Movie plots cross into real life in Latvia where a significant security breach has occurred in the hacking of the Latvian SRS Databse. A group of hackers has stirred the nation after hacking into the countries taxation web site and revealing details of the powerful political elites wages and bonuses. One of the hackers used [...]
Archive | Security Breaches RSS feed for this section
BackTrack 4 Release
In case you missed it the worlds leading penetration testing Linux Distribution BackTrack has hit version 4.0. A new web site, great video tutorials for those wanting to learn and a complete guide to Metasploit are just a few of the new bits for you to check out.
Based on Ubuntu and well tested this is [...]
Google and China – Script Kiddies or Government backed espionage?
Unless you have been living under a rock you would be hard pressed to have missed the Google vs China situation as it has become known.
What has happened is that entities within China, that may or may not be the Chinese Government or at least backed by the Chinese Government have been caught accessing Google’s [...]
SQL Injection Demystified
Darkreading has a great article up on SQL Injection. This form of attack has been around for a long time, and happens because of poor dynamic website coding practices. A simple SQL injection vulnerability can often be exploited to gain full access to the database and / or full control of the database server.
Now would [...]
‘Golden Cash’ botnet-leasing network uncovered
Sometimes reading the news is like reading science fiction. However this is real and shows how far the criminal underground is progressing when it comes to monetisation of compromised machines. It all starts with malicious scripts being injected into poorly secured and managed web servers.
Researchers at security firm Finjan said on Wednesday that they have [...]
Amazon Cloud Service Brute Force
OSSEC is an excellent open source host based intrusion detection system. Works on Windows and Linux and detects security anomalies within the system. Such as brute force ssh attacks from the Amazon Cloud.
It seems that like any web hosting service the Amazon Clould Web Services are open to exploitation. Of course in this post I [...]
Another mass hack – MSSQL injection compromises 500′000+ web sites
A simple SQL injection has resulted in more than 500′000 websites being compromised with a javascript include that sends visitors to the hacked websites to other sites containing malware that attempts to infect the client.
Yet another example of simple security errors resulting in mass hacks of websites that whose ultimate purpose is the installation of [...]
Offsite backups – Are your backups secure?
As we often mention here at HackerTarget.com real security is made up of a number of different processes, policies and technologies. If one part of the security picture is missing then your data is vulnerable. Where do you keep your backups? Are they in a secure location? While this example is a fairly rare occurrence, [...]
SQL Injection to compromise 10000 web sites
A tool discovered by Sans Security Handlers has shed some light on how 10000 web sites were compromised earlier this year. An automated SQL injection attack that utilized google searches against ASP pages that contained potential sql injection points is at the core of the attack.
While we had a general idea about what they do [...]
iframe attacks again
The iFrame attacks that have made news in recent weeks are spreading to more prominent websites. Among the sites infected are USA Today, Target, and Wal-Mart. The most recent attack targets search engine results; the results are manipulated so that users are likely to visit sites that have been infected with malware.
http://www.news.com/8301-10784_3-9905951-7.html?part=rss&subj=news&tag=2547-1_3-0-20
http://ddanchev.blogspot.com/2008/03/massive-iframe-seo-poisoning-attack.html
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9073098&source=rss_topic17
http://www.vnunet.com/vnunet/news/2213090/search-engine-attack-lingers
The trend of drive [...]
