Best Of Web
Best Of The Web
Briar Group Pays Up For Data Breach
Chain agrees to pay more than $100,000 for failure to protect customer data
StartupBritain Serves Up Fake AV On Launch
Government-backed website for entrepreneurs starts up with infection
NASA Systems Dangerously At Risk From Cyberattack
OIG paints bleak picture of space agency's defenses
GLOBAL SECURITY NEWSWIRE
Trial Cyberattack Suggests Widespread U.S. Vulnerabilities
Penetration testers hired by California public water authority are able to gain access to water supply
Government Spooks Called In To Investigate Nasdaq OMX Hack
NSA will join hunt to find attackers, report says
Breach At The Co-Operative Group Leads To Exposure Of 83,000 Records
A firm that provides technical support services to The Co-operative Group made an "error" that resulted in the breach of 83,000 customer records
Mass SQL Injection Attack Leads To Scareware
WebSense has detected a mass SQL injection attack affecting 58,300 Web pages, including some on iTunes, which attempts to peddle scareware
NAKED SECURITY BLOG
Bank Of America And $100,000 Debit Card "Incident"
Bank of America denied it was breached, but the incident affecting BoA customers accounts for $100,000 in fraudulent debit transactions
Stuxnet Paves Way For Cheap Malware, Says Kaspersky
Eugene Kaspersky says the high-end Stuxnet malware could be re-engineered inexpensively by civilian hackers to inflict more damage
HELP NET SECURITY
FBI Asks Public To Break A Code, Help Solve A Murder
The FBI has asked any crypto-analysts to help solve an open murder case from 1999, when a man's dead body was found with two encrypted notes in his pocket
Australian Prime Minister Hit By Suspected Chinese Hacking Attack
Chinese hackers are believed to have broken into computers owned by the Australian Prime Minister Julia Gillard and at least two senior ministers apparently as part of a mission to access information about Australia's mining industry
THE TECH HERALD
Was Anonnews.org Taken Offline By Its Registrar?
The Anonymous group's anonnews.org site appears to have been taken down temporarily this week by its domain provider, Dynadot
BP Employee Loses Laptop Containing Data On 13,000 Oil Spill Claimants
The names, Social Security numbers, addresses, other personal data of 13,000 people who had filed compensation claims with BT after last year's oil spill were potentially compromised after a laptop with that data was lost by a BP employee
Cyberattack Spreads To European Parliament
Parliament and European Commission face coordinated snooping attack, officials say
Everything You Do Online Reveals Your Identity
"Anonymous" data can lead to reidentification, experts say
Forget Social Security Numbers -- Cybercriminals Want Your Intellectual Property
McAfee, SAIC report warns companies against reactive approach to security
BANK INFO SECURITY
Bank Of America Denies Breach
Michigan-area customer complaints may have involved a third party
NASA Computers That Control Spacecraft "Vulnerable To Crippling Hacker Attacks"
Agency could fall victim to "catastrophic" breaches, report states
HBGary Attorney Was Once "The Lawyer Hackers Call"
Jennifer Granick, who has argued on behalf of many researchers, now seeks to help embattled security company
Bank Security Experts Play Up Social Risks
Identity data becomes a commodity in underground economy
How To Hack The New York Times Paywall -- With Your Delete Key
Newspaper's gate that requires users to pay for articles is surprisingly easy to bypass, experts say
Maine, Play.com, GSN Customers Hit By Third-Party Data Breach
Members of the state of Maine state park website, Play.com shoppers, and Game Show Network were exposed after cybercriminals hacked a third-party marketing firm and stole the sites' member information
Higher-Ed Breach Madness: The Data Breach Final Four
Based on the number of reported records breached at universities last year, Application Security Inc. named Ohio State University (with 750,000 breached records), Valdosta State University, University of North Florida, and Buena Vista University as the final four
Companies Pick And Choose Which Data Breaches To Report
One in seven information technology companies have not reported data breaches or losses to outside government agencies, authorities, or stockholders
THE HACKER NEWS
The Next Target Of Anonymous Hackers Is Warnerbrosrecords.com
The lawsuits filed against Limewire by 13 record companies has prompted the hactivist group to begin targeting the record companies, which include Arista, Atlantic, Motown, Virgin, and Warner Bros.
