Best Of Web
Best Of The Web
ZDNET
ESA Hack Did Not Breach Internal Network
The European Space Agency confirmed that a hacker entered its FTP servers and took sensitive data, including hundreds of passwords
ARMORIZE BLOG
Newest Adobe Flash 0-Day Used In New Drive-By Download Variation: Drive-By Cache
Increased use of a variation of the drive-by download attack--sometimes using zero-days-- has been spotted, and Amnesty International is the latest target
NETWORK WORLD
Popular Kid's Clothing Retailer, Hit With Database Breach
Experian-owned email marketing service Cheetahmail was breached, leading to exposure of retailer The Children's Place's emails
SOFTPEDIA
Oracle Patches 73 Vulnerabilities
Oracle issued its quarterly security update, fixing 73 vulnerabilities that cross its entire product line
INTEL BLOG
One Lost Laptop is All it Takes
Intel and Ponemon study shows that 275 European organizations lost over 72,000 laptops during a 12-month period, representing $1.79 billion in financial losses
PYMNTS.COM
Is the PIN Mightier Than the Sword in Fighting Fraud?
Visa chief enterprise risk officer says future of payments security is to adopt dynamic data solutions for cardholder authentication
SYMANTEC
Rise in ZIP File Attachments in Spam Emails Lead to Bredolab Malware
Cutwail botnet began sending more emails with zip file attachments than usual
NETWORK WORLD
Former Engineer Who Sued Cisco Now Faces Criminal Charges
After suing Cisco, Peter Alfred-Adekeye faces extradition to the U.S. on hacking charges
WIRED
Top Federal Lab Hacked in Spear-Phishing Attack
Oak Ridge National Laboratory took its users offline on Friday after the federal facility was hacked and it was found that data was being exfiltrated from a server t here
IPHONE TRACKER
iPhone Tracker Tool Released
New tool application maps information that your iPhone is recording about your movements
ROBERT SICILIANO BLOG
Lawmakers Push To Shield Last 4 Social Security Numbers
Rhode Island lawmakers are pushing legislation to stop businesses from asking for the last four digits of customers� Social Security numbers
US-CERT
Apple Releases iTunes 10.2.2
Apple has released iTunes 10.2.2 to address multiple vulnerabilities affecting the WebKit package
NEW YORK TIMES BLOG
Twitter Hit with New Spam Apps Overnight
A series of third-party apps spread on Twitter overnight that sent spam from users� accounts without their knowledge
DAILY MAIL
Credit Cards Get A Security Boost As Two Big U.S. Banks Introduce Chip-And-Pin Trial
Long-awaited transition could eventually make magnetic stripes a thing of the past
CIOL
Cyberattacks, Censorship Threat To Net Freedom
New study says Estonia, U.S. have the greatest freedom to use the Internet
FORBES
Massive Identity Theft With Help From The IRS
Attacker hijacks the identity of some 2,300 nonprofits, using a hole in the IRS electronic filing system
CTV NEWS
Canadian Federal Workers Go Without Electronic Stubs Following Breach
Mysterious breach causes shutdown of Canadian federal online pay system, affecting some 320,000 workers
MALAY MAIL
Cyber Attacks On News Portal �Politically Motivated Allegations,� Says Deputy Minister
Malaysian government official says his office has not received complaints of alleged attacks
ARS TECHNICA
Pirate Bay Becomes "Research Bay" To Aid P2P Researchers
Former site of illegal file sharing now becomes a spot to gather information about P2P practices
CNET
Cyberattacks Rise At Critical Infrastructure Firms
Extortion, malware attacks are on the increase, report says
eWEEK
European Space Agency FTP Servers Breached
Hacker who cracked MySQL and Sun now claims to have gained access to space agency
THE REGISTER
Leaked U.S. Cables Finger Chinese Army Hackers For Cyber-Spying
Leaked diplomatic documents show U.S. and China are engaged in heated cyberespionage
IT NEWS
New Rules Allow Europe�s Web Users To Turn Off Cookies
Advertising industry moves to self-regulate
NINE MSN
Scorned Man Jailed Over Revenge Botnet Attack
Man launched cyberattack on news sites that ran the story of his affair with a fictitious woman
THE INDEPENDENT
Cybercriminals Target Owners Of Smartphones
Bad guys combine smartphones, social networks and money transfer in online schemes
TELECOM PAPER
EU, US Strengthen Cybersecurity Cooperation
Regions deepen commitment to work together on Internet threats
RT
