March 21, 2011 Added by:Headlines
Google has blamed the Chinese government for problems accessing Gmail. Google "noticed some highly targeted and apparently politically motivated attacks against our users. We believe activists may have been a specific target. We’ve also seen attacks against users of another popular social site..."
March 13, 2011 Added by:Rafal Los
I wanted to buy more than the site offered me at one given purchase. So I set the hamster loose on the wheel and tried something interesting that should never have worked. This type of vulnerability is a manipulation of application business logic and again, should never, ever work...
March 11, 2011 Added by:Headlines
Facebook has finally offered a resolution for a major privacy vulnerability that allows accounts to be hijacked by an application called Firesheep. Firesheep is a FireFox extension that can harvest login credentials when users access their accounts over unencrypted Wi-Fi networks...
March 09, 2011 Added by:Headlines
The study looked at the both the presence of a vulnerability and the length of time before remediation. The results showed that the websites were exposed 270 days of the year on average. Education sector websites lead the pack, followed by retail and social networking sites...
March 02, 2011 Added by:Ron Lepofsky
Application owners sometimes get confused when doing a follow-up audit after they have implemented all recommendations made in an original audit. Some owners think they can save money on a subsequent audit simply by having an auditor validate the mitigation recommendations were implemented correctly...
February 02, 2011 Added by:Danny Lieberman
What threats really count for your business? No question is more important for implementing effective security. The management, the software developers and security analysts cannot expect to mitigate risk without knowing the sources and costs of threats to products and the products’ users...
February 01, 2011 Added by:Headlines
“The main impact of the vulnerability is unintended information disclosure. We're aware of published information and proof-of-concept code that attempts to exploit this vulnerability, but we haven't seen any indications of active exploitation..."
January 19, 2011 Added by:Rafal Los
Whether you're installing a drive-by trojan malware via 0day, collecting revenue from pay-per-click schemes, or XSS'ing your way into their bank account - the goal of this game is to make money on that person. Let's face it, business is good...
January 11, 2011 Added by:Headlines
In a survey of the websites belonging to all Fortune 500 listed companies and an additional selection of 175 other businesses, researchers found that nearly fifteen percent contained serious security flaws that leave the sites open to cross-site scripting (XSS) and open redirect exploitations...
January 04, 2011 Added by:Headlines
A researcher has identified several flaws in the portable document file standard that produce some serious vulnerabilities. One finding shows the ability for a PDF to contain code for a database scanner that activates when the document is sent to a hub printer and can scan the entire network...
January 04, 2011 Added by:Headlines
Did a Google staff researcher jump the gun by releasing a tool that identifies dozens of exploitable bugs in Internet Explorer before critical patches were available, or did Microsoft drop the ball back in July by not addressing the problems when first presented to them? A cyber-drama is playing out...
December 31, 2010 Added by:Headlines
December 29, 2010 Added by:Rob Fuller
Project Honeypot does an amazing job at keeping detailed information on scanners / harvesters and brute forcers, the likes of which are the daily enemy of said admins. They offer a service called HTTP Block List or 'HTTP:BL'...
December 27, 2010 Added by:Bozidar Spirovski
Remember, this only protects you against sites that are either already using STS or sites that you have manually added. This really isn't a scalable approach since xyz.com could be vulnerable and you wouldn't know unless you inspected the traffic going back and forth...
December 27, 2010 Added by:Headlines
The flaw is present in IE versions 6 through 8,and will allow the injection of malicious code if a user visits websites designed to exploit the vulnerability by exploiting how the browser controls a computer's memory when processing the instructions for the presentation of a webpage, the CSS...
Mobile Security Processes Could Be Applied t... Johnnie Nix on 05-21-2013
ATM Security (And Really Learning from the P... Johnnie Nix on 05-21-2013
New Study Published on Mobile Malware... Caitlin Rachel on 05-21-2013