Want to be a Member of the Program ???

17
March

The PCI Security Standards Council’s (PCI-SSC) recently published March Assessor Newsletter , which contains rather “interesting” language for certain Approved Scanning Vendors (ASV). It is unclear what the penalty will be for firms who continue their misleading practices

See the original post:
PCI-SSC slaps ASVs wrists over marketing claims about 11.2 & 6.6

Category : Web App Sec | Blog
17
March

People choose their passwords based on different factors: how easy they are to remember, how strong or complex they are, the sentimental value they have, etc.

Continued here:
Passwords—Can’t Live With ‘em, Can’t Live Without ‘em

Category : Symantec | Blog
16
March

In the past couple of months, Symantec has observed a mass phishing attack on two major brands that provide retail electronic payment services for banks across the globe.

Go here to see the original:
Mass Phishing of Retail Electronic Payment Brands

Category : Symantec | Blog
15
March

The Saturday night boxing match between Manny Pacquiao and Joshua Clottey was one of the most awaited sports events of 2010. It should not be a surprise then that cybercriminals took advantage of it to spread malware. Another blackhat search engine optimization (SEO) attack led users who wanted to watch the fight online via live video streams (using the search phrase “manny pacquiao vs joshua clottey live streaming”) to malicious sites.

Here is the original post:
Pacquiao-Clottey Live Streams Lead to FAKEAV

Category : infySEC | Blog
15
March

For cybercriminals, another celebrity’s death means a new life for their scams.

Read more:
Corey Haim’s Death Leads to FAKEAV

Category : infySEC | Blog
12
March

Before reading the following, ask yourself if you’d recommend to the average user that they store their passwords in a local password manager. Today there are four primary ways users lose control over their web-based passwords. Phishing Scams (email or SEO), Malware (installing malware or drive-by-downloads), website break-ins (SQLi, RFI, misconfiguration, etc.), and website brute-force attacks.

Here is the original post:
Password Managers, is this the best option user’s have?

Category : Web App Sec | Blog
11
March

In February, spammers continued to use the news of the earthquake in Haiti and the recent earthquake in Chile as another vector to utilize.

More here:
Spam and Phishing Landscape: March 2010

Category : Symantec | Blog
11
March

Following our blog, 0-Day attack on IE6: JS.Sykipot doesn’t spare retired software , covering the recent IE 0-day , we thought it might be interesting to look at an attack in the wild using this vulnerabili

Continued here:
Backdoor.Sykipot At Work

Category : Symantec | Blog
11
March

Hot on the heels of this month’s security bulletin , a new vulnerability exploit surfaces with a malware in tow. The new zero-day vulnerability, as described in a previous post, prompted Microsoft to release Security Advisory (981374) while investigations are still underway

See the original post:
New IE Zero-Day Exploit (CVE-2010-0806)

Category : infySEC | Blog