• Subscribe to the low volume list for updates.

Archives of Security Breaches

News of security breaches from around the world

Attacking and Enumerating Joomla

Discover the tips and techniques used to attack and break into Joomla based websites. An understanding of these hacker techniques will enable you to be prepared to keep your sites secure. Additionally, penetration testers or red teams needing to exploit Joomla targets will also find practical hints in this guide. Enumeration | Recon 1. Joomla […]
Read More

Joomscan added to the online Joomla Security Scan

Our Joomla Security Scanner tool has been extended with the Joomscan security testing tool. Joomscan is a tool that tests a Joomla installation for known vulnerable plugins and core security configuration mistakes. Detection of these vulnerabilities will allow a web site owner to get the plugins update or fixed before they get attacked. Joomla is […]
Read More

Backdoor Corporate Networks with Metasploit

HD Moore announced a new post exploitation tool offering Meterpreter sessions over HTTPS (HTTP) that will traverse the corporate proxy. Variations on this have been available previously but have been for a number of reasons been not so stable. The purpose of this post is to raise awareness. Many IT folks are comfortable with a […]
Read More

TechCrunch Europe hacked

Drive by downloads, adobe exploits and a zeus variant trojan that is only detected by 2 of 43 Anti-virus products. This is a good example of current threats that website operators as well as end users should all be aware of, a high profile site gets hacked and poses a signifcant threat to the end […]
Read More

When Neo Hacked the Latvian SRS Database

Movie plots cross into real life in Latvia where a significant security breach has occurred in the hacking of the Latvian SRS Databse. A group of hackers has stirred the nation after hacking into the countries taxation web site and revealing details of the powerful political elites wages and bonuses. One of the hackers used […]
Read More

BackTrack 4 Release

In case you missed it the worlds leading penetration testing Linux Distribution BackTrack has hit version 4.0. A new web site, great video tutorials for those wanting to learn and a complete guide to Metasploit are just a few of the new bits for you to check out. Based on Ubuntu and well tested this […]
Read More

SQL Injection Demystified

Darkreading has a great article up on SQL Injection. This form of attack has been around for a long time, and happens because of poor dynamic website coding practices. A simple SQL injection vulnerability can often be exploited to gain full access to the database and / or full control of the database server. Several […]
Read More

‘Golden Cash’ botnet-leasing network uncovered

Sometimes reading the news is like reading science fiction. However, this is real and shows how far the criminal underground is progressing when it comes to monetisation of compromised machines. It all starts with malicious scripts being injected into poorly secured and managed web servers. Researchers at security firm Finjan said on Wednesday that they […]
Read More

Amazon Cloud Service Brute Force

OSSEC is an excellent open source host based intrusion detection system. Works on Windows and Linux and detects security anomalies within the system. Such as brute force ssh attacks from the Amazon Cloud. It seems that like any web hosting service the Amazon Cloud Web Services are open to exploitation. Of course in this post […]
Read More

Another mass hack – MSSQL injection compromises 500’000+ web sites

A simple SQL injection has resulted in more than 500'000 websites being compromised. A javascript injection sends visitors from the hacked websites to other sites containing malware that attempts to infect the client. This is yet another example of simple security errors resulting in mass hacks of websites. The attackers ultimate purpose is the installation […]
Read More
  • 1
  • 2