Best Of Web
Best Of The Web
GMA NEWS
White Hat Hacker Exposes NASA Servers' Vulnerabilities
"TinKode" says he found an exploitable flaw in FTP servers at space agency
COMPUTING.CO.UK
UK Treasury Key Target For Cyberattacks, Says Osborne
British treasury is hit at least once a day, Chancellor says
THE TECH HERALD
Google Stamps Out Possible Android Data Leak
Company takes steps to fix embarrassing vulnerability
SECURITY WEEK
Fraudsters Suck $1.4 Billion From Airlines
Online payment fraud is major problem for industry, CyberSource study reports
THE ATLANTIC
Homeland Security's Top Cybersecurity Official Resigns
Phil Reitinger decides it's time to move on
SYMANTEC
Survey: The Consumerization Of IT From The End User���s Perspective
End users see the potential benefits of mobile devices, but don't see the security implications
INFOWORLD
IT Employment Regains Recession Losses, Passes 4 Million Again
After long downturn, IT hiring is on the upswing again
ARMORIZE
Goal.com Serving Malware
Popular soccer site is still serving a drive-by download of fake AV software, researchers say
EWEEK
DoD's DARPA Plans Resilient Cloud To Withstand Cyber-Attacks
The Department of Defense Advanced Projects Agency later this month will reveal a new cloud infrastructure that can keep operating even while under attack
THREAT POST
Qakbot Virus Causes Possible Data Breach At Mass. Agencies
The Massachusetts Department of Unemployment Assistance and Department of Career Services was breached in April, and officials are alerting hundreds of thousands of people that their personal information might have been stolen
NAKED SECURITY BLOG
Mac App Store Exposes Users To Security Risks, Claims Researcher
Apple�s App Store has not published the latest versions of various applications -- including ones with critical security updates
YAHOO NEWS
Sony Boss: Cannot Guarantee Security After Hacking
Sony head Howard Stringer says he can no longer guarantee the security of Sony's gaming network in the "bad new world" of cybercrime
THE HUFFINGTON POST
IAEA Hacked? Nuclear Agency Fears Iran Hackers: Diplomats
The International Atomic Energy Agency is investigating possible hacks of IAEA experts' cell phones and laptops by Iranian officials looking for confidential information while the equipment was left unattended during inspection tours there
PC MAGAZINE
Six Great Password Managers
They use one ultra-strong password that you can remember but nobody else would guess, and store your passwords and automatically recall them as needed
THE NEXT WEB
Not So Fast: Sony's Playstation Network Hacked Again
Not even two days after Sony's PlayStation Network returned online, the company might have been hit again via an exploit that changes user passwords using PSN account email and date of birth -- user information that was stolen in the original attack
THE WASHINGTON POST
Facebook, Twitter, Google Oppose Calif. Law
Facebook, Google, Twitter, and Skype are part of a coalition that has voiced concerns about a proposed bill in the California Senate that would require social networking sites to make personal information private by default
COMPUTER WEEKLY
Hackers Hit Japanese Video Game Maker Square Enix
Company says it does not hold any credit card data on its Web servers
THE OPEN GROUP
Open Group Updates Enterprise Security Architecture, Guidance
Changes reflect new developments in IT, group says
THREAT POST
Barrett Brown, Public Face Of Anonymous, Leaves Group
Media spokesman departs as hacker group begins to splinter
THE REGISTER
Ninety-Nine Percent Of Android Phones Leak Secret Account Credentials
Impersonation attacks target Google services
BOSTON.COM
Virus Causes Data Breaches At State Websites
Personal information of as many as 210,000 Massachusetts residents may be at risk
SECURITY WEEK
Zeus Source Code Is Leaked: Is This Really A Game-Changer?
