During the Christmas break the Internet Storm Center had good coverage on the latest MSSQL based sql injection worm that appears to have infected over 1 million Microsoft based web pages. Recall back in November last year when we published a history of sql injection attacks, and followed that up with a sql injection tutorial. [...]
Archive | Security Breaches RSS feed for this section
Data Breaches Visualized
Nathan from Flowing data has put together an excellent graphical representation of the largest data breaches of all time. Data was sourced from Dataloss DB. Sony has been having all sorts of data breach problems lately — namely a million passwords from the Sony Pictures site, 77 million accounts from the PlayStation Network, and nearly [...]
TechCrunch Europe hacked
Drive by downloads, adobe exploits and a zeus variant trojan that is only detected by 2 of 43 Anti-virus products. This is a good example of current threats that website operators as well as end users should all be aware of, a high profile site gets hacked and poses a signifcant threat to the end [...]
Iran’s Cyber Army Hacks 1,000 US, British, French Gov’t Websites
While political hacking has been around for years, this is a good reminder that credit cards and identity theft are not the only targets when it comes to securing systems. Anyone is a potential target, and organisations who have parties that are opposed to their agenda will be targeted. Whether they are non-governmental entities or [...]
Hacked US Treasury websites serve visitors malware
Oops, lets hope the money is safe. You would think of all the US Government departments and targets this one would be well protected. [QUOTE]Websites operated by the US Treasury Department are redirecting visitors to websites that attempt to install malware on their PCs, a security researcher warned on Monday. The infection buries an invisible [...]
When Neo Hacked the Latvian SRS Database
Movie plots cross into real life in Latvia where a significant security breach has occurred in the hacking of the Latvian SRS Databse. A group of hackers has stirred the nation after hacking into the countries taxation web site and revealing details of the powerful political elites wages and bonuses. One of the hackers used [...]
BackTrack 4 Release
In case you missed it the worlds leading penetration testing Linux Distribution BackTrack has hit version 4.0. A new web site, great video tutorials for those wanting to learn and a complete guide to Metasploit are just a few of the new bits for you to check out. Based on Ubuntu and well tested this [...]
Google and China – Script Kiddies or Government backed espionage?
Unless you have been living under a rock you would be hard pressed to have missed the Google vs China situation as it has become known. What has happened is that entities within China, that may or may not be the Chinese Government or at least backed by the Chinese Government have been caught accessing [...]
SQL Injection Demystified
Darkreading has a great article up on SQL Injection. This form of attack has been around for a long time, and happens because of poor dynamic website coding practices. A simple SQL injection vulnerability can often be exploited to gain full access to the database and / or full control of the database server. Now [...]
‘Golden Cash’ botnet-leasing network uncovered
Sometimes reading the news is like reading science fiction. However this is real and shows how far the criminal underground is progressing when it comes to monetisation of compromised machines. It all starts with malicious scripts being injected into poorly secured and managed web servers. Researchers at security firm Finjan said on Wednesday that they [...]
