Microsoft’s current SIR, Security Intelligence Report Volume 8 , shows that Finland leads the pack in countries with at least 1 million average monthly MSRT executions. Only 1.4 infections per one thousand

Read the original:
SIR: Finland Has Lowest Infection Rates

News of a twin bombing attack in Russia shocked the world on Monday morning as two female suicide bombers blew themselves up in Moscow subway stations. According to news reports, the attacks killed at least 38 people and wounding more than 60. Jumping a the chance to make profit from terrible events, cybercriminals quickly picked up on the news and used this for their own malicious attacks.

The rest is here:
Moscow Subway Explosions Result to FAKEAV

Recent news of a swimsuit mishap involving a popular Philippine TV personality, Anne Curtis , spread like wildfire when members of the press captured the said incident and circulated supposed videos over the Web. The incident happened last Sunday while the Australian-born TV host and movie actress was performing a dance number while shooting live for a local noontime TV show.

Excerpt from:
Anne Curtis’ “Nip-Slip” Leads to FAKEAV

Buying and selling stock online is big business. It also carries it’s own risks. And we don’t mean the risk of doing bad investments; we mean loosing access to your trading account because your computer got infected by a keylogger.

Read more:
Online stock trading is risky

This relates to my last post where Boaz Gelbord ( Security Scoreboard ), cited something very interesting about the Massachusetts data security regulation going into effect March 1. Their listed “Computer System Security Requirements” of their “risk-based approach” is pasted below. While I can’t say any one of these security controls is a bad idea, but can someone please tell me how any of this stuff is going to thwart Web-based attacks!?

Read more:
Hey Massachusetts, where is your application security requirement?

We saw a pretty PDF file today (md5: 116d92f036f68d325068f3c7bbf1d535). It looks like this: Nice flowers. Unfortunately, when viewing the file, it uses an exploit against Adobe Reader and drops and runs a file called 1.exe

More:
Watch out for flower-show.org

A new spam campaign gives the phrase “too good to be true” a whole new spin: spammed messages purporting to come from Google in response to job applications. While most spammed messages take advantage of a specific special occasion , holiday , or even a currently newsworthy item , spammers have hit a new low with their latest scheme.

See original here:
Spammers Fake Responses from Google Job Applications

Every year the Web security community produces dozens of new hacking techniques documented in white papers, blog posts, magazine articles, mailing list emails, etc. Not to be confused with individual vulnerability instances brandishing CVE numbers, nor intrusions / incidents, but actual new methods of Web attack. Some techniques target websites, others Web browsers, and the rest somewhere in between.

More:
Top Ten Web Hacking Techniques of 2009 (Official)

Ten of Application Security industry’s coolest, most interesting, important, and entertaining links from the past week — in no particular order. Regularly released until year end. Then the Best of Application Security 2009 will be selected! Another fine method to exploit SQL Injection and bypass WAF Security and Facebook Platform When Is More Important Than Where in Web Application Security Apple - XSS Attack Cross-subdomain Cookie Attacks PILOT: Production in lieu of testing (AgoraCart FAIL) Facebook and MySpace security: backdoor wide open, millions of accounts exploitable SSL and TLS Authentication Gap vulnerability discovered Using Blended Browser Threats involving Chrome to steal files on your computer LinkedIN With ‘Bill Gates’ WhiteHat Security is a leading provider of website security services

View post:
Best of Application Security (Friday, Nov. 6)

Our blog has been nominated in the 2009 ComputerWeekly.com IT blog awards. We’re in the IT Security category. If you like us, you can vote at ComputerWeekly.com .

Visit link:
Vote 4 Us