Experts say industry should not be thrown into a frenzy
SYMANTEC
Government And Human Rights Websites Fall Victim To Targeted Web Malware Attack
Site visitors could contract a backdoor attack, researchers say
MILWAUKEE JOURNAL-SENTINEL
Miss Wisconsin USA Is Charged With Identity Theft, Loses Title
Prospective Miss USA charged with misappropriating identity data for money
BANK INFOSECURITY
Michaels Breach: Patterns Showed Fraud
Financial institutions and card issuers were able to link incidents of debit and credit fraud to the Michaels retail chain, experts say
THE GUARDIAN
Osborne: Treasury Under Sustained Cyberattack
U.K. Chancellor says the U.K. Treasury is under malicious software attacks led by foreign intelligence agencies, and that government systems are the target of up to 20,000 malicious emails each month
ADOBE BLOG
Adobe Flash Player 10.3 For Desktop And Android Devices Now Available
Flash Player 10.3 is out for Android, Linux, MacOS, and Windows and includes enhanced security features
THE REGISTER
Dropbox 'Insecure And Misleading' --Crypto Researcher
A security researcher is asking the FTC to investigate Dropbox for misleading users into thinking it is more secure than it really is
IT PRO PORTAL
LimeWire And RIAA Reach Settlement, Accused To Pay $105 Million
LimeWire has settled out of court with the record labels that had sued it for allegedly promoting music piracy -- LimeWire will pay $105 million to all of the 13 complainant music companies
NAKED SECURITY BLOG
Facebook Dislike Button Spreads Fast, But Is A Fake--Watch Out!
If you click, it sends the message to all of the victim's friends and runs an obfuscated Javascript on your system
IB TIMES
Sony PlayStation Network Attack Shows Amazon EC2 A Hackers' Paradise
Amazon's cloud-based Infrastructure-as-a-service, EC2, was used by the hackers who stole personal details of more than 80 million users from Sony's PlayStation Network
THE REGISTER
How Bin Laden Thwarted U.S .Electronic Surveillance
Osama bin Laden didn't have a phone or Internet, but used email by saving messages to a thumb drive and having them sent from an Internet cafe, the Associated Press reports
GOVERNMENT COMPUTER NEWS
White House Cyber Plan Would Expand Role Of DHS, Private Sector
The Obama administration has proposed cybersecurity legislation that would clarify the government�s role in protecting the nation's critical infrastructure and favor public/private cooperation over regulation
PC WORLD
Rambus Buying Cryptography Research For $342.5 Million
Rambus will acquire security technology company Cryptography Research for $342.5 million in a cash and stock deal in a deal that could encourage chip makers to add security features to their hardware
ZERO DAY LABS BLOG
Possible PlayStation Network Attack Vectors
Veracode says it appears an application vulnerability was initial point of entry for the Sony breach, and it was more a crime of opportunity than a targeted attack
IT PRO
WebGL Flaws Hit Firefox And Chrome
US-CERT is telling Firefox and Chrome users to turn off WebGL after a security firm warns of "inherent" issues with the rendering tool
GOVINFOSECURITY
Senators Ask SEC To Issue IT Security Guidance
Five Democratic senators have asked the Securities and Exchange Commission to issue guidance on the disclosure of data breaches and other cybersecurity risks due to inconsistencies in reporting and investor confusion
MSNBC
Study: Android Malware Up 400 Percent
Application downloads are "the single greatest distribution point for mobile malware," but many smartphone users aren't using antivirus tools
NAKED SECURITY BLOG
Hackers Steal Fox TV Passwords, Deface Twitter And LinkedIn Pages
A group of hackers that goes by "Lulz Security" hacked a Fox Broadcasting server and published details of hundreds of employees usernames and passwords on the Internet
THE REGISTER
CERT Warns Of Critical Industrial Control Bug
Flaw in popular software could enable remote control by an attacker, researchers warn
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
- Three Principles to Improve Data Security and Compliance
- Aligning IT with strategic business goals: A proactive approach to managing IT risk to your business
- Connecting the Dots: Are You Seeing the Complete Big Data Picture?
- How crowdsourced testing has changed the game for innovative software companies
- Ensuring Your Apps Work in the Real World
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
- Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-3562
Multiple integer signedness errors in the tvb_unmasked function in epan/dissectors/packet-websocket.c in the Websocket dissector in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (application crash) via a malformed packet.
CVE-2013-3561
Multiple integer overflows in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (loop or application crash) via a malformed packet, related to a crash of the Websocket dissector, an infinite loop in the MySQL dissector, and a large loop in the ETCH dissector.
CVE-2013-3560
The dissect_dsmcc_un_download function in epan/dissectors/packet-mpeg-dsmcc.c in the MPEG DSM-CC dissector in Wireshark 1.8.x before 1.8.7 uses an incorrect format string, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
CVE-2013-3559
epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.8.x before 1.8.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (integer overflow, and heap memory corruption or NULL pointer dereference, and application crash) via a malformed packet.
CVE-2013-3558
The dissect_ccp_bsdcomp_opt function in epan/dissectors/packet-ppp.c in the PPP CCP dissector in Wireshark 1.8.x before 1.8.7 does not terminate a bit-field list, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.