The rapid evolution of “Web 2.0” has sparked the convergence of social networking on a massive scale and the adoption of new combinations of technologies that significantly increase the so-called ‘attack-surface’. This combination offers irresistible opportunities to organised crime.
The threat of the Ajax Super Worm
March 21st, 2008 · Comments Off
eEye to Add Retina Web App Scanner
March 14th, 2008 · Comments Off
eEye Digital Security tomorrow will make its first foray into the Web vulnerability space — with a new member of its Retina Security Scanner family that roots out Web application flaws. eEye founder and former CTO and chief hacking officer Marc Maiffret first revealed eEye’s plans to add Web application scanning to its portfolio in [...]
FTP Hacking on the Rise
March 12th, 2008 · Comments Off
The File Transfer Protocol (FTP) has attracted renewed interest lately, but not in a good way: The bad guys are now using the ‘70s disco-era file transfer technology to serve up bot malware, and even as a backdoor into some enterprises that neglect to lock down their FTP servers.
Microsoft Patches 12 Office Security Holes
March 12th, 2008 · Comments Off
Microsoft today issued four updates to fix at least a dozen security vulnerabilities in its Office software products. All of the updates earned Microsoft’s "critical" label, meaning attackers could exploit the flaws to break into Windows systems with little or no help from users.
Malware removes rival rootkits
March 4th, 2008 · Comments Off
Miscreants have created a strain of malware capable of removing rootkits from compromised PCs, only to install almost undetectable backdoor code of its own. The Pandex Trojan stops previously installed rootkits from working by removing their hooks into system calls.
Security holes in VLC media player patched
March 4th, 2008 · Comments Off
The developers of the open source media player VLC have closed several security holes. These would have allowed attackers to inject and execute malicious code using manipulated Realtime data streams or crafted video files. The latest version, 0.8.6e, is available to download and fixes the flaws.
Five basic mistakes of security policy
March 4th, 2008 · Comments Off
As I mentioned in my last article, security policies serve to protect (data, customers, employees, technological systems), define (the company’s stance on security), and minimize risk (internal and external exposure and publicity fallout in the event of a breach).
Windows XP SP3 Security
February 29th, 2008 · Comments Off
The reality is that not every organisation has upgraded to Windows Vista. With Windows XP (launched in 2001 and still being sold) Microsoft have released service pack 3, the latest and probably the last version.
NetworkMiner - Passive Sniffer & Packet Analysis Tool for Windows
February 28th, 2008 · Comments Off
NetworkMiner is a passive network sniffer/packet capturing tool for Windows with an easy to use interface. It can detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the network. NetworkMiner can also parse PCAP files for off-line analysis.
Stolen FTP Credentials Offered for Sale: Major Firms at Risk
February 28th, 2008 · Comments Off
Cybercriminals are selling a new crimeware package that can automatically infect nearly 9,000 FTP servers at some major global companies, researchers said today. Researchers at Finjan say they recently stumbled upon a Website selling and trading these stolen FTP server administrator credentials in a software-as-a-service model.