5 Convicted In International Bank Fraud Scheme
The U.S. attorney's office said hackers in Egypt hacked bank accounts and used money mules in the U.S. to transfer money from them--more than 40 other people were convicted previously
Color App Hack Lets You Spy On Anyone's Photos Anywhere
Researcher demonstrates "broken" authentication model of new social network app Color
NAKED SECURITY BLOG
Italian Law Firm Knowingly Serves Up Infected Web Pages
Sophos says a Milan-based law firm that specializes in intellectual property is still running its iFrame-infected website months after Sophos alerted the firm
McAfee's Website Full Of Security Holes, Researcher Says
The so-called YGN Ethical Hacker Group has revealed cross-site scripting flaws on McAfee's mcafee.com website, and the security vendor is working on fixes
GOVERNMENT ACCOUNTABILITY OFFICE
IRS Needs To Enhance Internal Control Over Financial Reporting And Taxpayer Data
Despite improvements, IRS needs to do more to improve security, GAO report says
Zeus Cybercrime Cookbook On Sale In Underground Forums
Lets noncoders produce Trojans, other cybercrime tools
The Underground Economy Of Spam: A Botmaster's Perspective Of Coordinating Large-Scale Spam Campaigns
Research paper offers insight on how botmasters, spammers work together to build major attacks
OFFICE OF INADEQUATE SECURITY
Lone Star Business Solutions Exposes Thousands Of Employees And Applicants To ID Theft
Documents found in dumpsters suggest personally identifiable information may have been compromised
HAWAII NEWS NOW
California Men Indicted For Allegedly Stealing Credit Card Info From 194 People In Hawaii
Credit card skimmers used to grab PIN data from customers at local gas stations
Anonymous Draws Congressional Attention; Battles Disgruntled Members
Group plays "outing" games with dissidents within
GOVERNMENT COMPUTER NEWS
Cyberattacks On Agencies Increase As Preparedness Lags
OMB report says cyber incidents jumped 39 percent in last fiscal year
SSL Meltdown: A Cyberwar Attack?
Comodo releases more details on the intrusion of its certificate authority
AT&T Facebook Traffic Takes A Loop Through China
"Routing mistake" took traffic to China Telecom and then to South Korea's SK Broadband, researcher says
New Zealand Government Websites Down Following Threat By Anonymous
Department of Internal Affairs and Civil Defense sites down; Anonymous complains of Internet censorship in New Zealand
Is EMC Poised To Buy NetWitness?
Rumor of acquisition is strong in industry
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
- Remote Data Replication: Combat Disasters And Optimize Business Operations
- Riverbed vs Silver Peak: WAN Optimization Vendors Put to the Test
- Storage Infrastructure as a Service The Best of Cloud and On-premises Storage
- Putting Metaswitch's SBC Software to the Test
- When It Makes Sense to Move to Desktop Virtualization: Seven Key Indicators
- BYOD into the Cloud: The Next Phase of Enterprise Mobility -
- Get practical information on how to develop your organization's mobile commerce application - Mobile Commerce World - Mobile Commerce World
- Learn how to enage customers through mobility - Mobile Commerce World - Mobile Commerce World
- Learn how to best integrate mobile commerce with your current systems -- Mobile Commerce World - Mobile Commerce World
- How to Choose a SaaS Vendor - E2 Conference Boston
Dark Reading Digital Magazine
In This Issue
- Endpoint Security: End user security requires layers of tools and training as employees use more devices and apps.
- Security Isn't A Piece Of Cake: It's time we rethink the conventional wisdom about security layering.
- BYOD Is Here To Stay: Trying to keep employees' devices off the network is futile.
Time To Set Up That Honeypot
Securing Cisco IP Telephony
Attribution Is Much More Than A Source IP
New CA Group Has Big Names, Small Impact
How To Build An IT Security Budget
5 Approaches To Decaffeinating Java Exploits
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
Multiple cross-site scripting (XSS) vulnerabilities in REDCap before 5.1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving different modules.
Multiple unspecified vulnerabilities in REDCap before 5.1.1 allow remote attackers to have an unknown impact via vectors involving (1) the Online Designer page or (2) the Manage Survey Participants page.
Unspecified vulnerability in the Data Search utility in data-entry forms in REDCap before 5.0.3 and 5.1.x before 5.1.2 has unknown impact and remote attack vectors.
REDCap before 5.0.4 and 5.1.x before 5.1.3 does not reject certain undocumented syntax within branching logic and calculations, which allows remote authenticated users to bypass intended access restrictions via (1) the Online Designer or (2) the Data Dictionary upload, as demonstrated by an eval call.
Cross-site scripting (XSS) vulnerability in REDCap before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via vectors involving the Graphical Data View & Descriptive Stats page.