“Community Defense” For a Safer Internet
Early identification of attacks across a community of Web applications can significantly improve the effectiveness of application security, according to the latest Imperva Hacker Intelligence Initiative report [PDF]. The report, “Get What You Give: The Value of Shared Threat Intelligence,” analyzed real-world attack traffic against 60 web applications between January and March 2013 to identify common attack patterns. Multiple targets … Read more
New Survey Predicts The Rise Of The “Everyday Hacker”
It’s so easy, almost anyone can do it. Hack, that is. Easily accessible information will allow for those with only rudimentary technical skill to exploit such things as an SQL injection vulnerability, according to a new report from Veracode. Veracode’s research found that although SQL injection flaws are easy to identify and fix, 32 percent of web applications are still … Read more
Password Problems: Majority Of Security Pros Violate A Big Mobile Best Practice
Even security pros practice poor security “hygiene,” with some 83 percent saying they use the same password across multiple mobile applications, according to a new survey. This figure, and others, comes by way of Ping Identity’s ‘Impact of Mobile’ Survey, which surveyed 198 attendees at this year’s RSA Conference. The survey sought to discover how work habits are changing as … Read more
Posted in Application Security, Mobile Security, Uncategorized
Tagged mobile devices, mobile security, Passwords
Leave a comment
IBM: Web Application Vulnerabilities Threaten The Enterprise
Web application vulnerabilities remained one of enterprises most pressing issues, rising 14% in 2012 over 2011 end of year numbers, according to a recent report. These vulnerabilities were exploited by attackers who, more often then not, injected malicious scripts and executables onto legitimate websites, targeting client side vulnerabilities in the browser core and in plugins such as those in Internet … Read more
Posted in Application Security, Governance, Risk and Compliance, Mobile Security, Network Security, Security Management, Security Threats, Uncategorized
Tagged DDoS, DDoS Attacks, IBM X-Force 2012 Annual Trend and Risk Report, malware, security information and event managemetn (SIEM), spam
Leave a comment
Report: 86% Of All Vulnerabilities Found In Third-Party Programs; SCADA At Particular Risk
Go ahead, patch those Microsoft products all you want. It won’t necessarily make you impervious to attack, according to a new report. A vulnerability review, issued last week by the vulnerability management company Secunia, found that 86 percent of vulnerabilities discovered in the most popular 50 programs in 2012 were in non-Microsoft (or “third-party”) programs, up 8 percent from their … Read more
Posted in Application Security, Security Threats, Uncategorized
Tagged Application Security, vulnerabilities
1 Comment
Gartner: Application Layer DDoS Attacks to Increase in 2013
In 2013, less will be more. Volumetric, blunt-force attacks will remain the primary type of Distributed Denial Of Service Attack (DDoS) in the coming year, but there will be noticeable growth in the incidence of low-and-slow application layer DDoS attacks, according to new research by Gartner. In a report titled, “Arming Financial and E-Commerce Services Against Top 2013 Cyberthreats,” Gartner … Read more
App Happy Downloaders May Get More than They Expect
On January 7, Apple announced that customers have downloaded over 40 billion apps, with nearly 20 billion in 2012 alone. The App Store has over 500 million active accounts and had a record-breaking December with over two billion downloads during the month. Apple’s developer community has created over 775,000 apps for iPhone, iPad and iPod touch. The Android app market … Read more
Posted in Application Security
Tagged Application Security, mobile application, privacy, Secure Coding
1 Comment
Web Application Vulnerability Statistics Report Released
The exploitation of web application vulnerabilities continues to be one of the leading causes of enterprise data loss, and even in the wake of numerous high profile and well publicized breaches, many organizations have failed to address the most common application flaws, leaving them prime candidates for the next data loss event. iViZ Security, a cloud-based penetration testing service that … Read more
SMS Spoofing Attack Leaves Twitter Users Vulnerable
We’ve all seen them. The unsolicited Tweet, direct message, or Facebook posting from a reputable colleague or personal contact that is undoubtedly the result of a compromised account, sometimes utilized for by cybercriminals for general spamming purposes and other times part of an insidious attack employing a malicious link designed to infect a victim’s contacts with malware. One wonders how … Read more
Posted in Application Security
Tagged Application Security, cyber attacks, mobile devices, SMS Spoofing Attack, twitter
Leave a comment
Adobe Reader Vulnerable to New Zero-day PDF Exploit
Once again, hackers are proving that the best we can expect to do is stay just one step behind them as they continue to capitalize on previously undisclosed vulnerabilities. The latest is a PDF-based zero-day exploit that defeats the sandbox security features available in Adobe Reader. The exploit is already known to be present in a modified version of the … Read more
