Best Of Web
Best Of The Web
MICROSOFT
Microsoft And Symantec Take Down Barnital Botnet That Hijacks Online Searches
Microsoft Digital Crimes Unit collaborates with Symantec to bring botnet down
BANK INFO SECURITY
DDoS: Are Attacks Really Over?
Expert says attacks likely after more than publicity
HELP NET SECURITY
None Of The 100 Largest E-Commerce Sites Has Fully Implemented DNS SEC
The biggest brands in e-commerce are overlooking a critical security technology, report says
S3CURITY
Researcher Finds Critical Vulnerabilities In D-Link Routers
Multiple vulnerabilities found in multiple models, researcher says
THOMSON REUTERS ACCELUS
Special Report: Cybercrime -- How Can Firms Tackle This Fast-Emerging Invisible Menace?
Cybercrime cited as most alarming fraud trend; report offers in-depth overview
HEALTHCARE INFO SECURITY
How The Dots Connect Hacks To Chinese
Suspicion grows even with no smoking gun
HELP NET SECURITY
U.S. Federal Reserve Admits Being Breached By Anonymous
Internal website was compromised, Fed says, but file did not contain passwords
ZDNET
Five Security Risks Of Moving Data In BYOD Era
Unregulated network access, lack of data management, and disgruntled employees are top risks
F-SECURE
Threat Report -- Second Half 2012
ZeroAccess botnet, banking Trojans are among the top threats seen over the final half of 2012
HACKER NEWS
Dutch Hacker Sentenced For Selling 100,000 Credit Cards
'Fortezza' gets 12 years for role in computer hacking conspiracy
BLOOMBERG
18 Accused By U.S. Of $200 Million Credit Card Fraud
New Jersey crime ring created thousands of fake identities to obtain 25,000 credit cards, Justice Department says
INFOWORLD
The Four Most Likely Reasons You Were Hacked
When your system has been compromised, it’s safe to assume the worst. Here's what the bad guys have in mind
WASHINGTON POST
U.K. Wants Surveillance Devices To Monitor Web Traffic With Services Such As Facebook, Twitter
U.K. plans to install an unspecified number of spy devices to monitor Britons' use of overseas services
THE NEW ZEALAND HERALD
Secret Plan To Fend Off Web Attacks
Rules will grant Obama power to order strikes if genuine cyberthreat is suspected
FAST COMPANY
How Cybercriminals Used Banks, Facebook, And Amazon For A World Tour Of Theft
Hacker group may have infected more than a third of the world's IP addresses and sent 1.5 million fake Facebook emails in a single day
NETWORK WORLD
Chinese Hackers Use Compromised USA University Computers To Attack Us
Compromised computers in U.S. provide proxies as attackers hide and hop IP addresses
NAKED SECURITY
Questions And Answers About The Twitter Hack
Hackers stole usernames, email addresses, session tokens and salted-and-hashed passwords
BANK INFOSECURITY
FTC Staff Hints Mobile Privacy Action
Report makes recommendations to mobile providers to provide users clear understanding of what information they collect and how that data is used
ARS TECHNICA
'Lucky Thirteen' Attack Snarfs Cookies Protected By SSL Encryption
Software makers are working to patch a recently discovered vulnerability that lets attackers recover the plain text of authentication cookies and other encrypted data via OpenSSL-based implementations
ORACLE
Oracle Java SE Critical Patch Update Advisory -- February 2013
Oracle issues Java patch two weeks early due to attacks in the wild
THREAT POST
Inside The Targeted Attack On The New York Times
The Chinese group behind the targeted attack on the New York Times set its sights on the email of a reporter and the newspaper’s former Beijing bureau chief -- using 45 custom malware samples to get them
FOX NEWS
US Mulls Action Against China Cyberattacks
The Obama administration is considering more aggressive action against China in response to constant cyberespionage activity against U.S. companies and government agencies
KREBS ON SECURITY
Source: Washington Post Also Broadly Infiltrated By Chinese Hackers In 2012
The Washington Post was among several major U.S. newspapers attacked by alleged Chinese cyberspies, according to a former information technology employee at the paper
