Web Security

For the aspiring attacker or pen tester, there is no shortage of attack tools, scripts, crimeware kits and exploits available online. But, the Internet being what it is, there's always room for one more. Enter HULK, a new DDoS tool that arrives just in time to coincide with the release of some movie involving the actual Hulk and other CGI-ified mediocre-heroes. Read more »

Facebook, Gmail, Yahoo and Hotmail users should beware of rogue rebate offers and new secure payment options aimed at getting them to part with their debit card information.

Earlier this week Amit Klein, CTO of Trusteer, announced the discovery of a peer-to-peer variant of the Zeus platform that leverages trusted relationships and well-known brands to convince users to sign up for convenient services and better secure debit card transactions. On each site, the attack displays a little differently. Read more »

Twitter has implemented the Do Not Track header on its site, giving users the option of telling the site that they do not want to be tracked across other sites on the Web. The implementation is being done through the DNT technology in the Firefox browser. Read more »

This post is the last in a 5-part series on Application Security, or “AppSec”.

By Fergal Glynn

This blog post series has examined the growing threats to software, defined the components of a sound AppSec program, described an evolutionary path to AppSec maturity, and considered a number of tools and technologies worthy of investment. Ultimately, it is the Chief Information Security Officer (CISO) or equivalent’s responsibility to mitigate the enterprise’s level of software risk as part of a comprehensive infosec strategy. In this, the final post in this series, let’s review the return on investment possible from a sound AppSec program, including ways to build a business case for further investment in this critical IT security discipline. Read more »

A recent string of Web site hacks at Amnesty International and other NGOs are evidence of a campaign of cyber espionage directed against human rights orgnaizations, according to a report from The Shadowserver Foundation. Read more »

The Wikimedia Foundation is warning its millions of visitors that if they're seeing ads appearing on any of the Foundation's Web sites, then their computer is probably infected with malware.  Read more »

Legitimate Web sites that have been hijacked and used to serve malicious content greately outnumber malicious sites on a list of the most-trafficked sites on Google's blacklist, according to analysis by security firm Zscaler.  Read more »

Spammers have jumped on the latest social media craze: the photo sharing site Pinterest. And they're being helped out by new, automated spam toolkits designed to exploit the fast growing new social network. Read more »

Google has released Chrome 19 and fixed more than 20 vulnerabilities in its browser, including eight high-risk bugs. The company paid security researchers $7,500 in rewards as part of its bug bounty program, including two rewards for vulnerabilities that applied to Chrome as well as other applications. Read more »

The first annual Index of Cyber Security finds that senior security officers are more concerned than at this time last year about the risk of cyber attack and other online risks, with concerns about ideologically-motivated hacktivists and the threats posed by business partners and other "counter parties" topping the list. Read more »