What’s HOT in Application Security Vol#7

SQL Injection- the Number One Security Concerndescribe the image

Cybercriminals are using SQL injection to attack both websites and internal databases. Why are they doing this? The answer is simple- to seek sensitive data which could be used for black market activities or even identity theft. Most public websites don’t even fully understand how totally ‘at risk’ their websites are.

Furthermore a lack of adherence to compliance- such as PCI DSS, HIPPA or other regulations are being noted more and more; lack of attention to these regulatory bodies can lead to serious security flaws and hefty legal fees.

For more information please go to:
http://www.marketwatch.com/story/sql-injection-is-1-database-security-concern-among-smbs-2012-04-03

PCI Security- it’s not a choice

Mastercard and VISA have both been subjected to a fresh batch of security attacks; these attacks had the experts wondering if PCI DSS is the true answer. One can argue that PCI gives a clear path on how to deal with breaches, but it can also be seen that compliance is not a cure.

“While the scope and details of the attack are not yet known, it shows three years after the Heartland Payment Systems breach of 130 million credit card numbers that credit card data is still vulnerable,” said Neil Roiter, research director at Corero Network Security. “The Payment Card Industry Data Security Standard (PCI DSS) is highly prescriptive in nature, but simply complying does not ensure credit card security. Companies that rely on PCI DSS to solely dictate their security measures will continue to remain vulnerable to attack.”

An estimated 10 million VISA and Mastercards were recently acquired in one of the biggest breaches of a US based processor.

For more information please go to:
http://www.computerworld.com/s/article/9225709/The_PCI_effect_for_better_or_worse_following_fresh_breach_of_MasterCard_VISA?taxonomyId=82

Companies need to improve their banking security methods!

Cyber criminals are only getting better at their attacks whilst companies simply aren’t keeping up with their technology and methods. Done are the days where a firm can rely on regulation solely to protect itself from the hackers- companies MUST go beyond the industry standard regulation in order to prevent costly breaches, say security experts.
With more than 70% of all security breaches aimed at the financial sector, it’s not as if the firms aren’t aware of this stressful issue; the payment card industry security standards council even sets a strict set of laws to companies who handle this type of data. Has this stopped companies from being hit? On March 31st, for example, major transaction processor ‘Global Payments’ announced that 1.5 million cards had recently been exposed- a breach which will have trashed the company’s reputation and caused significant inconvenience to its customers.

For more information please go to:
http://www.risk.net/operational-risk-and-regulation/news/2166138/firms-improve-card-security-measures-experts

Hackers; can they get their hands on medical implants and your insulin shots?

If a cybercriminal gets their hands on your credit card information it’s a pain; you need to cancel your cards, direct debits and can even lost monetarily if you aren’t insured. Imagine that the hackers did not stop at merely inconveniencing but could gain access to your medical equipment- dialysis machines, insulin shots and physically harm it’s ‘victims’?

Barnaby Jack, security analyst, recently revealed that he succeeded in hacking into a famous manufacturer of insulin and was able to manipulate the radio signals using an antenna- modifying alerts etc.

Researchers at the University of Massachusetts are working exclusively to attempt to overcome potential security breaches in their cardiac devices- tampering with pacemakers and other heart equipment would prove potentially fatal.

For more information please go to:
http://www.dailymail.co.uk/health/article-2127568/Hackers-gain-access-medical-implants-endanger-patients-lives.html?ito=feeds-newsxml

Hacking Group ‘Anonymous’ vandalize hundreds of Chinese Government Websites

The famous ‘anonymous’ hacking group recently succeeded in hacking and vandalizing hundreds of websites belonging to the Chinese government in what is thought to be a political move; as the Chinese Government does not allow internet freedoms.
They posted taunting messages on the websites:

“Dear Chinese government, you are not infallible, today websites are hacked, tomorrow it will be your vile regime that will fall. So expect us because we do not forgive, never. What you are doing today to your Great People, tomorrow will be inflicted to you. With no mercy,” it read.

Although the websites were quickly returned to their normal states it is yet another example of the vulnerability of public websites to attacks.

For more information please go to:
http://indiatoday.intoday.in/story/chinese-hackers-attack-indian-websites/1/182495.html 

Anonymous hackers tamper with the Pope’s visit to Mexico

The political hacking group ‘anonymous’ breached two websites belonging to Pope Benedict’s upcoming visit to Latin America; stating that such a visit is a move to support the National Party.
Currently the damage to the visit appears to be purely logistical, the group tampered with the schedule and made a few other defacements.

Such a breach stands to be yet another example of poor attention to detail on the part of whoever is responsible for the Pope’s security.

For more information please go to:

http://www.google.com/hostednews/ap/article/ALeqM5gyKNneZOJ3vgTqhIikRZkSTR4Vuw?docId=83f2bf02737a4e03aec8a8d59bdd0d0e

The following two tabs change content below.

Checkmarx

Latest posts by Checkmarx (see all)

Jump to Category