Best Of Web
Best Of The Web
FED CYBER.COM
Dire Need For Skilled Cyber Pros
The federal government needs approximately 20,000 more cybersecurity professionals--there are some 117,000 employed by the feds as either civilian, military, or contractors
THENEXTWEB
Hacker Pleads Guilty To Hacking AT&T iPad Subscriber Database
Daniel Spitier, 26, pled guilty to one count of conspiracy and one of identity theft
THE REGISTER
Feds Declare Victory Over Notorious Coreflood Botnet
Federal authorities say they have crippled Coreflood bots now, with 95 percent of the infected machines no longer phoning home to the C&C servers
BANK INFOSECURITY
Michaels Breach: 4 Suspects Sought
Law enforcement officials in Oregon are searching for suspects believed to be involved in the card-skimming scheme that compromised debit accounts in Michaels stores in 20 states
NAKED SECURITY BLOG
LulzSec Hacks Arizona Police Over Immigration Issues
The Arizona police became a victim of the AntiSec campaign, as LulzSec exposed user names and personal information of law enforcement officers, as well as sensitive documents
EMPLOYMENT SCREENING RESOURCES NEWS
Social Security Administration Changing Way Social Security Numbers Are Issued With Randomization Effective June 25
As of Saturday, the SSA will issue Social Security numbers by "randomization" in order to help protect the integrity of the SSN, and extend the available pool of nine-digit SSNs in each state
ARS TECHNICA
Google Releases Chrome Extension To Detect Risky Javascript Behavior
New Chome tool called DOM Snitch shows security holes on websites
THE GUARDIAN
Inside LulzSec: Chatroom Logs Shine A Light On The Secretive Hackers
LulzSec is not a large organization, but appears to be led by a hacker known as "Sabu," believed to be a 30-year-old security consultant
NAKED SECURITY BLOG
Apple Fixes Critical Security Issues With Mac OS X Update
Apple released Mac OS X 10.6.8 yesterday, which also fixes multiple security vulnerabilities
WALL STREET JOURNAL
Executive Learns From Hack
Hyundai Capital Services executive offers some lessons from major breach
THE REGISTER
Travelodge Hacked, Investigating
Hotel chain's customers aggrieved
GUARDIAN
Hackers Attack News International Servers
Attack on publisher apparently in retaliation for Sun coverage of LulzSec hacking coverage
COMPUTERWORLD
LulzSec Members To Be Outed By Hacking Group
Netherlands group promises to publish photos, phone numbers, and addresses in retaliation for similar exposures by LulzSec
ZDNET
Ex-DHS Chief Says Hackers Pose "Unique" Problems
When fighting groups such as Anonymous and LulzSec, the big challenge is attribution, Chertoff says
KREBS ON SECURITY
Financial Mogul Linked To DDoS Attacks
Co-founder of ChronoPay allegedly paid hackers to launch attack against top competitor
COMMTOUCH
Fake IRS Emails Lead To Malware On Over 2,500 Domains
"IRS EFTPS payment rejected" messages stir many users to click on infected links
VOICE OF RUSSIA
Hackers Shut Down Brazilian Government Websites
Attack could be the work of LulzSec, observers say
COMPUTERWORLD
Mozilla Retires Firefox 4 From Security Support
Mostly unnoticed in yesterday's Firefox 5 release was Mozilla's decision to retire Firefox 4, which was shipped just three months ago
THREAT POST
Microsoft Research: Cybercrime Surveys Are Useless
Microsoft Research study concludes that many cybercrime surveys are so full of statistical errors that they are mostly meaningless
SEARCHSECURITY
Computer Forensics Growing Part Of Fed Cybersecurity Strategy
NIST is testing commercial computer forensic tools to ensure the software used in the investigation of computer-related crimes produces accurate and valid results
NETWORK WORLD
Northrop Grumman Constantly Under Attack By Cyber-Gangs
Nearly a dozen different hacker groups have attempting for years to break into Northrop Grumman to steal sensitive information, the company's chief information security officer (CISO) said at a Gartner security conference
ZDNET BLOG
LulzSec: "Snitches Get Stitches"
LulzSec has posted online the identities of two people it said had ratted out and helped send a teenage hacker to jail--they included names, phone numbers, physical addresses, IM addresses, and IP addresses
THE TELEGRAPH
Teenager Ryan Cleary Charged With Hacking Into UK Law Enforcement Agency
Ryan Cleary has been charged with hacking into the website of one of Britain's biggest law enforcement agencies SOCA, and LulzSec still denies he's one of them
WORDPRESS
Passwords Reset
WordPress has forced reset for all passwords on WordPress.org after noticing suspicious activity with several popular plugins--AddThis, WPtouch, and W3 Total Cache that included disguised backdoors
WIRED
The Many Hats Of Sean Parker
