Information Filled Under ‘Web Service Security’ Category
Some malware authors tend to be tricky to break detections based on static signature matching. So they scramble the malware code in a way that they consider to be useful to save the malware from being detected. So here we have a Java malware, which is trying to evade detection
Here is the original post:
I think therefore I change
Don’t you hate spam? It’s a nuisance, but not anything you really need to worry about, is it? I mean, it’s not like you ran an executable, you just found yourself somewhere trying to sell you Viagra, no harm done, right
Follow this link:
Double trouble – spam and malware payloads
We’re currently seeing a limited-volume run of spam messages linking to a zip file containing Zbot/Zeus malware. The messages purport to be from the Department of Homeland Security, the Pentagon, or the Transportation Security Administration.
More here:
“Pentagon” delivers Zbot via “DHS”
As virus analysts, we’re used to seeing lots of inane quotes hidden in malware. These days, they can range from everything to anything. One malware author thought it funny to include Chuck Norris in his malware creations
See the original post here:
Old Heroes Don’t Die, They Just Live On In Malware
Recently over 100,000 Apple customers were affected by an information disclosure attack on the AT&T website. Security experts blame this breach on “poorly designed software”
Continue reading here:
In-depth analysis of a PHP attack that lead to Apple information disclosure
Looking to hop aboard the Web vulnerability scanning bandwagon to see just how vulnerable your Web site or application really is? Well, not so fast. Here are some signs you’re not ready to begin just yet: 1
Read the original:
Seven Signs You’re Not Ready to Run a Web Vulnerability Scan
Adobe recently released a security advisory for Flash Player, Adobe Reader and Acrobat. The advisory stated a critical vulnerability existed in all versions of Flash prior to and including 10.0.45.2.
The rest is here:
Responding to the Adobe advisory: Plugin Checker in action
Earlier today, Apple released security update 2010-004 / Mac OS X v10.6.4 . This update includes an earlier version of Adobe Flash Player (version 10.0.45.2) than available from Adobe.com . While the Mac OS X v10.6.4 update does not appear to downgrade users who have already upgraded to Adobe Flash Player 10.1, Adobe recommends users verify they are using the latest, most secure version of Flash Player (10.1.53.64) available for download from http://www.adobe.com/go/getflashplayer .
Read this article:
Apple Security Update 2010-004 / Mac OS X v10.6.4 Shipping with Outdated Version of Adobe Flash Player
The recent Microsoft Windows Help and Support Center vulnerability ( CVE 2010-1885 ) is being exploited in the wild. Today, we got the first pro-active detection ( Sus/HcpExpl-A ) on malware that is spreading via a compromised website. This malware downloads and executes an additional malicious component ( Troj/Drop-FS ) on the victim’s computer, by exploiting this vulnerability
Original post:
CVE 2010-1885 exploited in the wild
Another week, another round of likejacking targets. Though we still haven’t seen this technique being used as an attack vector to infect users, it’s still an underhanded and malicious technique, and it’s driving swarms of people to pages serving up adverts – presumably somebody’s making money from all this.
Read the original here:
More likejacking targets: Farmville, Sex And The City 2, Kendra Wilkinson, …
Today, a Security Bulletin has been posted to address critical security issues in Adobe Flash Player, including CVE-2010-1297, referenced in Security Advisory APSA10-01 . This Security Bulletin affects Flash Player versions 10.0.45.2 and earlier, as well as AIR versions 1.5.3.9130 and earlier.
Read more here:
Security Bulletin – Adobe Flash Player
Why are Web applications out of the loop when it comes to contingency planning? Look at any given security incident response or disaster recovery plan (assuming they even exist) and chances are business critical Web applications and related systems are missing
Read the original here:
Web application contingency plans – the missing link in Web security?
A Security Advisory has been posted in regards to a new Adobe Reader, Acrobat and Flash Player issue (CVE-2010-1297). A critical vulnerability exists in Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh and UNIX operating systems.
Link:
Security Advisory for Flash Player, Adobe Reader and Acrobat
There’s been a great deal of discussion (controversy?) recently regarding personal privacy and the pursuit of profit. Many pundits are concerned that businesses are putting personal data at risk for financial gains
Excerpt from:
Facebook, Google and Privacy
All browsers flag invalid trusted certificates required for the highly trusted security mode (https) .
Excerpt from:
Google Crome – Flags Invalid Certificates with skull and crossbones
Greetings from picturesque Helsinki where the 2010 CARO workshop (Computer Anti-virus Research Organisation) is being held. This year the focus is on the the scale of the malware problem, a problem all anti-virus vendors have no choice but to deal with
See the original post here:
CARO Workshop 2010 – Day One
Unfortunately, it is of frequent occurrence that people launch a security scan against a website or web application sitting behind a web application firewall, or some other kind of web security gateway device. Scanning a website through a “man in the middle” device or software, will only give a false sense of security. First and most importantly of all, one would be scanning the web farm’s perimeter network and not the website itself. Therefore if the scope is to secure a website, this is not the right approach. If the target website is vulnerable to a SQL injection attack, a web application firewall sitting in front of the website might block the scanner’s requests, resulting in the vulnerability not being discovered and reported.
Follow this link:
Should you scan a website through a web application firewall?
Acunetix reseller Hat Web Security Labs will be exhibiting Acunetix WVS in the Third Annual Meetings of Heads of Information Systems Security RSSI’2010. The event will take place between 3rd and 4th of June 2010 at the Cyber Parc Elgazala, Tunis. Click here for more details about this event.
Read more:
Third Annual Meetings of Heads of Information Systems Security RSSI’2010
An excellent best practices article on how to use bitlocker to protect Windows 7 mobile devices Dan Griffith – Microsoft Security MVP for month of May 2010 http://technet.microsoft.com/en-us/dd162324.aspx Recommendations for Using BitLocker http://technet.microsoft.com/en-us/security/ff690553.aspx QUOTE : Do a Bing search for “stolen hard drive” and you'll get a reminder of how at-risk your data is , and how visible and embarrassing the loss or theft of sensitive data can be, especially if the event is covered by the press. The loss of corporate data can also cause damage to your brand and confer an advantage to your competitors if trade secrets are revealed. With BitLocker you can help protect your company from these threats.
The rest is here:
Windows 7 Mobile Protection – Best Practices in using Bitlocker
This decade old vulnerability is now enhanced by an algorithm that can process 30,000 sites per second , in comparing browser history verses a list of specific web sites. While I had every browser set to zero days history, that's still not enough. The online DEMO link at bottom is a neat test and certainly made me a little more aware
Read the original post:
Browser History – 75% of users need to improve privacy safeguards