Vulnerabilities
Google Says Microsoft MHTML Bug Exploited by China
March 21, 2011 Added by:Headlines
Google has blamed the Chinese government for problems accessing Gmail. Google "noticed some highly targeted and apparently politically motivated attacks against our users. We believe activists may have been a specific target. We’ve also seen attacks against users of another popular social site..."
Comments (0)
Real-Life Example of a 'Business Logic Defect'
March 13, 2011 Added by:Rafal Los
I wanted to buy more than the site offered me at one given purchase. So I set the hamster loose on the wheel and tried something interesting that should never have worked. This type of vulnerability is a manipulation of application business logic and again, should never, ever work...
Comments (0)
Facebook Offers Firesheep Counter Measure
March 11, 2011 Added by:Headlines
Facebook has finally offered a resolution for a major privacy vulnerability that allows accounts to be hijacked by an application called Firesheep. Firesheep is a FireFox extension that can harvest login credentials when users access their accounts over unencrypted Wi-Fi networks...
Comments (0)
Report: Websites Remain Vulnerable to Attacks
March 09, 2011 Added by:Headlines
The study looked at the both the presence of a vulnerability and the length of time before remediation. The results showed that the websites were exposed 270 days of the year on average. Education sector websites lead the pack, followed by retail and social networking sites...
Comments (0)
Application Vulnerabilities are Like Landmines
March 02, 2011 Added by:Ron Lepofsky
Application owners sometimes get confused when doing a follow-up audit after they have implemented all recommendations made in an original audit. Some owners think they can save money on a subsequent audit simply by having an auditor validate the mitigation recommendations were implemented correctly...
Comments (0)
Customer Security and Software Security
February 02, 2011 Added by:Danny Lieberman
What threats really count for your business? No question is more important for implementing effective security. The management, the software developers and security analysts cannot expect to mitigate risk without knowing the sources and costs of threats to products and the products’ users...
Comments (3)
Microsoft IE Vulnerability Leaves 900 Million at Risk
February 01, 2011 Added by:Headlines
“The main impact of the vulnerability is unintended information disclosure. We're aware of published information and proof-of-concept code that attempts to exploit this vulnerability, but we haven't seen any indications of active exploitation..."
Comments (0)
Will IPv6 Cause Chaos for the Browsing Public?
January 19, 2011 Added by:Rafal Los
Whether you're installing a drive-by trojan malware via 0day, collecting revenue from pay-per-click schemes, or XSS'ing your way into their bank account - the goal of this game is to make money on that person. Let's face it, business is good...
Comments (0)
McAfee's Top Targets for Emerging Threats in 2011
January 17, 2011 Added by:Robert Siciliano
This is McAfee Labs list comprises 2010′s most buzzed about platforms and services, all of which are expected to be major targets for cybercriminals in the coming year...
Comments (2)
Vulnerabilities Found in Many Fortune 500 Websites
January 11, 2011 Added by:Headlines
In a survey of the websites belonging to all Fortune 500 listed companies and an additional selection of 175 other businesses, researchers found that nearly fifteen percent contained serious security flaws that leave the sites open to cross-site scripting (XSS) and open redirect exploitations...
Comments (0)
Security Threats Lurk in Adobe PDF Documents
January 04, 2011 Added by:Headlines
A researcher has identified several flaws in the portable document file standard that produce some serious vulnerabilities. One finding shows the ability for a PDF to contain code for a database scanner that activates when the document is sent to a hub printer and can scan the entire network...
Comments (0)
Google and Microsoft Clash Over IE Fuzzer Release
January 04, 2011 Added by:Headlines
Did a Google staff researcher jump the gun by releasing a tool that identifies dozens of exploitable bugs in Internet Explorer before critical patches were available, or did Microsoft drop the ball back in July by not addressing the problems when first presented to them? A cyber-drama is playing out...
Comments (0)
Java Applet Distributes Trojan via Downloader Injection
December 31, 2010 Added by:Headlines
More than two-thousand weblinks direct users to domains that can inject malicious code by way of a Java downloader applet. The code is contained in the HTML of the infected sites, and infects the visitor's computers with a hidden iFrame containing a JavaScript function...
Comments (1)
Project Honeypot HTTP Blocklist Module
December 29, 2010 Added by:Rob Fuller
Project Honeypot does an amazing job at keeping detailed information on scanners / harvesters and brute forcers, the likes of which are the daily enemy of said admins. They offer a service called HTTP Block List or 'HTTP:BL'...
Comments (0)
Protecting Against Firesheep with Strict Transport Security
December 27, 2010 Added by:Bozidar Spirovski
Remember, this only protects you against sites that are either already using STS or sites that you have manually added. This really isn't a scalable approach since xyz.com could be vulnerable and you wouldn't know unless you inspected the traffic going back and forth...
Comments (0)
Unpatched Internet Explorer Flaw Leaves PCs Vulnerable
December 27, 2010 Added by:Headlines
The flaw is present in IE versions 6 through 8,and will allow the injection of malicious code if a user visits websites designed to exploit the vulnerability by exploiting how the browser controls a computer's memory when processing the instructions for the presentation of a webpage, the CSS...
Comments (0)
- Five Things Your InfoSec Team Should Do in the Next 30 Days
- The Disclosure Debate Continues….. (part 1,453, 769) to be Continued
- The Danger of Mixing Cyber Espionage with Cyber Warfare
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)