Counter.php Redirecting to Sites Peddling Styx Exploit Kit

The Counter.php strain of malware has been spotted in the past redirecting users to a handful of malicious sites and now appears to be leveraging that ability to send victims to websites serving up the Styx exploit kit. According to a post on Securelist today, Vincente Diaz, a researcher with...

iPic Sharp 1.2.1 Wifi Script Insertion

Title: ====== iPic Sharp v1.2.1 Wifi iOS - Persistent Foldername Web Vulnerability Date: ===== 2013-07-24 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1031 VL-ID: ===== 1031 Common Vulnerability Scoring System: ==================================== 3.6 Introduction:...

CALL FOR PAPERS - The Hackers Conference 2013

The call for papers for The Hackers Conference 2013 is now open. THC2013 is a hacker conference taking place in New Delhi, India on August 25th, 2013. The Hackers Conference is an unique event, where the best of minds in the hacking world, leaders in the information security industry and the cybe...

CALL FOR PAPERS - The Hackers Conference 2013

The call for papers for The Hackers Conference 2013 is now open. THC2013 is a hacker conference taking place in New Delhi, India on August 25th, 2013. The Hackers Conference is an unique event, where the best of minds in the hacking world, leaders in the information security industry and the cybe...

Bank DDoS Attacks Using Compromised Web Servers as Bots

A rash of politically and socially motivated distributed denial-of-service attacks against major U.S. banks has been able to intermittently disrupt online and mobile banking services. The attackers have been able to fire unprecedented amounts of traffic at the likes of Wells Fargo, Bank of Americ...

Two Members of LulzSec Plead Guilty to Cyber Crimes

Two members of the hacker group Lulz Security LulzSec pleaded guilty today to taking part in a cyber crime spree that launched attacks against Web sites belonging to law enforcement, corporations and media companies. Ryan Cleary, 20, of Wickford, Essex and Jake Davis, 19, of Lerwick, Shetland...

The Hackers Conference 2012 Call For Papers #THC2012

We are extremely delighted to announce the Call for Papers for The Hackers Conference 2012 It is a unique event, where the elite of the hacker world, leaders in the information security industry and the Internet community meet face to face to join their efforts to cooperate in addressing the most...

Five Shocking Statistics From The Latest Internet Threat Report

Anti malware company Symantec released its threat report for 2011 on Monday. Buried in the dry statistics about the number of Web based attacks and malicious programs detected during the year are some surprising facts. Among them: religious-themed Web sites are among the dirtiest on the Internet...

CNCERT Claims - Raising Web attacks on China

CNCERT Claims - Raising Web attacks on China China's National Computer Network Emergency Response Technical Team CNCERT/CCis claiming attacks on public and private organisations from outside of its borders have rocketed in the past year from five million computers affected in 2010 to 8.9m in 2011...

NATO Research And Technology Org Local File Inclusion

Title: ====== NATO Research & Technology ORG - File Include Vulnerability Date: ===== 2011-11-02 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=307 VL-ID: ===== 307 Introduction: ============= The NATO Research and Technology Organisation RTO Organisation pour la...

Drive By Download Sites Using New Tricks To Avoid Detection

Amid an increase in defacements of legitimate websites over the past few weeks, Fraser Howard, a researcher from Sophos, has discovered that the groups behind the attacks are increasingly using sophisticated filtering and dynamic content to avoid detection by search engines and web filtering firm...

OpenEMR 4.0 - Multiple Cross-Site Scripting Vulnerabilities

OpenEMR 4.0 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/49090/info OpenEMR is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitra...

Firefox 4 With Content Security Policy Due Tuesday

Firefox 4, the newest version of Mozilla’s flagship browser slated for release today, includes a variety of security and privacy protections, but perhaps the most important of them is the addition of the Content Security Policy. The mechanism, which is enabled by default in Firefox 4, is designed...

London Police Arrest Five Anonymous Hacker !

Month after allegedly assaulting various websites to defend Wikileaks London police may have caught members of "hacktivism" Anonymous group. Five alleged members were arrested in London today for Anonymous violation of the Computer Misuse Act. The men are aged 15 to 26 and face up to 10 years in...

Cisco: Web Attacks, Spam Dog Enterprises in Q3

Web based attacks and botnets kept enterprises on the defensive in the third quarter, 2010, according to data released by Cisco Systems. The company’s latest Global Threat Report – a compendium of security data compiled from across the networking giant’s customer base – shows that the average...

Malicious URLs Pose Mobile Hijacking Risk

The security of mobile devices may be at risk for Web borne attacks because of loose policies for processing URLs Uniform Resource Locators, according to a report by security researcher Nitesh Dhajani. Writing on the SANS Application Security Blog, Dhanjani said that that way the iPhone’s operati...

[scip-Advisory 4063] PasswordManager Pro 6.1 Script Injection Vulnerability

PasswordManager Pro 6.1 Script Injection Vulnerability scip AG Vulnerability ID 4063 12/15/2009 http://www.scip.ch/?vuldb.4063 I. INTRODUCTION "Password Manager Pro is a secure vault for storing and managing shared sensitive information such as passwords, documents and digital identities of...

[scip_Advisory 4020] Check Point Connectra R62 Login Script Injection Vulnerability

Check Point Connectra R62 Login Script Injection Vulnerability scip AG Vulnerability ID 4020 09/04/2009 http://www.scip.ch/?vuldb.4020 I. INTRODUCTION Check Point Connectra is a so-called SSL-VPN solution, which allows users to access a remote system using a regular web browser. More information ...

Stolen FTP credentials likely in massive web attacks

From SearchSecurity Rob Westervelt Stolen FTP credentials are suspected as the root cause of a massive attack compromising over 40,000 web sites. Attackers have targeted legitimate websites in the latest wave, and so far researchers at security vendor Websense Inc. say it isn’t likely that SQL...

Horde Webmail Multiple HTML Injection vulnerability

Horde Webmail Multiple HTML Injection vulnerability Horde Groupware Webmail Edition is a free, enterprise ready, browser based communication suite. Users can read, send and organize email messages and manage and share calendars, contacts, tasks and notes with the standards compliant components fr...