October 01, 2012
Seeker from Quotium takes a somewhat different approach to application security from most similar products.
September 04, 2012
Applications provide the path to an organization's coveted assets. And even if they're not public-facing, they still can be a ripe target. We talk to Marcus Prendergast, CSO of ITG, for this month's cover story.
Authorities believe Raynaldo Rivera joined previously accused Cody Kretsinger in compromising SonyPictures.com to steal personal information on about a million people.
An online collective citing opposition to banks and the arrests of fellow hacktivists has published one million stolen records.
PayPal has joined the likes of Google and Facebook by announcing Thursday that it will begin paying researchers who discover vulnerabilities on its website.
Google has significantly increased its finder's fee for vulnerability researchers.
An accused member of the hacktivist group LulzSec pleaded guilty Thursday in federal court in Los Angeles to charges of hacking into the systems of Sony Pictures Entertainment, according to reports.
The FTC seemed most upset with RockYou's failure to protect the personal information of 179,000 children who registered to use the site.
Traditionally known for defacing websites and knocking them offline, so-called hacktivists stepped up their game last year and were responsible for a majority of data stolen in breaches, according to an annual study from Verizon.
Online hackers have compromised two adult websites, including the very popular YouPorn, in recent weeks, apparently to highlight weak security.
Based on a Google search of a malicious SQL string being used, more than 4,000 websites have been infected in less than 24 hours.
November 01, 2011
Recognizing their code bases contain weaknesses and are prime targets for attackers, software companies such as Facebook are beginning to view the research community as more friend than foe.
Another mass SQL injection attack, similar to "Liza Moon" from earlier this year, is impacting more than a million websites.
A purported member of the hacktivist group LulzSec pleaded innocent Monday in federal court in Los Angeles to charges of hacking into the systems of Sony Pictures Entertainment. Cody Kretsinger, a.k.a. "recursion," 23, of Arizona is facing one count each of conspiracy and unauthorized impairment of a protected computer. He faces a maximum sentence of 15 years in prison. He is accused of participating in a weeklong SQL injection attack, ending in early June, on the Sony Pictures site. The compromise resulted in the theft of data belonging to roughly one million users, some of which was publicly posted.
Much of the surge can be blamed on SQL injection and the use of exploit toolkits, according to researchers at Dell SecureWorks.
Anonymous didn't have to hack into anything to cause service disruptions on Monday night.
Despite arrests earlier this week, two hacking groups said they are in possession of multiple gigabytes of sensitive information belonging to NATO and two Rupert Murdoch-owned newspapers.
The personal information belonging to thousands of Lady Gaga fans was stolen after hackers breached the singer's U.K. website.
Software buyers may soon have access to more secure offerings, thanks to a new scoring system that will allow end-users to demand more assurance.
Security professionals should find little comfort in the announcement over the weekend that LulzSec was folding up shop following an unprecedented, two-month-long hacking spree that left a trail of disruption and embarrassment across multiple industries.
With ready-made exploit kits and classes of vulnerabilities that date back to the 1990s at their disposal, hacker groups are finding easy pickings.
A fresh attack against Sony has yielded the personal information of more than one million users of SonyPictures.com, according to a hacktivist group.
May 24, 2011
SQL injection vulnerabilities first appeared in the 1990s, yet massive breaches in recent years prove the problem still remains a thorn in the side of security experts.
A Georgia man has pleaded guilty after authorities found him in possession of more than 675,000 credit card numbers, some of which he obtained by hacking into business networks.
A new report from Veracode paints a grim picture of the security built into application software.
The latest cyberattacks aimed at high-profile security firms underscore that any company, even those that do security for a living, can be compromised.
Hackers revealed Monday that they exploited an SQL injection vulnerability on the website of Barracuda Networks to steal the names and contact information of partners, end-users and Barracuda employees.
At least 380,000 web pages have been infected via SQL injection to serve rogue anti-virus programs, known as scareware, security firm Websense reported Thursday. The sites were injected with code that directs victims to a website called Liza Moon, which automatically redirects users to a notorious site serving fake anti-virus. Both domains currently are down, according to Websense. This latest round appears to be targeting iTunes URLs that are used to update podcasts. This is one of the largest mass SQL injection attacks that Websense has detected since that style of attack became popular in 2008 and 2009.
Hackers over the weekend compromised Oracle's MySQL.com customer website via SQL injection and posted a list of usernames and passwords online.
eHarmony has confirmed that a hacker recently gained access to a file containing user information, weeks after another popular dating site was compromised.
