-3560
The dissect_dsmcc_un_download function in epan/dissectors/packet-mpeg-dsmcc.c in the MPEG DSM-CC dissector in Wireshark 1.8.x before 1.8.7 uses an incorrect format string, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
CVE-2013-3559
epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.8.x before 1.8.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (integer overflow, and heap memory corruption or NULL pointer dereference, and application crash) via a malformed packet.
CVE-2013-3558
The dissect_ccp_bsdcomp_opt function in epan/dissectors/packet-ppp.c in the PPP CCP dissector in Wireshark 1.8.x before 1.8.7 does not terminate a bit-field list, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.