Web Security

Google to help rid PCs of trojan that will prevent web access

By

With a July 9 deadline looming for machines infected with the DNSChanger trojan to still be able to access the internet, Google is lending a helping hand to inform users of compromise.

Blue Coat acquired by equity firm for $1.3 billion

By

Thoma Bravo snared its fifth IT security company since 2009 in a high-priced deal to buy Blue Coat Systems, a company that recently found itself immersed in controversy.

Cyber Monday to bring increase in online threats

By

Cyber Monday, the digital equivalent of the brick-and-mortar world's Black Friday, is one of the busiest online shopping days of the year, and typically marks the beginning of a month-long period of increased online threats.

Couple files suit against Citigroup over breach

By

A couple from New York state is seeking class-action status for a lawsuit against Citigroup, alleging that the third-largest U.S. bank has "taken no steps" to protect victims in the wake of a massive data breach, according to reports. Citi admitted in June that 360,083 accounts - about 1.5 percent of its card customer base - were compromised in the attack, in which hackers infiltrated the online banking platform, Citi Account Online, and viewed customer account numbers and contact information.The plaintiffs, Kristina and Steven Orman of Northport, N.Y., filed the suit on Friday in response to fraudsters allegedly charging their credit cards and stealing money from their bank accounts.

Facebook, Websense partner to flag malicious links

By

Facebook on Monday began warning users if they are about to visit a malicious URL. As part of a partnership with security firm Websense, each time a user clicks on a link within Facebook, the address will be checked against a database of known malicious sites. If the link matches a known bad site, users will be presented with a page that offers the choice of continuing on, returning to the previous screen or learning why the link was classified as suspicious. Cybercriminals have flocked to sites like Facebook in recent years. A new Ponemon Institute survey of more than 4,000 IT and IT security professionals found that 52 percent have faced an increase in malware as a result of social media.

Black Hat: Researcher releases tool for replacing certificate authorities

By

Well-known researcher Moxie Marlinspike proposed a solution to revamp the current trust-relationship model on the web, essentially turning the power over to the users.

Experts weigh in on Comodo SSL certificate fraud

By

Reactions are running rampant after Comodo revealed it was tricked into issuing rogue digital certificates.

Group outlines web host's role in fighting malware

By

Web hosting providers must, at the very least, quickly respond to reports of customer sites that are infected, according to a new set of best practices from an anti-badware nonprofit.

Thanks to web, malware authors have become technology agnostic

Thanks to web, malware authors have become technology agnostic

Conventional wisdom that Mac OS X computers and mobile devices won't be targeted or infected by cybercrooks is about to be disproven.

Firefox 3.6.13 issued to fix 13 flaws, 11 "critical"

By

Mozilla on Thursday issued an updated Firefox web browser to fix 13 vulnerabilities.

Ten years of evolving threats: A look back at the impact of notable malicious wares of the past decade

Ten years of evolving threats: A look back at the impact of notable malicious wares of the past decade

As security firm Fortinet celebrates 10 years in business, Fortiguard Labs took a look at the 10 most intriguing threats during the past decade and showed how their feature sets have evolved, Darwin-like, over time.

Google releases Chrome 6

By

Google on Thursday acknowledged the two-year anniversary of its Chrome browser with a new stable channel version that addresses more than a dozen security vulnerabilities. The flaws may allow an attacker to execute arbitrary code, bypass security restrictions, obtain sensitive information, or conduct spoofing attacks, according to an advisory posted by the US-CERT on Friday. Google, which provides monetary rewards for the disclosure of security bugs, paid out $4,337 in bounties for the vulnerabilities. The Chrome 6.0.472.53 stable channel update is available for Windows, Mac and Linux users. — AM

Delaware retirees' personal information posted on state website

By

The personal information of Delaware state retirees was included in a request for proposal that made its way onto the state's website for five days before it was discovered and removed.

IBM report shows new flaws skyrocket in first half of year

By

IBM X-Force's mid-year threat report examined trends in vulnerability disclosures, techniques used to foist malware and risks to virtual environments, plus much more.

