Blog Posts Tagged with "Malicious Code"
February 07, 2012 Added by:Gary McCully
In attempts to prevent XSS attacks many organizations block or HTML encode special characters (<, >, "). In order to be fair I will admit that this prevents many successful XSS attacks, but at the end of the day many of these web applications are still vulnerable to XSS...
February 06, 2012 Added by:Headlines
Researchers at Symantec have identified a crafty Trojan targeting Android devices which slightly modifies its code every time the malware is downloaded, a called server-side polymorphism, which makes it more difficult to detect by signature-based antivirus software defenses...
February 03, 2012 Added by:Headlines
Apple has released security updates for Apple OS X Lion 10.7 to 10.7.2, OS X Lion Server 10.7 to 10.7.2, Mac OS 10.6.8, and Mac OS X Server v 10.6.8 to address multiple vulnerabilities that may allow an attacker to execute arbitrary code, a denial-of-service, and bypass security...
January 31, 2012 Added by:Gary McCully
Many companies that configure web application firewalls do not truly understand the web application attacks they are trying to prevent. Thus, in many cases, we have poorly coded web applications with poorly configured web application firewalls "protecting" them...
January 31, 2012 Added by:Headlines
The report attributes the increase to automation techniques being more widely used in the creation of malware variants - slightly altered signatures developed to foil anti-malware detection software. The report notes a sharp increase in the proliferation of Trojans...
December 15, 2011 Added by:Mark Baldwin
September 12, 2011 Added by:Chris Weber
The advertising industry can should mitigate the threat of malware by constraining the capabilities of scripting to address arbitrary content, proxying content, and filtering content for malware. Here are seven security essentials that web servers and advertisers must undertake...
August 31, 2011 Added by:Dan Dieterle
Malicious scripts and executables are encoded and obfuscated to purposely bypass anti-virus programs. Once they are run on a target machine - Windows, Mac or Linux - they connect through the firewall to the attacker's machine. It is imperative to educate your users about these attacks...
August 30, 2011 Added by:Headlines
"DNSwatch will help you avoid known bad websites or sites that will trick your computer into downloading and installing malicious programs on your computer. Even better, DNSwatch will also prevent you from accessing malicious websites that you may not even know your computer is trying to access..."
August 29, 2011 Added by:Headlines
"These password-stealing Trojans are programmed to insert themselves into the browser stack and can intercept login pages even before they are encrypted by HTTPS... code snippets ask for additional security questions or special passwords, information the password thieves want..."
June 30, 2011 Added by:Headlines
"The attack appears [to] focus on users of online banking services, especially small businesses and corporations. The messages are not well done. They are badly written and don’t really attempt to hide the fact that the attached file has the double extension .pdf.exe..."
June 13, 2011 Added by:Lenny Zeltser
March 24, 2011 Added by:Pascal Longpre
Documents leaked in the attack on HBGary shed light on numerous rootkit technologies designed to evade or bypass mainstream detection software and circumvent protections thought to be unbreakable by design. Malware like this also renders disk encryption, DLP and SIEM solutions mostly irrelevant...
March 04, 2011 Added by:Headlines
"Kingsoft WebShield has the ability to lock the home page to a specific domain as well as to redirect URLs based entirely on plain text configuration files... a person with malicious intent can repackage it using malicious configuration files and use this as a home-made Trojan package..."
February 21, 2011 Added by:Mark Baldwin
February 02, 2011 Added by:Headlines
The exploits are a Trojan called Asprox.N and a malicious link attack called Lolbot.Q. Both play on the probability that targets will go to unusual lengths to regain access to their coveted Facebook accounts without stopping to question the nature of the instructions they have received...
Why Bother with Security? [If you’re going... Westley McDuffie on 12-12-2013
Are Security Professionals Exiting the Enter... Westley McDuffie on 12-12-2013
The Security Risks of Remote Support Tools ... Amanda Martin on 12-11-2013