Trusteer Discovers New Twitter Malware Targeting the Dutch

As Twitter continues to secure its footing in the social network spectrum, it continues to be complemented by an ongoing deluge of spam and malware, intent on tapping into – and duping – the social network’s 200 million plus users. Tanya Shafir, a researcher at the security firm Trusteer recently...

Web Wiz Forums - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/55220/info Web Wiz Forums is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in...

Ryan Naraine on Exploit Mitigations and the MS12-020 RDP Bug

Dennis Fisher talks with Ryan Naraine about whether exploit mitigations such as ASLR and DEP really make any difference in preventing browser attacks and the seriousness of the MS12-020 RDP vulnerability that was patched during March’s Patch Tuesday release. Podcast audio courtesy of sykboy65...

Raising the Bar on Browser Attacks

VANCOUVER–If there’s one thing that emerged from all of the craziness that was CanSecWest, Pwn2Own and Pwnium, it’s that life is becoming more difficult for researchers and attackers looking to exploit modern browsers. It’s not impossible, of course, but it’s certainly not the warm-up exercise th...

Annuaire PHP - 'sites_inscription.php' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/51434/info Annuaire PHP is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user i...

Popular Sports Site Goal.com Serves Malware

Goal.com, a popular football aka “soccer” for all us Yanks news site was hacked and found serving malware via drive-by-downloads between April 27 and 28, according to a post by Web security firm Armorize. In an analysis of the attack, Armorize researcher Wayne Huang suggests that a hacker...

Drupal Embedded Media Field Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Details of this disclosure are also available at http://www.madirish.net/?article=472 Description of Vulnerability: - ----------------------------- Drupal http://drupal.org is a robust content management system CMS written in PHP and MySQL. The Drupal...

Top 10 IT Security Trends for 2011

The crystal ball gazing has started early this year. Typically, tech prediction pieces emerge after Christmas, but the first 'security trends for 2011' missive has already dropped into my inbox. So, what does the somewhat premature Imperva Application Defense Center think will worry us the most o...

Inside the URLZone Trojan Network

Security researchers tracking the URL Zone malware/botnet have stumbled upon a new tactic being used by cyber-criminals to hide information on the money mules being used to transfer stolen funds from compromised online bank accounts. URLZone, which targets computer users in Western Europe, is a...

Open Auto Classifieds <= 1.5.9 Multiple Remote Vulnerabilities

Exploit for unknown platform in category web applications ============================================================== Open Auto Classifieds = 1.5.9 Multiple Remote Vulnerabilities ============================================================== MorningStar Security - Advisory...

OpenBB 1.0.x - post.php Multiple SQL Injections

OpenBB 1.0.x - post.php Multiple SQL Injections source: https://www.securityfocus.com/bid/10214/info It has been reported that OpenBB is affected by multiple input validation vulnerabilities. These issues are due to a failure of the application to properly sanitize user supplied user input. The S...