Cross-site scripting flaws are the most prevalent vulnerabilities found in Web applications, posing a risk to data and intellectual property, according to a study of thousands of applications by Veracode–a company that specializes in finding vulnerabilities in code. Veracode analyzed more than 9,900 applications that were submitted to its cloud-based scanning service over the last [...]
December 13th, 2011 · No Comments
December 2nd, 2011 · No Comments
Security experts are warning of a rapidly mutating email spam campaign using bogus messages from United Parcel Service (UPS) claiming that a package could not be delivered. The spam run began earlier this month, and is just one way security researchers believe criminals will exploit the holiday season online buying spree.
According to Cloudmark engineering director [...]
November 7th, 2011 · No Comments
Facebook was recently invaded by a robot army, created by four researchers, to demonstrate the ease with which online social networks can be maliciously exploited by the unscrupulous. With a horde of 102 bogus Facebook friends, researchers at the University of British Columbia showed that they could harvest personal information about members that is not [...]
August 5th, 2011 · No Comments
Thousands of Brits’ bank and credit card details held by Indian call centres are being peddled to crooks, The Sun (UK) can reveal today. Dealers supplied with the confidential data by corrupt staff offer it for sale – for just pennies. One seller told undercover Sun investigators he could sell them details of 80,000 customers [...]
July 13th, 2011 · No Comments
The AntiSec online hacking movement said Monday it had broken into a server run by a U.S. military contractor and pilfered 90,000 military email addresses and passwords, the latest in a string of attacks on corporate and government targets.
AntiSec, which comprises elements of the Anonymous and Lulz Security collectives, said it got into a network [...]
June 24th, 2011 · No Comments
LulzSec, the recently infamous hacker group, has struck again. This time their victim was the Arizona Department of Public Safety (DPS), whose documents were stolen and released after their systems were hacked.
As reported by The Arizona Republic:
The DPS files, posted on LulzSec’s website, include personal information about officers and numerous documents ranging from routine alerts [...]
June 17th, 2011 · No Comments
From SECNAP Alerts:
Payroll firm ADP discloses data breach, says only one client affected, payroll data not involved
Payroll services company Automatic Data Processing Inc. has disclosed a data breach that it said apparently affects only one of its employer clients.
ADP said its security team discovered the intrusion during routine monitoring of its systems. The breach involved [...]
June 16th, 2011 · No Comments
Reuters – NEW YORK – Citigroup said that about 360,000 credit card customers were affected by last month’s hacking attack, or nearly double the number previously indicated by the bank.
In a statement “to our customers” that was released by the New York-based bank late Wednesday, Citigroup said “a total of 360,083 North America Citi-branded credit [...]
February 28th, 2011 · No Comments
New research from risk consultancy firm highlights risk from data theft committed by employees.
A poll of over 800 senior executives around the world showed that companies for the first time are losing more from the theft of their electronic assets than from physical assets. This was recently revealed by Kroll, a risk consulting firm.
The incidents [...]
May 11th, 2010 · No Comments
While everyone is worried about security threats outside the company’s firewall such as hackers, viruses, and worms, research suggests that the greatest risk may come from none other than the company’s very own employees.
Not all of these risks are necessarily borne of malicious intent on the part of employees. Some risks may come from unwitting participation, [...]