Get up-to-the-minute news and opinions, plus access to a wide assortment of IT security resources that will keep you current and informed.

Keep me logged in Forgot your password?

Please wait...

Please wait...

 Web Service Security

Microsoft scrambles to address widespread ASP.NET bug

December 28, 2011

There is no holiday lull for Microsoft, as the software giant is working to address a potentially dangerous denial-of-service vulnerability impacting its entire .NET Framework. Other vendors may be impacted too.
 

Baidu suing registrar for negligence in cyberattack

January 21, 2010

Leading Chinese search engine Baidu, is suing Register.com, its U.S.-based web hosting provider, over a recent cyberattack that left the site unusable for several hours, according to published reports. On Jan. 12, Baidu visitors were redirected to a page announcing that the site had been overtaken by the Iranian Cyber Army. On Wednesday in a Manhattan federal court, Baidu filed a complaint against Register.com claiming that negligence by the company resulted in severe damage to the search giant. A Register.com spokesperson reportedly has said the lawsuit is "without merit." A representative could not be reached by SCMagazineUS.com. — AM
 

Political hackers deface Network Solutions-hosted sites

January 20, 2010

Politically motivated hackers were able to break into several of Network Solutions' servers and then display their illegitimate content.
 

Web technologies account for 78 percent of all bugs

November 09, 2009

Of all vulnerabilities in web technologies discovered in the first half of 2009, 90 percent were present in web applications.
 

Rampant brute-force attack against Yahoo Mail

September 21, 2009

Attackers are exploiting a web service application to crack into Yahoo email accounts.
 

Survey: Social networks increasingly blocked

August 19, 2009

Companies are increasingly blocking access to social networking sites, according to a new survey.
 

Social network attacks top website target list

August 17, 2009

Social networking sites, such as Twitter and Facebook are the most commonly attacked websites, replacing government websites as the targets of choice.
 

eBay mandates developer password change

August 11, 2009

The giant web marketplace site eBay has warned developers of a security vulnerability, and is requiring that they change their credentials immediately.
 

Researchers laud Twitter alerts on bad links

August 03, 2009

Twitter has begun alerting users when they attempt to post a link to a malicious site.
 

Source of Adobe zero-day bug patched

July 06, 2009

One of the flaws at the heart of Adobe's ColdFusion 8.0.1 zero-day vulnerability has been patched.
 

Latest upgrade to iPhone includes 46 security fixes

June 18, 2009

Apple on Wednesday released the long-anticipated upgrade to its iPhone operating system.
 

Researcher plans to unveil a month of Twitter bugs in July

June 16, 2009

A security researcher plans to raise awareness about how third-party developer sites can be exploited to abuse social networking sites, namely Twitter.
 

ISP Pricewert shuttered for distributing spam

June 05, 2009

An internet service provider accused of violating federal law by hosting malicious sites and working with cybercriminals has been shut down, but the California-based company plans to appeal.
 

Cybercriminals targeting Twitter "trending topics"

June 04, 2009

Cybercriminals are using Twitter to propagate malicious links in an attack that's easier to mount than black-hat search-engine optimization (SEO), according to PandaLabs.
 

Twitter hit with rogue anti-virus scams

June 02, 2009

Users of popular blogging platform Twitter fell victim this past week to a scareware scam.
 

"Beladen" website compromises cropping up

June 01, 2009

A mass injection attack similar but unrelated to Gumblar has infected more than 40,000 websites, according to new research from Websense.
 

IT professionals confused about Web 2.0

May 20, 2009

Even IT professionals are confused about what constitutes Web 2.0, according to a survey released Wednesday.
 

OTA seeks comment

May 20, 2009

The Online Trust Alliance (OTA), an industry group whose mission is to eliminate email and internet fraud, has released for comment a draft document outlining its Online Trust Principles. OTA said the principles listed in the document are a major step toward establishing business practices for greater online protection. After a 30-day comment period and subsequent ratification, OTA plans to work with business and regulatory agencies to drive adoption, according to an announcement describing the initiative. — CAM
 

Microsoft validates web server vulnerability

May 19, 2009

Microsoft on Tuesday confirmed the presence of a privilege-escalation vulnerability in its Internet Information Services web server -- but said no exploits are underway.
 

