In this video from the OWASP AppSec Research conference, Tom Brennan of WhiteHat Security discusses the current trends in vulnerabilities in Web applications and what's driving them.

Shorten URL: . Click to copy to clipboard or post to Twitter

Search giant Google cried foul after an IBM X-Force report labeled it the vendor with the highest percentage of unpatched, critical security holes, prompting a correction by IBM.

Shorten URL: . Click to copy to clipboard or post to Twitter

Search giant Google cried foul after an IBM X-Force report labeled it the vendor with the highest percentage of unpatched, critical security holes, prompting a correction by IBM.

Shorten URL: . Click to copy to clipboard or post to Twitter

By Alex Rothacker

In our last column, we focused on privilege escalation attacks, and the impact that this category of  SQL injection attacks can have on the database - particularly where specific database vulnerabilities exist, and can be exploited through the manipulation of privileges. Let’s look more deeply at how organizations struggle with the issue of extensive privileges assigned directly to users - or indirectly through user groups. We’ll address what can happen when database users are over-credentialed, and what should be done to ensure you are aware of all activity that is occurring in your environment.

Shorten URL: . Click to copy to clipboard or post to Twitter

By Alex Rothacker

In our last column, we focused on privilege escalation attacks, and the impact that this category of  SQL injection attacks can have on the database - particularly where specific database vulnerabilities exist, and can be exploited through the manipulation of privileges. Let’s look more deeply at how organizations struggle with the issue of extensive privileges assigned directly to users - or indirectly through user groups. We’ll address what can happen when database users are over-credentialed, and what should be done to ensure you are aware of all activity that is occurring in your environment.

Shorten URL: . Click to copy to clipboard or post to Twitter

The buzz this morning isn't Google's Buzz, but its new Priority Inbox feature for the company's Web based Gmail messaging service. The new feature allows heavy e-mail users to filter out and prioritize important messages. But the search giant has already hit a snag in releasing it to the public.

Shorten URL: . Click to copy to clipboard or post to Twitter

The buzz this morning isn't Google's Buzz, but its new Priority Inbox feature for the company's Web based Gmail messaging service. The new feature allows heavy e-mail users to filter out and prioritize important messages. But the search giant has already hit a snag in releasing it to the public.

Shorten URL: . Click to copy to clipboard or post to Twitter

Alureon rootkit is back, and has acquired the ability to hijack computers running 64-bit versions of Microsoft Windows, proclaimed security researcher Marco Giuliani. Read the full article. [Help Net Security]

Shorten URL: . Click to copy to clipboard or post to Twitter

Alureon rootkit is back, and has acquired the ability to hijack computers running 64-bit versions of Microsoft Windows, proclaimed security researcher Marco Giuliani. Read the full article. [Help Net Security]

Shorten URL: . Click to copy to clipboard or post to Twitter

Organized cyber thieves stole more than $600,000 from the Catholic Diocese of Des Moines, Iowa earlier this month with the help of dozens of unwitting co-conspirators hired through work-at-home job scams, at least one of whom was told the money was being distributed to victims of the Catholic Church sex abuse scandals. Read the full article. [KrebsonSecurity]

Shorten URL: . Click to copy to clipboard or post to Twitter