From the category archives:

Attacks

» News

Twitter XSS vulnerability identified in the wild

Malicious links leading to the download of a malicious JavaScript payload have been popping up on various Twitter accounts, warns Kaspersky’s Stefan Tanase. The harmful JavaScript payload that’s being distributed uses an XSS (Cross-Site Scripting) vulnerability to steal the cookie of the Twitter user, which is transferred to two specific servers. Essentially, any account which [...]

Read Ahead →

» News

Apple’s Ping social network attacked by spammers

Sophos researchers have found that Ping is being over-run by scams and spam messages, some of which try and direct users into believing they will receive a free iPhone if they complete online surveys. “We’re used to survey scams like this being spread far and wide via sites like Facebook, but clearly the lack of [...]

Read Ahead →

» News

Be careful as certain HP scanners can permit snooping and spying

Certain models of HP combination printer and scanner devices contain a feature that could allow for corporate espionage, according to researchers at web security firm Zscaler. The feature, called WebScan, allows a user to remotely trigger the scanning functionality and retrieve scanned images via a web browser. This capability could allow anyone on the local [...]

Read Ahead →

» News

Beware! Google Code is hosting malware-spreading project

Zscaler pointed out  that even though Google claims that any project including malicious files will be taken down, it takes the Google Code team a rather long time to detect them by scanning the hosted content. Most of the files are executables or .rar archives. Further analysis showed that if xin.exe was executed on a [...]

Read Ahead →

» News

Fake updates from TwitterDeck infecting Twitter users

Twitter’s recent announcement regarding the switch from basic access authentication to OAuth open protocol on the Twitter API proved to be a godsend to malware peddlers. According to Sophos, tweets such as “Hurry up for tweetdeck update!” and “Sorry for offtopic, but it is a critical TweetDeck update. It won’t work tomorrow!” containing a shortened [...]

Read Ahead →

» News

Being careful while sharing sensitive information on social networks

Users need to be careful when accepting friend requests and be conscious of the data they share as :- Siphoning of confidential information from workplace, such as future strategies, plans, as well as unreleased technologies/software can take place Disclosure of personal sensitive information, such as: address, phone number, mother’s and father’s name, etc – information [...]

Read Ahead →

» News

Researchers damage Pushdo Botnet

Researchers were able to make a huge dent in the Pushdo botnet, by working with hosting providers to take down about two thirds of the command-and-control servers involved in the botnet. “We identified a total of 30 servers used as part of the Pushdo/Cutwail infrastructure, located at eight different hosting providers all over the world. [...]

Read Ahead →

» News

Facebook malware scam again!

The security analysts at AppRiver reported that they have detected a new malware campaign targeting Facebook. An AppRiver spokesperson explains “What’s unique here is that this virus campaign is also hitting smartphone devices (specifically BlackBerrys at this time) that have the Facebook application/icon installed. In other words, it’s not just utilizing email, but also triggering [...]

Read Ahead →

» News

Vast Scale of Cloud Hacking revealed by DEF CON Survey

An exhaustive survey carried out amongst 100 participants of this year’s DEFCON conference in Las Vegas revealed that an overwhelming 96 percent of the respondents said they believed the cloud would open up more hacking opportunities for them. “While ‘only’ 12 percent said they hacked cloud systems for financial gain, that still means a sizeable [...]

Read Ahead →

» News

Beware of Third-Party Web Widget

Small- and midsized businesses use a lot of third-party Web applications for saving money and using them for embedding expertise that they might not otherwise have. But it can also open up their business and their customers to attack. The recent Network Solutions incident shows how this practice can go very wrong. The Internet domain [...]

Read Ahead →

← Previous Entries