Best Of Web
Best Of The Web
FED CYBER.COM
Dire Need For Skilled Cyber Pros
The federal government needs approximately 20,000 more cybersecurity professionals--there are some 117,000 employed by the feds as either civilian, military, or contractors
THENEXTWEB
Hacker Pleads Guilty To Hacking AT&T iPad Subscriber Database
Daniel Spitier, 26, pled guilty to one count of conspiracy and one of identity theft
THE REGISTER
Feds Declare Victory Over Notorious Coreflood Botnet
Federal authorities say they have crippled Coreflood bots now, with 95 percent of the infected machines no longer phoning home to the C&C servers
BANK INFOSECURITY
Michaels Breach: 4 Suspects Sought
Law enforcement officials in Oregon are searching for suspects believed to be involved in the card-skimming scheme that compromised debit accounts in Michaels stores in 20 states
NAKED SECURITY BLOG
LulzSec Hacks Arizona Police Over Immigration Issues
The Arizona police became a victim of the AntiSec campaign, as LulzSec exposed user names and personal information of law enforcement officers, as well as sensitive documents
EMPLOYMENT SCREENING RESOURCES NEWS
Social Security Administration Changing Way Social Security Numbers Are Issued With Randomization Effective June 25
As of Saturday, the SSA will issue Social Security numbers by "randomization" in order to help protect the integrity of the SSN, and extend the available pool of nine-digit SSNs in each state
ARS TECHNICA
Google Releases Chrome Extension To Detect Risky Javascript Behavior
New Chome tool called DOM Snitch shows security holes on websites
THE GUARDIAN
Inside LulzSec: Chatroom Logs Shine A Light On The Secretive Hackers
LulzSec is not a large organization, but appears to be led by a hacker known as "Sabu," believed to be a 30-year-old security consultant
NAKED SECURITY BLOG
Apple Fixes Critical Security Issues With Mac OS X Update
Apple released Mac OS X 10.6.8 yesterday, which also fixes multiple security vulnerabilities
WALL STREET JOURNAL
Executive Learns From Hack
Hyundai Capital Services executive offers some lessons from major breach
THE REGISTER
Travelodge Hacked, Investigating
Hotel chain's customers aggrieved
GUARDIAN
Hackers Attack News International Servers
Attack on publisher apparently in retaliation for Sun coverage of LulzSec hacking coverage
COMPUTERWORLD
LulzSec Members To Be Outed By Hacking Group
Netherlands group promises to publish photos, phone numbers, and addresses in retaliation for similar exposures by LulzSec
ZDNET
Ex-DHS Chief Says Hackers Pose "Unique" Problems
When fighting groups such as Anonymous and LulzSec, the big challenge is attribution, Chertoff says
KREBS ON SECURITY
Financial Mogul Linked To DDoS Attacks
Co-founder of ChronoPay allegedly paid hackers to launch attack against top competitor
COMMTOUCH
Fake IRS Emails Lead To Malware On Over 2,500 Domains
"IRS EFTPS payment rejected" messages stir many users to click on infected links
VOICE OF RUSSIA
Hackers Shut Down Brazilian Government Websites
Attack could be the work of LulzSec, observers say
COMPUTERWORLD
Mozilla Retires Firefox 4 From Security Support
Mostly unnoticed in yesterday's Firefox 5 release was Mozilla's decision to retire Firefox 4, which was shipped just three months ago
THREAT POST
Microsoft Research: Cybercrime Surveys Are Useless
Microsoft Research study concludes that many cybercrime surveys are so full of statistical errors that they are mostly meaningless
SEARCHSECURITY
Computer Forensics Growing Part Of Fed Cybersecurity Strategy
NIST is testing commercial computer forensic tools to ensure the software used in the investigation of computer-related crimes produces accurate and valid results
NETWORK WORLD
Northrop Grumman Constantly Under Attack By Cyber-Gangs
Nearly a dozen different hacker groups have attempting for years to break into Northrop Grumman to steal sensitive information, the company's chief information security officer (CISO) said at a Gartner security conference
ZDNET BLOG
LulzSec: "Snitches Get Stitches"
LulzSec has posted online the identities of two people it said had ratted out and helped send a teenage hacker to jail--they included names, phone numbers, physical addresses, IM addresses, and IP addresses
THE TELEGRAPH
Teenager Ryan Cleary Charged With Hacking Into UK Law Enforcement Agency
Ryan Cleary has been charged with hacking into the website of one of Britain's biggest law enforcement agencies SOCA, and LulzSec still denies he's one of them
WORDPRESS
Passwords Reset
WordPress has forced reset for all passwords on WordPress.org after noticing suspicious activity with several popular plugins--AddThis, WPtouch, and W3 Total Cache that included disguised backdoors
WIRED
The Many Hats Of Sean Parker
The managing partner of Founders Fund, who helped launch Napster, Facebook, and Spotify, began as a grey hat hacker
READWRITEWEB
Mozilla Release Firefox 5 With "Do Not Track" Support Across Platforms, Including Android
New version of Firefox browser contains Do Not Track feature is available across multiple platforms: Windows, Mac, Linux, and now Android
THREAT POST
Android NFC Bug Could Be First Of Many
Google is creating a patch for a newly discovered vulnerability affecting Nexus S Android phones that could cause applications to crash using incorrectly formatted Near Field Communications transactions
NETWORK WORLD
NSA Wants Bulletproof Smartphone, Tablet Security
The National Security Agency wants to provide military personnel with commercial smartphones and tablets based on a NSA security design
ENTREPRENEUR
How To Fend Off A Cyber Attack
If you suspect your business website has fallen victim to a mass SQL or Mass Meshing Injection attack, then contact everyone on your Web and IT teams, including your Web-hosting provider
THE STREET
What Is Next on Hackers' Hit Lists
High-profile government website or system, or else one of the larger U.S. companies' sites such as Google, could be next on the target list, experts say
NAKED SECURITY BLOG
Dropbox Lets Anyone Log In As Anyone -- So Check Your Files Now!