The managing partner of Founders Fund, who helped launch Napster, Facebook, and Spotify, began as a grey hat hacker
READWRITEWEB
Mozilla Release Firefox 5 With "Do Not Track" Support Across Platforms, Including Android
New version of Firefox browser contains Do Not Track feature is available across multiple platforms: Windows, Mac, Linux, and now Android
THREAT POST
Android NFC Bug Could Be First Of Many
Google is creating a patch for a newly discovered vulnerability affecting Nexus S Android phones that could cause applications to crash using incorrectly formatted Near Field Communications transactions
NETWORK WORLD
NSA Wants Bulletproof Smartphone, Tablet Security
The National Security Agency wants to provide military personnel with commercial smartphones and tablets based on a NSA security design
ENTREPRENEUR
How To Fend Off A Cyber Attack
If you suspect your business website has fallen victim to a mass SQL or Mass Meshing Injection attack, then contact everyone on your Web and IT teams, including your Web-hosting provider
THE STREET
What Is Next on Hackers' Hit Lists
High-profile government website or system, or else one of the larger U.S. companies' sites such as Google, could be next on the target list, experts say
NAKED SECURITY BLOG
Dropbox Lets Anyone Log In As Anyone -- So Check Your Files Now!
Dropbox published a code update that inadvertently removed authentication, allowing users to log in to other people's accounts without knowing their passwords
THE REGISTER
Quantum Crypto Felled By 'Perfect Eavesdropper' Exploit
Researchers have created a method of eavesdropping on quantum cryptography-secured communications that would allow an attacker to build the secret key encrypting the secret content
TECHWORLD
U.S. Declaration Of Cyberwar Coming: FBI InfraGard President
FBI InfraGard Denver chapter president Rick Dakin says that compared with conventional warfare, the relatively low cost to conduct cyberwar allows many countries to use it
INFOSECURITY
Potentially Major Android Wifi Security Loophole Revealed
A security researchers says he has found a potentially major security loophole in the way Google Android stores WiFi passwords
REUTERS
Bank Of America Says Wikileaks Threat Details Still Unknown
Bank of America�s CIO said the bank doesn�t know what documents WikiLeaks has, and that it has �done the diligence� necessary to secure its systems
FOX BUSINESS
Is Your Company At Risk Of A DDoS Attack?
One best practice is to secure cyber-insurance, a new form of insurance that is catching on quickly among large businesses
BANK INFOSECURITY
ATM Skimming: How To Fight Back
The director of financial services for ADT Security Services says decals, inspections, and education are key to protecting ATM machines from fraud
REUTERS
Hackers Might Face Stiffer Sentences In U.S.
Last month the Obama administration asked Congress to pass stronger cybersecurity measures, including a doubling of the maximum sentence for potentially endangering national security to 20 years in prison
FORBES BLOG
In Sony's 20th Breach In Two Months, Hackers Claim 177,000 Sony Emails Compromised
A Lebanese hacker gained access to 177,000 emails through a SQL injection vulnerability on Sony Pictures? French website
THREAT POST
SecurID Attack Was the Work of 'Very Experienced' Attackers
An RSA official last week said the attack against its SecurID two-factor authentication system targeted four employees, and was the work of a highly skilled and experienced group of attackers
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
- Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-3496 (vipnet_client, vipnet_coordinator, vipnet_personal_firewall, vipnet_safedisk)
Infotecs ViPNet Client 3.2.10 (15632) and earlier, ViPNet Coordinator 3.2.10 (15632) and earlier, ViPNet Personal Firewall 3.1 and earlier, and ViPNet SafeDisk 4.1 (0.5643) and earlier use weak permissions (Everyone: Full Control) for a folder under %PROGRAMFILES%\Infotecs, which allows local users to gain privileges via a Trojan horse (1) executable file or (2) DLL file.
CVE-2013-2849 (chrome)
Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome before 27.0.1453.93 allow user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) drag-and-drop or (2) copy-and-paste operation.
CVE-2013-2848 (chrome)
The XSS Auditor in Google Chrome before 27.0.1453.93 might allow remote attackers to obtain sensitive information via unspecified vectors.
CVE-2013-2847 (chrome)
Race condition in the workers implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via unknown vectors.
CVE-2013-2846 (chrome)
Use-after-free vulnerability in the media loader in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2013-2840.