Monthly Archives: March 2012

Expert Shows How Hackers Can Use CSRF Browser Vulnerability


March 31, 2012 By
The Vigilant Application Owner

March 31, Softpedia – (International) Expert shows how hackers can use CSRF browser vulnerability. The hacker who broke into GitHub to demonstrate a vulnerability warns that cross-site request forgery (CSRF), a security hole that affects all browsers, must be addressed immediately because it poses a great risk for unsuspecting users. He claims CSRF security holes […]

Continue reading...

Serious Cybersecurity Lapses Found at Pacific Northwest Electricity Supplier


March 30, 2012 By
The Vigilant Application Owner

March 30, Infosecurity – (National) Serious cybersecurity lapses found at Pacific Northwest electricity supplier. The Department of Energy (DOE) identified serious cybersecurity gaps at the Bonneville Power Administration, which supplies wholesale electric power to regional utilities in the Pacific Northwest, Infosecurity reported March 30. An audit by DOE’s Office of the Inspector General (OIG) found […]

Continue reading...

Comprimised OpenX Ad Servers Lead Users to Malware


March 29, 2012 By
The Vigilant Application Owner

March 29, Softpedia – (International) Compromised OpenX ad servers lead users to malware. Sophos researchers discovered a number of OpenX ad servers were compromised and altered to redirect users to sites that push dangerous pieces of malware. Experts found that when the OpenX ad content is requested by the browser, an iframe is also loaded, […]

Continue reading...

Critical Java Hole Being Exploited on a Large Scale


March 28, 2012 By
The Vigilant Application Owner

March 28, H Security – (International) Critical Java hole being exploited on a large scale. Criminals are increasingly exploiting a critical hole in the Java Runtime Environment to infect computers with malicious code when users visit a specially crafted Web page. According to a security blogger, the reason for this increased activity is that the […]

Continue reading...

China Nabbing Great Deal of U.S. Military Secrets


By
The Vigilant Application Owner

March 28, CNET News – (International) China nabbing ‘great deal’ of U.S. military secrets. Testifying before the U.S. Senate Armed Services Committee March 27, the head of the National Security Agency (NSA) and Cyber Command said China is stealing a “great deal” of the U.S. military’s intellectual property, adding that the NSA sees “thefts from […]

Continue reading...

Cybercriminals Love Affair with Havij Spells SQL Injection Trouble


By
The Vigilant Application Owner

March 28, Dark Reading – (International) Cybercriminals’ love affair with Havij spells SQL injection trouble. Today’s exponential increase in attack volume and complexity can largely be attributed to cybercriminal working smarter with powerful, automated tools. In the database-cracking world, Havij stands as one of the most popular of these tools: and as such, it should […]

Continue reading...

Last Chance To Register! Webinar: Managing Your .NET Components with Nexus and NuGet


By
Emily Blades

  First-Class Support for .NET Repositories Join us tomorrow for 30 minutes, to learn how Nexus can help you streamline .NET development. In this session Brian Fox will give you the information you need to get started, including how to: Publish and share internally developed .NET components Proxy NuGet gallery, a central collection of .NET […]

Continue reading...

We’re a Java shop, we’re not going to get hacked…


March 27, 2012 By
Tim O'Brien

This article is another in a series of articles associated with our Executive Brief. To access the executive brief, “Addressing Security Concerns in Open-Source Components,” visit www.sonatype.com/securitybrief. You can follow the conversation on Twitter using the hashtag #OSSsecurity. I just wanted to reiterate the key point of yesterday’s security brief which is: “You and everyone […]

Continue reading...

Microsoft Leads Seizure of Zeus Related Cybercrime Servers


March 26, 2012 By
The Vigilant Application Owner

March 26, IDG News Service – (Pennsylvania; Illinois, International) Microsoft leads seizure of Zeus-related cybercrime servers. March 26, Microsoft said it and several partners disrupted several cybercrime rings that used a piece of malicious software called Zeus to steal $100 million over the last 5 years. The company said a consolidated legal case was filed […]

Continue reading...

Apache Traffic Server Update Closes Important Security Hole


By
The Vigilant Application Owner

March 26, H Security – (International) Apache Traffic Server update closes important security hole. Version 3.0.4 of Apache Traffic Server (ATS), the high– 18 – performance caching HTTP/1.1 proxy server, has been released, closing a security hole that could be exploited by an attacker to remotely compromise a vulnerable system. An error when parsing a […]

Continue reading...