Blog Posts Tagged with "Website Security"

69dafe8b58066478aea48f3d0f384820

Thousands of Sites Hacked with Plesk Zero Day Exploit

July 10, 2012 Added by:Headlines

"What is interesting is that most of our clients always used to be using CMSs (like WordPress, Joomla, etc), but lately we are seeing such a large number of just plain HTML sites getting compromised and when we look deeper, they are always using Plesk..."

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Detecting Unknown Application Vulnerabilities "In Flight"

July 10, 2012 Added by:Rafal Los

While you certainly can use velocity and frequency to detect attacks against a web application, high frequency doesn't always mean an attack or that a vulnerability is present. But, it is a fallacy to assume that a component needs to have a high frequency or velocity to signal targeting by an attacker....

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Harvesting Credentials with the Social Engineering Toolkit

July 09, 2012 Added by:Dan Dieterle

The Social Engineering Toolkit included with Backtrack 5 is a great way for penetration testers to see how well their network and users would stand up to Social Engineering attacks. In this tutorial I will demonstrate how SET can be used to set up a realistic looking website to harvest e-mail usernames and passwords...

Comments  (1)

69dafe8b58066478aea48f3d0f384820

Despite Breach Trends - Website Vulnerabilities Decrease

July 02, 2012 Added by:Headlines

"Despite the plethora of recent breach headlines, websites could in fact be getting... less vulnerable... The time for using 'No one would want to attack us' as a security strategy is clearly over, if it was ever true to begin with. Any company doing business online has something worth hacking into..."

Comments  (1)

759c37c6aff04cd46262f93652b5fad5

SecureState Contributes to the SQLMap Project

June 18, 2012 Added by:Spencer McIntyre

Custom-coded applications make SQLi very difficult to exploit in an automated fashion, and most of detection tools are particularly effective against only a few select Database Management Systems (DBMSes). However, the open source SQLMap tool is capable of exploiting a variety of DBMSes....

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Symantec: Internet Explorer Zero-Day Exploit in the Wild

June 18, 2012 Added by:Headlines

"While the exploit used in this attack has been referred to as being a zero-day due to reports of it being seen in the wild before the recent Security Bulletin Summary, zero-days are not commonly observed in attacks... this begs the question: will we see more zero-days being used in similar attacks?"

Comments  (0)

D8853ae281be8cfdfa18ab73608e8c3f

Post Exploitation with PhantomJS

June 17, 2012 Added by:Rob Fuller

PhantomJS is sweet for sweeping a ton of IPs and suspected HTTP/S sites, and look through a gallery of them to start figuring out which looks the most interesting… and we are going to essentially just that, except from a Victim machine...

Comments  (0)

48062676f7b2fc521b0b32a3c6494469

What Are ToR Hidden Services?

June 15, 2012 Added by:gaToMaLo r. amores

In the ToR-.onion network, the client asks to use a website's services, then starts a handshake at a rendezvous point (onion relay) - not at the server/IP. They're never on the site/server when in OnionLand, can’t do a WhoIs and get an IP and cannot find a geo-location. If they can’t find you, they can't hack you...

Comments  (1)

69dafe8b58066478aea48f3d0f384820

OTA Introduces Online Trust Index Measuring Website Security

June 07, 2012 Added by:Headlines

"OTA's work to recognize best practices for sites underscores the importance of focusing on security and privacy holistically. This year's honor roll recipients have demonstrated exceptional leadership and commitment towards consumer protection and to enhance the vitality of the internet"...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Strategic Web Compromises and Cyber Espionage Operations

May 15, 2012 Added by:Headlines

"Cyber Espionage attacks are not a fabricated issue and are not going away any time soon... They are aiming to expand their access and steal data. Communications (primarily e-mail), research and development (R&D), intellectual property (IP), and business intelligence..."

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Ninety Percent of HTTPS Websites Insecure

May 08, 2012 Added by:Dan Dieterle

Of the 200,000 HTTPS websites tested, only about 10% are properly secured. Changes need to be made to the secure online transaction system. Several of the issues have already been addressed, sadly it seems that the appropriate measures to secure SSL have just not been taken...

Comments  (5)

71d85bb5d111973cb65dfee3d2a7e6c9

Using a Website’s Contact Us Form to Create a Phishing Attack

April 19, 2012 Added by:f8lerror

We all have come across websites that have the forms that say “contact us” or something similar. What’s the big deal? These forms have been around forever, right? When an employee finally gets the message, they are automatically put at ease, and become trusting of the content...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

AntiSec Hackers Deface Panda Security's Website

March 06, 2012 Added by:Headlines

Just hours after key members of the Anonymous movement were arrested by law enforcement, the remaining minions have begun retaliatory hits against outspoken critics of the rogue hacktivist collective. The main website for security provider Panda Security was hacked and defaced...

Comments  (0)

00c83c62ef65f17ce8e790850c596964

Secure Now or Forever...

February 24, 2012 Added by:Pamela Gupta

Traditional access control is simple, but permission-based access has become challenging – applications that request the user’s permission to access sensitive data explicitly. We are expecting users to be system administrators without adequate training, which is not feasible...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

FTC Removed Security Protocols from Website Contract

February 21, 2012 Added by:Headlines

The events appear to be a comedy of errors, where during the long process involved in awarding contracts, critical security requirements were not enforced. As the federal government races to outsource in an effort to cut costs, the risk of oversights become more probable...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

GFI WebMonitor Internet and Web Security Review

February 09, 2012 Added by:Dan Dieterle

Looking for a program that monitors internet use, allows granular control over sites and services they can access, coupled with comprehensive web security and threat detection that includes scanning with three Anti-Virus engines? Look no further...

Comments  (0)

Page « < 1 - 2 - 3 > »