Tag Archives: application security

A First: Hacked Sites With Android Drive-by Download Malware


May 2, 2012 By
The Vigilant Application Owner

May 2, ZDNet ­ (International) A first: Hacked sites with Android drive-by download malware. Cyber criminals often put drive-by download malware on Web sites they have hacked in order to quickly infect visitors’ PCs. For the first time though hacked Web sites with Android drive-by download malware were discovered. A new trojan, called NotCompatible, appears […]

Continue reading...

Oracle Issues Critical Security Bug Fixes for Databases, Glassfish, and more.


April 18, 2012 By
Tim O'Brien

If you are watching our security feed, you may have noticed this IDG News Service story reporting on a critical security patch from Oracle. Since many of our customers are directly affected by this vulnerability, we thought this announcement was important enough to feature. From the story: “The upcoming patch batch includes six fixes for […]

Continue reading...

Sophos Takes Down Partner Portal After Signs of Hacking


April 6, 2012 By
The Vigilant Application Owner

April 6, IDG News Service – (International) Sophos takes down partner portal after signs of hacking. Security firm Sophos has taken its partner portal offline and will reset every user’s password after it found signs of a potential security breach on the server hosting it during a routine security check April 3. “Two unauthorized programs […]

Continue reading...

Expert Shows How Hackers Can Use CSRF Browser Vulnerability


March 31, 2012 By
The Vigilant Application Owner

March 31, Softpedia – (International) Expert shows how hackers can use CSRF browser vulnerability. The hacker who broke into GitHub to demonstrate a vulnerability warns that cross-site request forgery (CSRF), a security hole that affects all browsers, must be addressed immediately because it poses a great risk for unsuspecting users. He claims CSRF security holes […]

Continue reading...

Serious Cybersecurity Lapses Found at Pacific Northwest Electricity Supplier


March 30, 2012 By
The Vigilant Application Owner

March 30, Infosecurity – (National) Serious cybersecurity lapses found at Pacific Northwest electricity supplier. The Department of Energy (DOE) identified serious cybersecurity gaps at the Bonneville Power Administration, which supplies wholesale electric power to regional utilities in the Pacific Northwest, Infosecurity reported March 30. An audit by DOE’s Office of the Inspector General (OIG) found […]

Continue reading...

Comprimised OpenX Ad Servers Lead Users to Malware


March 29, 2012 By
The Vigilant Application Owner

March 29, Softpedia – (International) Compromised OpenX ad servers lead users to malware. Sophos researchers discovered a number of OpenX ad servers were compromised and altered to redirect users to sites that push dangerous pieces of malware. Experts found that when the OpenX ad content is requested by the browser, an iframe is also loaded, […]

Continue reading...

Critical Java Hole Being Exploited on a Large Scale


March 28, 2012 By
The Vigilant Application Owner

March 28, H Security – (International) Critical Java hole being exploited on a large scale. Criminals are increasingly exploiting a critical hole in the Java Runtime Environment to infect computers with malicious code when users visit a specially crafted Web page. According to a security blogger, the reason for this increased activity is that the […]

Continue reading...

China Nabbing Great Deal of U.S. Military Secrets


By
The Vigilant Application Owner

March 28, CNET News – (International) China nabbing ‘great deal’ of U.S. military secrets. Testifying before the U.S. Senate Armed Services Committee March 27, the head of the National Security Agency (NSA) and Cyber Command said China is stealing a “great deal” of the U.S. military’s intellectual property, adding that the NSA sees “thefts from […]

Continue reading...

Microsoft Leads Seizure of Zeus Related Cybercrime Servers


March 26, 2012 By
The Vigilant Application Owner

March 26, IDG News Service – (Pennsylvania; Illinois, International) Microsoft leads seizure of Zeus-related cybercrime servers. March 26, Microsoft said it and several partners disrupted several cybercrime rings that used a piece of malicious software called Zeus to steal $100 million over the last 5 years. The company said a consolidated legal case was filed […]

Continue reading...

Apache Traffic Server Update Closes Important Security Hole


By
The Vigilant Application Owner

March 26, H Security – (International) Apache Traffic Server update closes important security hole. Version 3.0.4 of Apache Traffic Server (ATS), the high– 18 – performance caching HTTP/1.1 proxy server, has been released, closing a security hole that could be exploited by an attacker to remotely compromise a vulnerable system. An error when parsing a […]

Continue reading...