Gartner sees 11 percent software security revenue jump

By

Thanks to compliance requirements and a threat environment marked by growing sophistication, sellers of software security products are expected to earn more than $16.5 billion in revenue this year, an 11.3 percent jump from 2009, according to a Gartner forecast released this week.

The state of SSL on the web: Qualys' Ivan Ristic discusses the good and the bad

By

Ivan Ristic, director of engineering at Qualys, provides an overview of his Black Hat 2010 talk, in which he presented a plethora of research findings into the state of SSL on the internet. As Ristic notes, websites are succeeding in some areas and falling short in others when it comes to deployment of SSL encryption.

Webroot buys BrightCloud for website reputation services

By

Internet security firm Webroot announced Wednesday that it has acquired BrightCloud, provider of hosted web content reputation and classification services for vendors. Now part of the Boulder, Colo.-based Webroot, BrightCloud's product will be integrated into its malware detection and security-as-a-service offerings. Terms of the deal were not disclosed. — DK

Web security: Interview with Devin Redmond, vice president of product management at Websense

By

SC Magazine Deputy Editor Dan Kaplan sits down with Websense's vice president of product management to discuss today's web threats facing businesses of all sizes.

Why malware wins the host race

Why malware wins the host race

A noted security researcher explains how sophisticated malware is created to elevate privileges on behalf of an attacker so security controls, such as anti-virus, can be disabled.

New phishing technique exploits browser tab use

By

A Firefox developer has discovered a new phishing attack method dubbed "tabnabbing," which preys on browser tabs and the fact that users generally don't keep track of all the tabs they have open at one time.

Microsoft plans to beef up security of Hotmail

By

Much like Google has done with Gmail, Microsoft is set to improve the security of Hotmail with full-session SSL encryption and a number of other enhancements.

AutoRun worms most common malware during Q1 2010

By

Portable storage device threats, such as AutoRun worms, were the most prevalent type of malware worldwide during the first quarter of the year, according to a McAfee report issued Tuesday.

Lada Gaga, Rihanna lyrics sites used to foist Java exploit

By

Soon after a zero-day Sun Java vulnerability was revealed, attackers are launching exploits on the web with their first stop a song lyrics site.

Peeling the onion layer on the web security inertia

Organizations must overcome the "myths" and "inhibitors" around securing web applications.

Hacker claims to find SQL hole in Intel site

By

A Romanian hacker using the alias "Unu" claims to have found a hole in an Intel website. The hacker demonstrated in late December an SQL injection vulnerability on the Intel "Channel Webinars" site, which is used to run online registrations for channel partner events. The site is currently down for maintenance. The same hacker has previously claimed to gain access to Symantec, Kaspersky, F-Secure and BitDefender websites. — AM

SQL attack hits 125,000 sites

By

An SQL injection attack that began in late November has compromised more than 125,000 web pages, researchers at web security provider ScanSafe, recently acquired by Cisco, said Wednesday in a blog post. The sites have been injected with an IFRAME that loads malicious content from a known malicious domain, 318x.com. A number of other IFRAMEs and code redirections, used for tracking purposes, untimely aim to install the trojan Backdoor.Win32.Buzus.croo on the user's system. The malware generally is used for credit card and other banking-related theft. — AM

Researcher demonstrates Pentagon XSS vulnerability

By

A cross-site scripting vulnerability affecting the Pentagon website is not a major security threat -- but it could turn into one, said a researcher who examined the bug.

Web attacks are financial boon for crooks, Cisco finds

By

Spam and spyware still are profitable for cybercriminals, but the big money is in banking trojans and other web exploits, Cisco's annual security report has found.

Attackers try to swindle FTP credentials

By

Phishers are after FTP credentials in a widespread campaign targeting webmasters that use online hosting providers.

Cameroon, China riskiest country domains, McAfee finds

By

A small nation in Africa is responsible for the riskiest domain space on the internet, according to new McAfee research.

Sign up to our newsletters

POLL