Blog Posts Tagged with "Website Security"
Thousands of Sites Hacked with Plesk Zero Day Exploit
July 10, 2012 Added by:Headlines
"What is interesting is that most of our clients always used to be using CMSs (like WordPress, Joomla, etc), but lately we are seeing such a large number of just plain HTML sites getting compromised and when we look deeper, they are always using Plesk..."
Comments (0)
Detecting Unknown Application Vulnerabilities "In Flight"
July 10, 2012 Added by:Rafal Los
While you certainly can use velocity and frequency to detect attacks against a web application, high frequency doesn't always mean an attack or that a vulnerability is present. But, it is a fallacy to assume that a component needs to have a high frequency or velocity to signal targeting by an attacker....
Comments (0)
Harvesting Credentials with the Social Engineering Toolkit
July 09, 2012 Added by:Dan Dieterle
The Social Engineering Toolkit included with Backtrack 5 is a great way for penetration testers to see how well their network and users would stand up to Social Engineering attacks. In this tutorial I will demonstrate how SET can be used to set up a realistic looking website to harvest e-mail usernames and passwords...
Comments (1)
Despite Breach Trends - Website Vulnerabilities Decrease
July 02, 2012 Added by:Headlines
"Despite the plethora of recent breach headlines, websites could in fact be getting... less vulnerable... The time for using 'No one would want to attack us' as a security strategy is clearly over, if it was ever true to begin with. Any company doing business online has something worth hacking into..."
Comments (1)
SecureState Contributes to the SQLMap Project
June 18, 2012 Added by:Spencer McIntyre
Custom-coded applications make SQLi very difficult to exploit in an automated fashion, and most of detection tools are particularly effective against only a few select Database Management Systems (DBMSes). However, the open source SQLMap tool is capable of exploiting a variety of DBMSes....
Comments (0)
Symantec: Internet Explorer Zero-Day Exploit in the Wild
June 18, 2012 Added by:Headlines
"While the exploit used in this attack has been referred to as being a zero-day due to reports of it being seen in the wild before the recent Security Bulletin Summary, zero-days are not commonly observed in attacks... this begs the question: will we see more zero-days being used in similar attacks?"
Comments (0)
Post Exploitation with PhantomJS
June 17, 2012 Added by:Rob Fuller
PhantomJS is sweet for sweeping a ton of IPs and suspected HTTP/S sites, and look through a gallery of them to start figuring out which looks the most interesting… and we are going to essentially just that, except from a Victim machine...
Comments (0)
What Are ToR Hidden Services?
June 15, 2012 Added by:gaToMaLo r. amores
In the ToR-.onion network, the client asks to use a website's services, then starts a handshake at a rendezvous point (onion relay) - not at the server/IP. They're never on the site/server when in OnionLand, can’t do a WhoIs and get an IP and cannot find a geo-location. If they can’t find you, they can't hack you...
Comments (1)
OTA Introduces Online Trust Index Measuring Website Security
June 07, 2012 Added by:Headlines
"OTA's work to recognize best practices for sites underscores the importance of focusing on security and privacy holistically. This year's honor roll recipients have demonstrated exceptional leadership and commitment towards consumer protection and to enhance the vitality of the internet"...
Comments (0)
Strategic Web Compromises and Cyber Espionage Operations
May 15, 2012 Added by:Headlines
"Cyber Espionage attacks are not a fabricated issue and are not going away any time soon... They are aiming to expand their access and steal data. Communications (primarily e-mail), research and development (R&D), intellectual property (IP), and business intelligence..."
Comments (0)
Ninety Percent of HTTPS Websites Insecure
May 08, 2012 Added by:Dan Dieterle
Of the 200,000 HTTPS websites tested, only about 10% are properly secured. Changes need to be made to the secure online transaction system. Several of the issues have already been addressed, sadly it seems that the appropriate measures to secure SSL have just not been taken...
Comments (5)
Using a Website’s Contact Us Form to Create a Phishing Attack
April 19, 2012 Added by:f8lerror
We all have come across websites that have the forms that say “contact us” or something similar. What’s the big deal? These forms have been around forever, right? When an employee finally gets the message, they are automatically put at ease, and become trusting of the content...
Comments (0)
AntiSec Hackers Deface Panda Security's Website
March 06, 2012 Added by:Headlines
Just hours after key members of the Anonymous movement were arrested by law enforcement, the remaining minions have begun retaliatory hits against outspoken critics of the rogue hacktivist collective. The main website for security provider Panda Security was hacked and defaced...
Comments (0)
Secure Now or Forever...
February 24, 2012 Added by:Pamela Gupta
Traditional access control is simple, but permission-based access has become challenging – applications that request the user’s permission to access sensitive data explicitly. We are expecting users to be system administrators without adequate training, which is not feasible...
Comments (0)
FTC Removed Security Protocols from Website Contract
February 21, 2012 Added by:Headlines
The events appear to be a comedy of errors, where during the long process involved in awarding contracts, critical security requirements were not enforced. As the federal government races to outsource in an effort to cut costs, the risk of oversights become more probable...
Comments (0)
GFI WebMonitor Internet and Web Security Review
February 09, 2012 Added by:Dan Dieterle
Looking for a program that monitors internet use, allows granular control over sites and services they can access, coupled with comprehensive web security and threat detection that includes scanning with three Anti-Virus engines? Look no further...
Comments (0)
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)
- Complimentary IT Security Resources [May 13, 2013]
- Steps Toward Weaponizing the Android Platform
- Mobile Security Processes Could Be Applied to Medical Devices: Bluebox
- The Emperor Is Naked!
- Infographic: Keeping Web Applications Safe
- Do You Have a Vendor Security Check List? You Should!