Archives of Security Breaches

As we often mention here at HackerTarget.com real security is made up of a number of different processes, policies and technologies. If one part of the security picture is missing then your data is vulnerable. Where do you keep your backups? Are they in a secure location? While this example is a fairly rare occurrence, […]

A tool discovered by Sans Security Handlers has shed some light on how 10000 web sites were compromised earlier this year. An automated SQL injection attack that utilized google searches against ASP pages that contained potential sql injection points is at the core of the attack. While we had a general idea about what they […]

2021 The United Nations Office of Information and Communications technology has a Vulnerability Disclosure Program. A Security Research Group made up of independent security experts - Sakura Samurai - was running tests and was able to find 100K+ Employee Records of the United Nations Environmental Programme (UNEP). A misconfigured Apache webserver exposed files linked to […]

This article over at SecurityFocus has some eye opening comments from the authors of the Mpack exploitation kit. The increasing popularity of compromised websites being used as an exploitation platform against end users is becoming a worrying trend. There are a couple of tongue in cheek comments like these - Do you feel sorry for […]

There is some good information to be found at Stopbadware.org on securing a web site and ongoing efforts to eliminate the threat of malware being served up by compromised hosts and rogue web hosting companies. Basic security tips and tricks 5 steps to make your site more secure: Use strong passwords. Use SSH and SFTP […]

Interesting study by Google on the distribution of malware across different web servers. They took a sample of 70'000 sites so it is a good indication of what is being compromised to serve up malware to the public. The breakdown by server software is depicted below. It is important to note that while many servers […]

The first paragraph of this Network Computing Feature should be a wake up call for anyone on the internet who does not take security of their servers seriously. Following on from the first alarming paragraph is a lengthy 9 page feature on various vulnerability scanners. The article clearly demonstrates that while vulnerability assessment is not […]

Located in Russian underground forums and built as a commercial package, the MPack Exploit kit was the first documented type of its kind. On 18th of June 2007, a large scale attack was uncovered at an Italian based Web Hosting company. First discovered by Panda Software in May 2007, reports are stating over 10'000 sites […]