Blog Posts Tagged with "Malicious Code"

7e364bbac217114a59e547b354e7f7ad

What’s Wrong with WAFs and How to Hack Them - Part 2

February 07, 2012 Added by:Gary McCully

In attempts to prevent XSS attacks many organizations block or HTML encode special characters (<, >, "). In order to be fair I will admit that this prevents many successful XSS attacks, but at the end of the day many of these web applications are still vulnerable to XSS...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Symantec Identifies Polymorphic Android App Malware

February 06, 2012 Added by:Headlines

Researchers at Symantec have identified a crafty Trojan targeting Android devices which slightly modifies its code every time the malware is downloaded, a called server-side polymorphism, which makes it more difficult to detect by signature-based antivirus software defenses...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Apple Releases Multiple OS X Lion Security Updates

February 03, 2012 Added by:Headlines

Apple has released security updates for Apple OS X Lion 10.7 to 10.7.2, OS X Lion Server 10.7 to 10.7.2, Mac OS 10.6.8, and Mac OS X Server v 10.6.8 to address multiple vulnerabilities that may allow an attacker to execute arbitrary code, a denial-of-service, and bypass security...

Comments  (0)

7e364bbac217114a59e547b354e7f7ad

What’s Wrong with WAFs and How to Hack Them - Part 1

January 31, 2012 Added by:Gary McCully

Many companies that configure web application firewalls do not truly understand the web application attacks they are trying to prevent. Thus, in many cases, we have poorly coded web applications with poorly configured web application firewalls "protecting" them...

Comments  (3)

69dafe8b58066478aea48f3d0f384820

Report: Malware Creation Hit Record High in 2011

January 31, 2012 Added by:Headlines

The report attributes the increase to automation techniques being more widely used in the creation of malware variants - slightly altered signatures developed to foil anti-malware detection software. The report notes a sharp increase in the proliferation of Trojans...

Comments  (0)

6648b1abd4a9b964566c3690613f20a6

Following the Trail of Web-Based Malware

December 15, 2011 Added by:Mark Baldwin

The main.php script contained javascript that attempted to exploit several potential vulnerabilities. I downloaded the script and analyzed it. By inserting an “alert” statement into the script prior to the actual execution of the code, we can get a good idea of what the script does...

Comments  (0)

Bddd055f2567b4952d8416e168aace64

Web Insecurity: 7 Steps We Should Demand of Advertisers

September 12, 2011 Added by:Chris Weber

The advertising industry can should mitigate the threat of malware by constraining the capabilities of scripting to address arbitrary content, proxying content, and filtering content for malware. Here are seven security essentials that web servers and advertisers must undertake...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Backtrack 5: Linux and Mac Vulnerable to Malicious Scripts

August 31, 2011 Added by:Dan Dieterle

Malicious scripts and executables are encoded and obfuscated to purposely bypass anti-virus programs. Once they are run on a target machine - Windows, Mac or Linux - they connect through the firewall to the attacker's machine. It is imperative to educate your users about these attacks...

Comments  (2)

69dafe8b58066478aea48f3d0f384820

CERT Malaysia Releases DNSwatch Tool

August 30, 2011 Added by:Headlines

"DNSwatch will help you avoid known bad websites or sites that will trick your computer into downloading and installing malicious programs on your computer. Even better, DNSwatch will also prevent you from accessing malicious websites that you may not even know your computer is trying to access..."

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Researchers Find LinkedIn Spam Downloads Trojan

August 29, 2011 Added by:Headlines

"These password-stealing Trojans are programmed to insert themselves into the browser stack and can intercept login pages even before they are encrypted by HTTPS... code snippets ask for additional security questions or special passwords, information the password thieves want..."

Comments  (1)

69dafe8b58066478aea48f3d0f384820

Federal Reserve Spam Message Carries Zeus Payload

June 30, 2011 Added by:Headlines

"The attack appears [to] focus on users of online banking services, especially small businesses and corporations. The messages are not well done. They are badly written and don’t really attempt to hide the fact that the attached file has the double extension .pdf.exe..."

Comments  (0)

F7e202a206691e473e509d080620af68

Malvertising: The Use of Malicious Ads to Install Malware

June 13, 2011 Added by:Lenny Zeltser

Perhaps the future will bring malvertising campaigns where Flash-based ads usurp the victim's CPU cycles to run computations, such as distributed password cracking. Another potential is to use the browser for Bitcoin mining; such operations are already possible using pure JavaScript...

Comments  (1)

43559f6a0465c923b496a260211995c0

HBGary Rootkits: Catch Me If You Can!

March 24, 2011 Added by:Pascal Longpre

Documents leaked in the attack on HBGary shed light on numerous rootkit technologies designed to evade or bypass mainstream detection software and circumvent protections thought to be unbreakable by design. Malware like this also renders disk encryption, DLP and SIEM solutions mostly irrelevant...

Comments  (3)

69dafe8b58066478aea48f3d0f384820

Trojan Utilizes Modified Security Solution Code

March 04, 2011 Added by:Headlines

"Kingsoft WebShield has the ability to lock the home page to a specific domain as well as to redirect URLs based entirely on plain text configuration files... a person with malicious intent can repackage it using malicious configuration files and use this as a home-made Trojan package..."

Comments  (0)

6648b1abd4a9b964566c3690613f20a6

Profiling the Use of Javascript in a Driveby Download Attack

February 21, 2011 Added by:Mark Baldwin

The process described in this article is very typical of how hackers use javascript to install malware on unsuspecting users browsing the web. Understanding how the bad guys use web technology to conduct their attacks can help all of us defend our networks against them...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Facebook Plagued By Two New Security Exploits

February 02, 2011 Added by:Headlines

The exploits are a Trojan called Asprox.N and a malicious link attack called Lolbot.Q. Both play on the probability that targets will go to unusual lengths to regain access to their coveted Facebook accounts without stopping to question the nature of the instructions they have received...

Comments  (0)

Page « < 1 - 2 - 3 > »