Best Of Web
Best Of The Web
SOPHOS
Police Probe Into Claims Of Computer Hacking By Murdoch's News International
Investigation indicates that journalists may have done computer hacking as well as phone hacking
EWEEK
Sony Breaches A Reminder For Enterprises To Check Liability Insurance
Not all policies are created equal, experts note
BETA NEWS
This Is Leadership? US Cybersecurity Is A Revolving Door Of Exiting Officials
Obama administration has difficulty holding onto its cybersecurity leaders, blogger says
APP RIVER
Malware Posing As An Upgrade From RSA
Attackers seek to take advantage of concern over breach of RSA authentication technology
THE HACKER NEWS
Another Government Contractor -- PCS Consultants -- Got Hacked By #AntiSec
Hackers leak database, emails of 110 people
TORRENT FREAK
World's First Pirate ISP Launches In Sweden
New broadband service will offer anonymity to users
FORBES
Meet Comex, The 19-Year-Old Uber-Hacker Who Keeps Outsmarting Apple
Researcher is making a habit of finding cracks in iPhone source code
CREDIT UNION INFO SECURITY
Restaurant Breach Raises Concerns
Industry Experts Call For Stronger Authentication, Encryption
THE REGISTER
'Topiary' Suspect Bailed
Jake Davis, 18, is suspected of being a leader of the LulzSec hacker group
ARMORIZE
Willysy.com Mass Injection Ongoing, Over 1M Infected Pages, Targets osCommerce
Attack modifies �Store Name� variable, could leave back doors for attackers
GUARDIAN
LulzSec Leader Denies Link To Extremist Groups
Well-known hacker says hacktivism is �the perfect recruitment tool for terrorist organizations�
ZDNET
U.S. House Panel Approves ISP Data Retention Bill
ISPs would be forced to keep logs of users� online behavior for one year in case police want to review them
HUFFINGTON POST
Cyber Defense Agency Faces Challenges From Within
U.S. CERT faces employee turnover as threats, problems mount
GOVERNMENT INFO SECURITY
GAO: Hard To Define DoD Cybersecurity Spending
Tasked with auditing Defense budget for cyber spending, Government Accountability Office has a tough time
GIZMODO
Anyone Can Access Microsoft�s Massive Location Database And See Where Your Laptop And SmartPhone Have Been
Microsoft is logging location data, but is lax in protecting it, report says
VERIPHYR
Social Security Employee Steals Personal Information For Identity Theft
Employee allegedly made unauthorized access of information, then passed it on in ID theft scheme
PC WORLD
A Hacker Speaks: How Malware Might Blow Up Your Laptop
Veteran researcher Charlie Miller could light a fire at next week�s Black Hat conference
BBC
Millions Hit In South Korean Hack
China blamed for hack that compromised accounts of 35 million people on popular social network
ABC NEWS
British Phone Hacking Inquiry Opens
First public hearings will be held in September
MERRITT GROUP
InfoSex Sells: The Disconnect Between News Priorities And Cybersecurity Defense Priorities
A look at how the media serves � and sometimes fails to serve � the security audience
SOPHOS
Stolen USB Stick Contained Police Investigation Details
Questions arise after theft of memory stick from officer�s home
INFOSEC ISLAND
Allegations Of Man-In-The-Middle Hack Of 2004 Ohio Presidential Voting
Sudden shift in vote count may have been due to deliberate manipulation, allegations say
CNET
Automated Stock Trading Poses Fraud Risk, Researcher Says
Push for more speed may have compromised security in markets, researcher will tell Black Hat audience
GOOGLE
Two-Step Verification: Stay Safe Around The World In 40 Languages
Search engine company expands its authentication offering across the globe
DASIENT
Hashing IMEI Numbers Does Not Protect Privacy
Mobile phone identification numbers can be easily accessed, even when hashed, researcher says
DATABREACHES.NET
Estee Lauder Employees Notified That Their Data Were On Stolen Laptop
Estee Lauder reported that the company "recently learned" about the theft of a company-issued laptop that contained names and Social Security numbers of current and former employees and contractors
IT WORLD
Can The NSA And CIA Use Your Phone To Track Your Location?