GOV INFOSECURITY
Unauthorized Access To Alabama Network Probed
An attacker gained unauthorized access to the state network and multiple computers -- at least one server containing malware was used to gain access to the systems
SECUROSIS
Apple Blocks Vulnerable Java Plugin
Apple now uses Xprotect to block the Java browser plug-in due to security concerns
CSO ONLINE
Email Attack Exploits Vulnerability In Yahoo Site To Hijack Accounts
Vulnerability is located in an old WordPress version used on the Yahoo Developer Network Blog site
SECURELIST
New Crimeware Attacks Latin American Bank Users
Kit contains malware that steals financial information through local pharming attacks, with phishing attacks generated and managed through this botnet in Chile, Peru, Panama, Costa Rica, Mexico, Colombia, Uruguay, Venezuela, Ecuador, Nicaragua, and Argentina
SOFTPEDIA
Indonesian Ministry Of Social Affairs, Other Government Sites Hacked
Several Indonesian government sites hacked and defaced by hacktivists
THE REGISTER
Quantum Crypto Still Not Proven, Claim Cambridge Experts
Thirty years of experiments still haven't proved quantum entanglement
OFFSHORE TECHNOLOGY INTERNATIONAL
Oil And Gas Infrastructure Ill-Equipped For Cyberattack
Industry�s control systems are full of unpatched vulnerabilities, new findings show
WIRED
Why Hacking Is Good For Democracy
In cities throughout the country, "hackathons" are redefining the meaning of civic engagement
IT PRO PORTAL
Sex Hacker Arrested By FBI
California man accused of hacking online accounts to blackmail women into stripping for him on camera
NEWSMAX
Hagel: Cybersecurity A Top Priority In Defense Department
Cyberdefense is a "continued key challenge," Secretary of Defense nominee says
HELP NET SECURITY
Social Media Has Eroded Workplace Privacy
Ten percent of employees say secret discussions about them were initiated by colleagues
CNN MONEY
Your Antivirus Software Probably Won't Prevent A Cyberattack
AV software missed 44 of the 45 pieces of malware used in New York Times attack
DHANJANI BLOG
Cross Device Attacks Using Cloud Sync: An iCloud Example
How cloud synchronization services are likely to become a popular attack target by way of the desktop
BANK INFOSECURITY
Banks Skeptical About DDoS Ceasefire
Hacktivists who have claimed responsibility for a wave of distributed denial-of-service attacks on U.S. banking institutions since mid-September say they are suspending their attacks
V3
Java Security Patch Problems Confound Most Users
V3's recent security poll found that 76 percent of people said they did not know if they were using Java
THE NATIONAL INTEREST
Stuxnet And The Dangers Of Cyberwar
Stuxnet was more than cyberexploitation, which covertly mines information from networks without authorization
INFOWORLD
Cyber Crime Sentencing Is Out Of Whack
The Aaron Swartz tragedy illustrates how some prosecutors must be reined in
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
- Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-2059
OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API, which allows remote authenticated users to retain access via the token.
CVE-2013-2007
The qemu guest agent in Qemu 1.4.1 and earlier, as used by Xen, when started in daemon mode, uses weak permissions for certain files, which allows local users to read and write to these files.
CVE-2013-2006
OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the (1) admin_token and (2) LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file.
CVE-2013-1977
OpenStack devstack uses world-readable permissions for keystone.conf, which allows local users to obtain sensitive information such as the LDAP password and admin_token secret by reading the file.
CVE-2013-1964
Xen 4.0.x and 4.1.x incorrectly releases a grant reference when releasing a non-v1, non-transitive grant, which allows local guest administrators to cause a denial of service (host crash), obtain sensitive information, or possible have other impacts via unspecified vectors.