Monthly Archives: April 2012

Hackers Now Pick Tools From Script Kiddies’ Toybox – Report


April 24, 2012 By
The Vigilant Application Owner

April 24, The Register – (IDG News Service) Hackers now pick tools from script kiddies’ toybox – report. Hackers are increasingly turning to automated software tools to launch attacks. According to research from Imperva, more than 60 percent of SQL injection attacks and as many as 70 percent of Remote File Inclusion attacks (the two […]

Continue reading...

Number-munching Clouds Are Godsend for Cybercrooks – Experts


By
The Vigilant Application Owner

The Register – (International) Number-munching clouds are godsend for cybercrooks – experts. Cloud computing providers recently came under fire from security experts who blamed them for giving cyber criminals the tools to launch attacks more easily, efficiently, and anonymously than ever before. Speaking at the fourth InfoSecurity Summit in Hong Kong April 24, a senior […]

Continue reading...

OpenSSL Releases New Fix for CVE-2012-2110 ASN1 Bug


By
The Vigilant Application Owner

April 24, Threatpost – (International) OpenSSL releases new fix for CVE-2012-2110 ASN1 bug. The OpenSSL developers had to re-release the fix for a serious vulnerability in the software’s ASN.1 implementation that could allow an attacker to cause a denial-of-service or potentially run arbitrary code on a remote machine. The updated fix only applies to version […]

Continue reading...

New Java Malware Exploits Both Windows and Mac Users


By
The Vigilant Application Owner

April 24, Threatpost – (International) New Java malware exploits both Windows and Mac users. Symantec discovered a new form of Java malware that infects Apple and Windows machines. The company’s research describes a strain of Java Applet malware that either drops a Python-based malware in Mac operating systems or an executableform of malware in Windows […]

Continue reading...

Hackers Targeting Governments with Hijacked Sites


April 21, 2012 By
The Vigilant Application Owner

April 21, V3.co.uk – (International) Hackers targeting governments with hijacked sites. Malicious code planted within compromised Wed pages has become the latest method for attackers targeting government organizations, according to research from security firm Zscaler, V3.co.uk reported April 21. The firm discovered many government-affiliated Web sites with code that directs users to attack servers. The […]

Continue reading...

New Version of OpenSSL Closes Security Holes in ASN1 Parser


By
The Vigilant Application Owner

April 20, H Security – (International) New version of OpenSSL closes security holes in ASN1 parser. A member of Google’s Security Team told the OpenSSL developers – 18 – of a security hole in the current version of their open source library. The errors occur when parsing ASN1 data via the asn1_d2i_read_bio() function. According to […]

Continue reading...

Analysis: Flashback Spread Via Social Engineering, Then Java Exploits


April 19, 2012 By
The Vigilant Application Owner

April 19, Threatpost – (International) Analysis: Flashback spread via social engineering, then Java exploits. Kaspersky Lab’s latest analysis of the Mac OS X Flashback botnet revealed its malware was spread via drive-by downloads on hacked WordPress Web sites. From September 2011 until February 2012, the Flashback creators distributed the trojan through compromised WordPress sites that […]

Continue reading...