National Security Agency's general counsel told Congress there are "certain circumstances where that authority may exist" for the spy agency to intercept location data from U.S. citizens' cell phones
NAKED SECURITY BLOG
Unpatched iPhones/iPads Secure Connections Not So Secure
Turns out Apple's updates for iWork and iOS were more serious than thought -- and a new update to sslsniff detects vulnerable Apple devices for man-in-the-middle attacks
THE WASHINGTON POST BLOG
Cyber Attack On RSA Cost EMC $66 Million
EMC disclosed in its earnings call this week that it spent $66 million in its second quarter on the breach at its subsidiary RSA Security -- on system-hardening and working with customers on remediation programs
CSO ONLINE BLOG
New Akamai Security Team In Place: McKeay Joins Corman, Smith, Ellis
Security blogger, podcaster and QSA Martin McKeay and former 451 Group analyst Josh Corman are joining Akamai in a new team called Security Intelligence
NETWORK WORLD
Black Hat Pwnie Award Winner Will Be A Criminal
The Pwnie Award for Epic Ownage at Black Hat will go to one of the nominees who face possible criminal charges -- Anonymous, LulzSec, Bradley Mannning, WikiLeaks, and the creators of Stuxnet
THREAT POST
How I Taught The Senate To Hack
Chris Wysopal of Veracode and former member of L0pht, recently taught Senate staffers on the Homeland Security and Governmental Affairs Committee about SQL injection, spear phishing, and other attacks
KTNV NEWS
UNLV Confirms Possible Security Breach
The University of Nevada-Las Vegas has reported a possible information security breach that took place in 2008 and exposed personal information including SSNs of 2,000 current and former UNLV employees
SECURITY NEWS DAILY
Why We Won't Soon See Another Stuxnet Attack
Sophisticated, multilayered attack will be hard to reproduce, experts say
GOVERNMENT COMPUTER NEWS
Team Cracks Chips Used In Military, Aerospace
German team of researchers breaks encryption codes used on programmable chips
SOPHOS
Obama Outlines Strategy To Combat Transnational Cybercrime
President urges greater international cooperation to defeat online crimes
THE REGISTER
Suspects In PayPal Web Attack Not So Anonymous After All
Several arrested following DDoS attack say they didn't know they were committing a felony
THREAT POST
New Mac Backdoor Olyx Found Bundled With Windows
Exploit is another example of Mac OS and Windows malware in a single package
SYMANTEC
Symantec Announces July 2011 Symantec Intelligence Report
Email-borne malware has doubled in the past six months, study says
BBC NEWS
Hackers Hit Italian Cyber-Police
Attackers begin releasing gigabytes of stolen documents
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- Endpoint Security: End user security requires layers of tools and training as employees use more devices and apps.
- Security Isn't A Piece Of Cake: It's time we rethink the conventional wisdom about security layering.
- BYOD Is Here To Stay: Trying to keep employees' devices off the network is futile.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-1612
Buffer overflow in secars.dll in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1.x before 12.1.3, and Symantec Endpoint Protection Center (SPC) Small Business Edition 12.0.x, allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2013-2866
The Flash plug-in in Google Chrome before 27.0.1453.116 does not properly determine whether a user wishes to permit camera or microphone access by a Flash application, which allows remote attackers to obtain sensitive information from a machine's physical environment via a clickjacking attack, as demonstrated by an attack using a crafted Cascading Style Sheets (CSS) opacity property.
CVE-2013-2969
Cross-site scripting (XSS) vulnerability in IBM Sterling Control Center (SCC) 5.2 before 5.2.0.9, 5.3 before 5.3.0.4, and 5.4 through 5.4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving invalid characters.
CVE-2013-2968
An unspecified buffer-read method in IBM Sterling Control Center (SCC) 5.2 before 5.2.0.9, 5.3 before 5.3.0.4, and 5.4 through 5.4.0.1 allows remote authenticated users to cause a denial of service via a large file that lacks end-of-line characters.
CVE-2013-4622 (droid_incredible)
The 3G Mobile Hotspot feature on the HTC Droid Incredible has a default WPA2 PSK passphrase of 1234567890, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area.