We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
A mass-injection attack similar to the highly publicized LizaMoon attacks this past spring has infected more than 1 million ASP.NET Web pages, Armorize researchers said today. According to database security experts, the SQL injection technique used in this attack depends on the same sloppy misconfiguration of website servers and back-end databases that led to LizaMoon's infiltration.
The hacker collective known as Anonymous has expressed interest in hacking industrial systems that control critical infrastructures, such as gas and oil pipelines, chemical plants and water and sewage treatment facilities, according to a Department of Homeland Security bulletin.
IT security experts have long loved to troll through hacker forums to gather intelligence on emerging threats and even (as in the ill-fated case of HBGary Federal CEO Aaron Barr) try to profile the hackers themselves. But as a report from IT security firm Imperva shows, many of the so-called hacker portals out there are more hangouts for newbie hackers (and possibly a few budding FBI informants) looking at how to get started in the game.
The Department of Homeland Security (DHS) is warning that hackers from the loose online protest collective called Anonymous have threatened attacks against the computer systems that run factories, power stations, chemical plants, and water and sewage facilities.
The child-friendly Internet home of Ernie, Big Bird and Kermit the Frog went X-rate on Sunday as Sesame Street
Malicious hackers exploit vulnerabilities in phpmyadmin to gain access to WineHQ
Two separate hacker groups whose activities are already known to authorities were behind the serious breach of RSA Security earlier this year and were likely working at the behest of a government, according to new statements from the company
An eavesdropping tool allegedly used by the German government to intercept Skype calls is full of security problems and may violate a ruling by the country's constitutional court, according to a European hacker club.
Sabu, the erstwhile leader of the hacking crew, says he is effectively on the run as he gives interview to Reddit readers about LulzSec's achievements, Facebook, sentencing and more.
Maintainers of the open-source Apache webserver are warning that their HTTP daemon is vulnerable to exploits that expose internal servers to remote attackers who embed special commands in website addresses.
Security experts at Context have discovered a hole in the Apache web server that allows remote attackers to access internal servers. The mod_rewrite rewrite engine ensures that requests are distributed across different servers according to definable rules, for example, in order to balance loads or to separate dynamic and static content.
Russian VXers have begun using obnoxious barcode-on-steroids QR codes as a launchpad for mobile malware. A recently identified malicious Quick Response code on a Russian website links through a series of redirections to a site punting a Trojan version of the Jimm mobile ICQ client.
THE US Department of Homeland Security has warned financial companies to be vigilant about a cyber security threat from Anonymous.
Hackers have posted personal information about the chief executive of J.P. Morgan Chase in solidarity with the Occupy Wall Street protests.
From 2005 through today, SQL injection has been responsible for 83% of successful hacking-related data breaches. It is estimated that there are a total of 115,048,024 SQL injection vulnerabilities in active circulation today.
Hackers have broken into the cellphones of celebrities like Scarlett Johansson and Prince William. But what about the rest of us, who might not have particularly salacious photos or voice messages stored in our phones, but nonetheless have e-mails, credit card numbers and records of our locations?
USA Today's Twitter account was hacked, apparently by the same group that breached the Twitter accounts of NBC and Fox News.
The website for the open-source MySQL database was hacked and used to serve malware to visitors Monday. Security vendor Armorize noticed the problem at around 5 a.m. Pacific Time Monday. Hackers had installed JavaScript code that threw a variety of known browser attacks at visitors to the site, so those with out-of-date browsers or unpatched versions of Adobe Flash, Reader or Java on their Windows PCs could have been quietly infected with malicious software.
Hacking "is very, very difficult to put into an interesting movie story, because the technology is buried in code and programming, and it's about the most uninteresting kind of thing you could ever depict anybody engaging in," says Donn Parker, a security expert who has consulted on numerous hacker films.
Hacktivist group Anonymous is planning to hold a special "Day of Vengeance" in several cities around the U.S. on Saturday.
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