German Multinational Company Dragged Into Iranian Cyberattack Scandal
Siemens AG should account for its alleged involvement in Stuxnet exploit, Iran says
GOOGLE NEWS
South Korea Bank Probed Over Cyberattack Shutdown
Attack leaves customers unable to access their money for three days
KOREA TIMES
Two Suspects In Hyundai Capital Hacking Caught
Police accuse two of attempting to blackmail Hyundai by threatening to release personal information
SEARCHSECURITY
RSA Readies Changes To SecurID Delivery Processes In Wake Of APT Attack
RSA is planning changes to some of its manufacturing and shipping processes to address the security of SecurID
SYMANTEC
The PDF Exploit: Same Crime, Different Face
The anatomy of a PDF attack and the effectiveness of security countermeasures in the fight against newest wave of advanced threats
ISC SANS DIARY
MS11-020 Upgrading From Critical To PATCH NOW
SANS Internet Storm Center says that based on notifications from Microsoft on MS11-020, users should patch now, as a remote code exploit poses a serious risk to internal networks
NAKED SECURITY BLOG
Poo Owns Up To Hacking Of Federal Reserve Computers
A Malaysian man arrested last year by an undercover Secret Service agent has admitted hacking into a series of financial institutions and pleaded guilty to possessing stolen credit and debit card numbers
CIO
Oracle To Fix 73 Security Bugs Next Week
Oracle plans to release a large number of security patches for its various software products next week, including six bug fixes for its flagship database software
ADOBE BLOG
Update On Security Advisory For Adboe Flash Player, Adobe Reader And Acrobat
Adobe today will issue an update for Security Advisory APSA11-02 for Flash Player 10.2.x for Windows, Macintosh, Linux, and Solaris
THE REGISTER
EU And US Agree To Run Joint Cyberwar Exercise In 2011
EU home affairs commissioner Cecilia Malmstr�m and U.S. DHS secretary Janet Napolitano agreed to run a joint EU-US cyber-incident exercise by the end of 2011
US-CERT
Apple Releases Security Updates
Apple has released patches for vulnerabilities in OS X, Safari, and iOS
SOFTPEDIA
ZeuS Bot Herder Taunts Security Researchers Through Fake Digital Certificate
New ZeuS trojan sample is digitally signed with a fake certificate to make it harder to detect
GOV INFOSECURITY
Danger Seen In Slashing InfoSec Spend
U.S. Department of Homeland Security official says potential federal budget cuts in IT security worry federal officials
GOV INFOSECURITY
Danger Seen In Slashing InfoSec Spend
U.S. Department of Homeland Security official says potential federal budget cuts in IT security worry federal officials
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- Endpoint Security: End user security requires layers of tools and training as employees use more devices and apps.
- Security Isn't A Piece Of Cake: It's time we rethink the conventional wisdom about security layering.
- BYOD Is Here To Stay: Trying to keep employees' devices off the network is futile.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-2866
The Flash plug-in in Google Chrome before 27.0.1453.116 does not properly determine whether a user wishes to permit camera or microphone access by a Flash application, which allows remote attackers to obtain sensitive information from a machine's physical environment via a clickjacking attack, as demonstrated by an attack using a crafted Cascading Style Sheets (CSS) opacity property.
CVE-2013-2969
Cross-site scripting (XSS) vulnerability in IBM Sterling Control Center (SCC) 5.2 before 5.2.0.9, 5.3 before 5.3.0.4, and 5.4 through 5.4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving invalid characters.
CVE-2013-2968
An unspecified buffer-read method in IBM Sterling Control Center (SCC) 5.2 before 5.2.0.9, 5.3 before 5.3.0.4, and 5.4 through 5.4.0.1 allows remote authenticated users to cause a denial of service via a large file that lacks end-of-line characters.
CVE-2013-4622 (droid_incredible)
The 3G Mobile Hotspot feature on the HTC Droid Incredible has a default WPA2 PSK passphrase of 1234567890, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area.
CVE-2013-0484 (cognos_tm1)
The server process in IBM Cognos TM1 10.1.x before 10.1.1 FP1 allows remote attackers to cause a denial of service (daemon crash) via an undocumented API call that triggers the transmission of unexpected data.