New Microsoft IIS flaw

May 18, 2009

A vulnerability in Microsoft Internet Information Services (IIS) web server could enable an attacker to access or upload files to protected WebDAV folders. The SANS Internet Storm Center said in a blog post that "adding certain Unicode characters to an URL makes it possible to bypass authentication in IIS." The vulnerability was rated "moderately critical" and affects Microsoft IIS 5.1 and 6.0, according to an advisory from Secunia. Storm Center handlers recommended turning off WebDav until more details about the vulnerability are uncovered. — AM
 

Cloud computing providers require strong audits

May 11, 2009

Companies must develop better ways of evaluating the security and privacy practices of the cloud services they utilize, according to a report by Forrester released Friday.
 

Rogue product ads on F-Secure, McAfee, Trend Micro searches

April 17, 2009

Google searches for a number of security products and vendors -- including F-Secure, Norton, McAfee and Trend Micro -- have yielded advertisements with links to rogue products.
 

Despite downturn, IT security spending to increase

April 13, 2009

Management increasingly is recognizing security as a top business priority, which is resulting in higher budgets for some organizations despite the economic slowdown, according to a new survey.
 

Realtors hack competitor email

April 07, 2009

Three real estate agents in Rockingham, N.C. were charged with illegally accessing a Hotmail account belonging to the employee of a competitor. RE/MAX Tri City Realty agents Wendy Robson Massagee, 43; Kim Dawn Whitley, 40; and Jamie Moss-Godfrey, 41, allegedly used the victim's username and password to access the account and view work-related emails, according to a report in the Richmond County (N.C.) Daily Journal. All three were released and are scheduled to appear in local court on April 23. - AM
 

Privacy group urges FTC to investigate Google's cloud services

March 18, 2009

The Electronic Privacy Information Center, a privacy advocacy group, filed a complaint with the Federal Trade Commission on Tuesday urging an investigation of Google's cloud computing services to determine the adequacy of its privacy and security safeguards.
 

Web apps account for 80 percent of internet vulnerabilities

March 18, 2009

Vulnerabilities in web applications made up 80 percent of all web-related flaws in the second half of 2008 and rose in prevalence by about eight percent from the first half of the year.
 

Google's interest-based advertising sparks privacy debate

March 12, 2009

Google on Wednesday launched an "interest-based" advertising service, sparking a larger discussion among privacy-advocacy groups over data collection concerns.
 

Google's glitch in the cloud

March 09, 2009

Google Docs, a web-based word processor, experienced a glitch that shared documents without permission.
 

Firefox update addresses multiple security issues

March 05, 2009

Mozilla on Wednesday issued Firefox 3.0.7, which fixes multiple security issues that could potentially enable an attacker to run arbitrary code on a victim's computer, cause a denial-of-service condition, obtain sensitive information, or spoof the location bar, according to an advisory from US-CERT Thursday.
 

Phishing attack on iStockphoto

March 04, 2009

Online photography store iStockphoto warned of a phishing attack targeted against its website on Wednesday, "We strongly urge all users who logged in at some point today to change their passwords," the company said on its website. "In addition, do not open any site mail for the next 24 hours." Attackers created a fake iStockphoto login screen, saved users' credentials on a malicious server then redirected them back to the website's main page. The company said that no financial information was breached. — AM
 
Popular Topics
4G-war Advanced Persistent Threat Adware AMTSO Anonymous Botnets Cyber Attacks Cyber Crime Data Breach Data Breaches Encryption Hackers Hacktivism Health Care IT Security Java Malware Mobile Devices Phishing Risk Management Social Security Numbers Stolen Information Survey Trojans Vulnerabilities & Flaws