Latest Hacking and intrusion prevention News

Web Security for emerging web-application threats
posted on 15/03/2010

Web 2.0 is thriving, and so too are applications that take advantage of this technology. Interactive sites like LinkedIn, Twitter and even company websites are becoming ever more popular, and yet, many IT departments are unprepared for today’s emerging threats. As more companies take to the web to conduct business, the opportunity for attack is increased and organisations need to re-adjust security practices for the Web 2.0 world. Traditionally, potential security breaches, or vulnerabilities, target personal and business information that is created and stored in certain Web 2.0 applications, such as Google Docs and Mobile Me. Using JavaScript programmes developed to capture data, hackers can redirect users to a perfect copy of the site they’re expecting to see. When log-in details are entered, they’re unknowingly sent to the attacker, providing them with information they need to access sensitive business information. New attack methods are constantly being employed by hackers... [more]

How bots transparently control computers
posted on 26/02/2010

Paul gets home and sits in front of his computer, as he does most days. He connects to the Internet, updates his Facebook profile and starts chatting with friends. What he doesn’t know is that he’s not alone; his computer is being controlled by a Russian mafia. This is because his computer is infected and controlled by a bot. Generally speaking, bots (from the word robot) are small programs that contain instructions allowing them to act independently and autonomously. They are run silently and can perform a series of tasks either automatically or in response to remote commands. A computer infected by a bot therefore no longer responds entirely to its owner’s commands, but also to those of the person controlling the bot remotely. Bots presently pose an invisible threat to countless users. Infected systems are often referred to as zombies, because of the way they are ‘possessed’ and controlled remotely. What's more, bots are designed to infect numerous computers, which together form ... [more]

Twitter and social networking credentials can fetch a high sum
posted on 22/02/2010

The price of a file of user credentials - known as a 'dump' in hacking circles - depends greatly on the Internet service(s) where they can be used. The rapid evolution of Web 2.0 services and the parallel world of cybercrime is driving a revolution in the price that criminals charge each other for user credentials. Amichai Shulman, Imperva's chief technology officer, said "Just five years ago, the illegal trade in credit card details was a rising problem for the financial services industry, as well as their customers, with platinum and corporate cards being highly prized by the fraudsters." "Today, however, there are reports of Twitter credentials changing hands for up to $1,000 owing to the revenue generation that is possible from a Web 2.0 services account. This confirms our observations that credentials can fetch a high sum according to both the popularity of the application, and the 'popularity' of the account in question," he added. This is clearly illustrated by the 'going ra... [more]

ProSecure UTM5 gateway security appliance enables small companies to protect themselves using a wide array of defenses
posted on 16/02/2010

NETGEAR® Inc. has unveiled the ProSecure® UTM5, a gateway security appliance that extends enterprise-class Unified Threat Management (UTM) technology to any small business, home networks for telecommuters, and small branch offices around five users in size. Distributed via NETGEAR’s worldwide channel partner program, the ProSecure UTM5 appliances come with simple subscription options without any per-user licensing. The UTM5 enables small companies to protect themselves using a wide array of defenses including firewall, SSL and IPSec VPN, URL filtering, network antivirus, and antispam, but in a very small, easy-to-use form factor and with a corresponding price point. IT departments can also use the UTM5 to protect the home networks of telecommuters, as these remote employees often share connections with other endpoints that may not be as secure as a corporate laptop. “Several months ago, we replaced our SonicWALL Internet gateway with the ProSecure UTM appliance,” said Phillip Harvey, ... [more]

How to detect when greyware is or is not malicious or useful
posted on 10/02/2010

It has been quite a long time since the first personal computers hit the market, during which time many serious vulnerabilities and design faults have been discovered. The design of new devices and technology must therefore take into account the securing of the data, dataflow, and any communication in general. However, the systems that are being developed today are more and more complex, so even though huge effort is invested in security, faults are quite often introduced during either the design or the implementation stage. The growing number of technologies and devices broadens the attack surface available to the attackers who try to make profits by exploiting existing security flaws. And that’s exactly the domain of computer infiltrations. Nowadays a vast amount of malicious or unwanted code is financially motivated. We could even say that there are only trace amounts of infiltration which exist only to demonstrate the presumed ability of the author (whether maliciously motivated... [more]

Other Security news and resources