Dropbox published a code update that inadvertently removed authentication, allowing users to log in to other people's accounts without knowing their passwords
THE REGISTER
Quantum Crypto Felled By 'Perfect Eavesdropper' Exploit
Researchers have created a method of eavesdropping on quantum cryptography-secured communications that would allow an attacker to build the secret key encrypting the secret content
TECHWORLD
U.S. Declaration Of Cyberwar Coming: FBI InfraGard President
FBI InfraGard Denver chapter president Rick Dakin says that compared with conventional warfare, the relatively low cost to conduct cyberwar allows many countries to use it
INFOSECURITY
Potentially Major Android Wifi Security Loophole Revealed
A security researchers says he has found a potentially major security loophole in the way Google Android stores WiFi passwords
REUTERS
Bank Of America Says Wikileaks Threat Details Still Unknown
Bank of America�s CIO said the bank doesn�t know what documents WikiLeaks has, and that it has �done the diligence� necessary to secure its systems
FOX BUSINESS
Is Your Company At Risk Of A DDoS Attack?
One best practice is to secure cyber-insurance, a new form of insurance that is catching on quickly among large businesses
BANK INFOSECURITY
ATM Skimming: How To Fight Back
The director of financial services for ADT Security Services says decals, inspections, and education are key to protecting ATM machines from fraud
REUTERS
Hackers Might Face Stiffer Sentences In U.S.
Last month the Obama administration asked Congress to pass stronger cybersecurity measures, including a doubling of the maximum sentence for potentially endangering national security to 20 years in prison
FORBES BLOG
In Sony's 20th Breach In Two Months, Hackers Claim 177,000 Sony Emails Compromised
A Lebanese hacker gained access to 177,000 emails through a SQL injection vulnerability on Sony Pictures? French website
THREAT POST
SecurID Attack Was the Work of 'Very Experienced' Attackers
An RSA official last week said the attack against its SecurID two-factor authentication system targeted four employees, and was the work of a highly skilled and experienced group of attackers
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- Endpoint Security: End user security requires layers of tools and training as employees use more devices and apps.
- Security Isn't A Piece Of Cake: It's time we rethink the conventional wisdom about security layering.
- BYOD Is Here To Stay: Trying to keep employees' devices off the network is futile.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-1612
Buffer overflow in secars.dll in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1.x before 12.1.3, and Symantec Endpoint Protection Center (SPC) Small Business Edition 12.0.x, allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2013-2866
The Flash plug-in in Google Chrome before 27.0.1453.116 does not properly determine whether a user wishes to permit camera or microphone access by a Flash application, which allows remote attackers to obtain sensitive information from a machine's physical environment via a clickjacking attack, as demonstrated by an attack using a crafted Cascading Style Sheets (CSS) opacity property.
CVE-2013-2969
Cross-site scripting (XSS) vulnerability in IBM Sterling Control Center (SCC) 5.2 before 5.2.0.9, 5.3 before 5.3.0.4, and 5.4 through 5.4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving invalid characters.
CVE-2013-2968
An unspecified buffer-read method in IBM Sterling Control Center (SCC) 5.2 before 5.2.0.9, 5.3 before 5.3.0.4, and 5.4 through 5.4.0.1 allows remote authenticated users to cause a denial of service via a large file that lacks end-of-line characters.
CVE-2013-4622 (droid_incredible)
The 3G Mobile Hotspot feature on the HTC Droid Incredible has a default WPA2 PSK passphrase of 1234567890, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area.