Web Service Security News, Articles and Updates
There is no holiday lull for Microsoft, as the software giant is working to address a potentially dangerous denial-of-service vulnerability impacting its entire .NET Framework. Other vendors may be impacted too.
Leading Chinese search engine Baidu, is suing Register.com, its U.S.-based web hosting provider, over a recent cyberattack that left the site unusable for several hours, according to published reports. On Jan. 12, Baidu visitors were redirected to a page announcing that the site had been overtaken by the Iranian Cyber Army. On Wednesday in a Manhattan federal court, Baidu filed a complaint against Register.com claiming that negligence by the company resulted in severe damage to the search giant. A Register.com spokesperson reportedly has said the lawsuit is "without merit." A representative could not be reached by SCMagazineUS.com. — AM
Politically motivated hackers were able to break into several of Network Solutions' servers and then display their illegitimate content.
Of all vulnerabilities in web technologies discovered in the first half of 2009, 90 percent were present in web applications.
Attackers are exploiting a web service application to crack into Yahoo email accounts.
Companies are increasingly blocking access to social networking sites, according to a new survey.
Social networking sites, such as Twitter and Facebook are the most commonly attacked websites, replacing government websites as the targets of choice.
The giant web marketplace site eBay has warned developers of a security vulnerability, and is requiring that they change their credentials immediately.
Twitter has begun alerting users when they attempt to post a link to a malicious site.
One of the flaws at the heart of Adobe's ColdFusion 8.0.1 zero-day vulnerability has been patched.
Apple on Wednesday released the long-anticipated upgrade to its iPhone operating system.
A security researcher plans to raise awareness about how third-party developer sites can be exploited to abuse social networking sites, namely Twitter.
An internet service provider accused of violating federal law by hosting malicious sites and working with cybercriminals has been shut down, but the California-based company plans to appeal.
Cybercriminals are using Twitter to propagate malicious links in an attack that's easier to mount than black-hat search-engine optimization (SEO), according to PandaLabs.
Users of popular blogging platform Twitter fell victim this past week to a scareware scam.
A mass injection attack similar but unrelated to Gumblar has infected more than 40,000 websites, according to new research from Websense.
Even IT professionals are confused about what constitutes Web 2.0, according to a survey released Wednesday.
The Online Trust Alliance (OTA), an industry group whose mission is to eliminate email and internet fraud, has released for comment a draft document outlining its Online Trust Principles. OTA said the principles listed in the document are a major step toward establishing business practices for greater online protection. After a 30-day comment period and subsequent ratification, OTA plans to work with business and regulatory agencies to drive adoption, according to an announcement describing the initiative. — CAM
Microsoft on Tuesday confirmed the presence of a privilege-escalation vulnerability in its Internet Information Services web server -- but said no exploits are underway.
A vulnerability in Microsoft Internet Information Services (IIS) web server could enable an attacker to access or upload files to protected WebDAV folders. The SANS Internet Storm Center said in a blog post that "adding certain Unicode characters to an URL makes it possible to bypass authentication in IIS." The vulnerability was rated "moderately critical" and affects Microsoft IIS 5.1 and 6.0, according to an advisory from Secunia. Storm Center handlers recommended turning off WebDav until more details about the vulnerability are uncovered. — AM
Companies must develop better ways of evaluating the security and privacy practices of the cloud services they utilize, according to a report by Forrester released Friday.
Google searches for a number of security products and vendors -- including F-Secure, Norton, McAfee and Trend Micro -- have yielded advertisements with links to rogue products.
Management increasingly is recognizing security as a top business priority, which is resulting in higher budgets for some organizations despite the economic slowdown, according to a new survey.
Three real estate agents in Rockingham, N.C. were charged with illegally accessing a Hotmail account belonging to the employee of a competitor. RE/MAX Tri City Realty agents Wendy Robson Massagee, 43; Kim Dawn Whitley, 40; and Jamie Moss-Godfrey, 41, allegedly used the victim's username and password to access the account and view work-related emails, according to a report in the Richmond County (N.C.) Daily Journal. All three were released and are scheduled to appear in local court on April 23. - AM
The Electronic Privacy Information Center, a privacy advocacy group, filed a complaint with the Federal Trade Commission on Tuesday urging an investigation of Google's cloud computing services to determine the adequacy of its privacy and security safeguards.
Vulnerabilities in web applications made up 80 percent of all web-related flaws in the second half of 2008 and rose in prevalence by about eight percent from the first half of the year.
Google on Wednesday launched an "interest-based" advertising service, sparking a larger discussion among privacy-advocacy groups over data collection concerns.
Google Docs, a web-based word processor, experienced a glitch that shared documents without permission.
Mozilla on Wednesday issued Firefox 3.0.7, which fixes multiple security issues that could potentially enable an attacker to run arbitrary code on a victim's computer, cause a denial-of-service condition, obtain sensitive information, or spoof the location bar, according to an advisory from US-CERT Thursday.
Online photography store iStockphoto warned of a phishing attack targeted against its website on Wednesday, "We strongly urge all users who logged in at some point today to change their passwords," the company said on its website. "In addition, do not open any site mail for the next 24 hours." Attackers created a fake iStockphoto login screen, saved users' credentials on a malicious server then redirected them back to the website's main page. The company said that no financial information was breached. — AM
SC Magazine Articles
- GCHQ infosec group disclosed kernel privilege exploit to Apple
- 77% of organisations unprepared for cyber-security incidents
- 117 million LinkedIn email credentials found for sale on the dark web
- Furtim malware can run AND it can hide
- Ubiquiti warns of worm using known exploit on outdated AirOS firmware
- Some U.S. Bancorp workers' W-2 info exposed in ADP data breach
- Spearphishing attack nets $495K from investment firm
- Updated: Gmail, Yahoo email credentials among millions found on the dark web
- Report: Ransomware feeds off poor endpoint security
- Organizations need formal vendor risk management programs, study
- 2.5K Twitter accounts hacked to spread links to adult content
- Study: Federal agencies still lack strong cyber hygiene practices
- Petya and Mischa - the Ransomware Twins (sort of)
- Bad guys update ransomware DMA Locker with version 4.0
- Lieu, Hurd urge colleagues to use encryption, improve cyber hygiene