Want to be a Member of the Program ???

12
March

Before reading the following, ask yourself if you’d recommend to the average user that they store their passwords in a local password manager. Today there are four primary ways users lose control over their web-based passwords. Phishing Scams (email or SEO), Malware (installing malware or drive-by-downloads), website break-ins (SQLi, RFI, misconfiguration, etc.), and website brute-force attacks.

Here is the original post:
Password Managers, is this the best option user’s have?

Category : Web App Sec | Blog
25
February

More than 60 websites have been found to be hotbeds for SEO poisoning. Each of these domains host hundreds of possible matches for search keys. Also, the topics in one domain overlap with that of the other domain, thus making it possible that they will both emerge in the search results

Here is the original post:
60+ Compromised Sites with SEO Poisoning

Category : F-Secure | Blog
23
February

Why is it that banking trojans are a problem when all online banks are HTTPS secured and many of them employ multi-factor authentication?

Read more here:
Sprechen Sie SSL?

Category : F-Secure | Blog
4
February

Any penetration tester would agree that pivot attacks, designed to compromise a secondary host to more effectively attack primary targets, are incredibly powerful. Organizations tend to have difficulty protecting all hosts at all times, which is why proper network segmentation is vital should loss of control occur on any one node. Often it’s easier to compromise a host from behind rather than head on

See the original post here:
Web 2.0 Pivot Attacks

Category : Web App Sec | Blog
28
January

As the rescue efforts continue in Haiti , the world waits with bated breath for more good news about survivors.

Read the original post:
Haiti Spam Leads to New Malware

Category : infySEC | Blog
21
January

Trend Micro fraud analysts recently came across spammed messages targeting customers of the Fifth Third Bank. The messages urged recipients to log in to a temporary link, http://www.53.com.{BLOCKED}.com.pl/wpserver/cmportal/cblogin.php?session=667882698791972326077742654898739&email=p2t2all@tacobell.com , in order to download and install a digital certificate that would supposedly reinforce the bank’s security.

Excerpt from:
Phishing in the Guise of Enhancing Security

Category : infySEC | Blog
13
January

Following the usual cycle of monthly patch releases, Microsoft just issued its first for this year last January 12.

See the article here:
One Patch For January Patch Tuesday

Category : infySEC | Blog
11
January

Google’s Android mobile operating system has been out for a while and is generating more and more interest.

Read more from the original source:
Warning on possible Android mobile trojans

Category : F-Secure | Blog
8
January

We haven’t seen ransomware for a while, so a recent scheme that mixed elements of modern rogueware pushing and old-school ransomware attempts was rather interesting.

Continued here:
Ransomware - Buy Back Your Own Files

Category : F-Secure | Blog