Web Security

May 18, 2012, 9:52AM

HULK DDoS Tool Smash Web Server, Server Fall Down

For the aspiring attacker or pen tester, there is no shortage of attack tools, scripts, crimeware kits and exploits available online. But, the Internet being what it is, there's always room for one more. Enter HULK, a new DDoS tool that arrives just in time to coincide with the release of some movie involving the actual Hulk and other CGI-ified mediocre-heroes. Read more »


May 17, 2012, 8:16PM Around the Web

New P2P Zeus Variant Targets Popular Sites with Bogus Offers

Facebook, Gmail, Yahoo and Hotmail users should beware of rogue rebate offers and new secure payment options aimed at getting them to part with their debit card information.

Earlier this week Amit Klein, CTO of Trusteer, announced the discovery of a peer-to-peer variant of the Zeus platform that leverages trusted relationships and well-known brands to convince users to sign up for convenient services and better secure debit card transactions. On each site, the attack displays a little differently. Read more »


May 17, 2012, 12:34PM

Twitter Implements Do Not Track

Twitter has implemented the Do Not Track header on its site, giving users the option of telling the site that they do not want to be tracked across other sites on the Web. The implementation is being done through the DNT technology in the Firefox browser. Read more »


May 17, 2012, 9:00AM

A CISO's Guide To Application Security - Part 5: Justifying an Investment in AppSec

This post is the last in a 5-part series on Application Security, or “AppSec”.

By Fergal Glynn

Fergal GlynnThis blog post series has examined the growing threats to software, defined the components of a sound AppSec program, described an evolutionary path to AppSec maturity, and considered a number of tools and technologies worthy of investment. Ultimately, it is the Chief Information Security Officer (CISO) or equivalent’s responsibility to mitigate the enterprise’s level of software risk as part of a comprehensive infosec strategy. In this, the final post in this series, let’s review the return on investment possible from a sound AppSec program, including ways to build a business case for further investment in this critical IT security discipline. Read more »


May 16, 2012, 5:01PM

Report: Strategic Web Compromises Behind Recent Hack of Amnesty, Others

A recent string of Web site hacks at Amnesty International and other NGOs are evidence of a campaign of cyber espionage directed against human rights orgnaizations, according to a report from The Shadowserver Foundation. Read more »


May 16, 2012, 11:07AM Around the Web

Like Those Wikipedia Ads? They Mean You're Infected With Malware!

The Wikimedia Foundation is warning its millions of visitors that if they're seeing ads appearing on any of the Foundation's Web sites, then their computer is probably infected with malware.  Read more »


May 15, 2012, 6:06PM Around the Web

Hijacked Web Sites Among The Most Visited On Google's Black List

Legitimate Web sites that have been hijacked and used to serve malicious content greately outnumber malicious sites on a list of the most-trafficked sites on Google's blacklist, according to analysis by security firm Zscaler.  Read more »


May 15, 2012, 5:47PM Around the Web

Spammers Targeting Pinterest Using Point-And-Click Tools

Spammers have jumped on the latest social media craze: the photo sharing site Pinterest. And they're being helped out by new, automated spam toolkits designed to exploit the fast growing new social network. Read more »


May 15, 2012, 12:26PM

Google Releases Chrome 19, Fixes More Than 20 Bugs

Chrome patchGoogle has released Chrome 19 and fixed more than 20 vulnerabilities in its browser, including eight high-risk bugs. The company paid security researchers $7,500 in rewards as part of its bug bounty program, including two rewards for vulnerabilities that applied to Chrome as well as other applications. Read more »


May 14, 2012, 1:27PM

Cyber Security Index Highlights Political Threats, Business Partner Risk

ICSThe first annual Index of Cyber Security finds that senior security officers are more concerned than at this time last year about the risk of cyber attack and other online risks, with concerns about ideologically-motivated hacktivists and the threats posed by business partners and other "counter parties" topping the list. Read more »


Syndicate content

 

Copyright © 2012 threatpost.com | Terms of Service | Privacy