Whats HOT in Application Security Vol #9

Apr 24, 2012 By Administrator

Lady Gaga keeps her poker face in light of SQL Injection!Application Security News

Lady Gaga’s website had a ‘Bad Romance’ with an SQL Injection attack, revealing the personal details of thousands of fans!

The hack was reported more than six months ago and was committed by a group of hackers going under the pseudoname ‘SwagSec’. Even though the hackers never actually published the personal information of the fans, it is a major embarrassment for Lady Gaga’s team.

Ironically, the ultra-liberal Lady Gaga was accused of homophobia by the group- allegations she vehemently denies. Reps for the singer claim that no financial information was taken by the attack but Universal Music Group reported the breach to the relevant Security authorities.

For more information, please go to:

http://www.scmagazine.com/lady-gaga-website-hacked-to-expose-users-data/article/207774/

The infallible ‘Anonymous’ hacking group makes headlines but doesn’t influence corporate spending

It seems you can’t browse the internet at all today without being bombarded by another attack by a hacking group- ‘Anonymous’, ‘LutzSec’ etc. Whilst these hacking groups are certainly gaining exposure, they are yet to affect corporate spending. Companies are not spending enough money protecting themselves from SQL Inejection and DDos attacks, but are continuing to spend on malware and phishing.

Conversely, we see that these attacks are far more prevalent- but spending doesn’t reflect. Businesses continue to spend much less to battle these types of attacks- not fearing the dreaded SQL and Ddos attacks which can cost the company millions in revenue and their business value in reputation.

For more information please go to;

http://www.informationweek.com/news/security/attacks/232900691

Do you want to fight Ddos attacks? Here’s how!

Preventing the dreaded distributed denial of service attacks seems impossible, but with attention to detail and advanced planning its manageable and conquerable!

  1. Realize you’re vulnerable!
  2. Plan Ahead
  3. Use the simplest tactics
  4. Prepare for the worst case scenario
  5. Keep your eye on the network
  6. Don’t forget potential bottlenecks
  7. Think about your countermeasures
  8. Work closely with your internet service provider
  9. Keep your eye out for blended attacks
  10. Think about application layer attacks

Remember, stay ahead of the game to stay safe and for more information please go to:

http://www.informationweek.com/news/security/vulnerabilities/232600411?pgno=2

Toshiba Web Application Security Flaw

Toshiba America, Inc. one of the nation’s leading group of high technology companies, ran a competition on its website, which required customers to enter their personal data. However, unfortunately the web application that was built by a third party company didn’t take proper security measures thus causing exposure of approx. 20 customers credentials.

http://www.information-age.com/channels/security-and-continuity/news/2099223/ico-raps-toshiba-over-web-application-security-flaw.thtml

New Cyber Crime Unit

Europol, a new unit integrated within the European police agency that was suggested by The European Commission, once established will be focusing primarily on coordination between police forces, government organizations and businesses in the battle against cyber-crimes.

http://www.information-age.com/channels/security-and-continuity/news/2096033/ec-plans-new-cyber-crime-unit-at-europol.thtml

LinkedIn Invitations may lead to Malware

Watch out for hackers sending out malicious links and messages to LinkedIn users that may seem legitimate but by clicking on them you will be directed to a “notification“ page that will run scripts and eventually lead to exploitation.

http://www.infosecurity-magazine.com/view/25295/phony-linkedin-invitations-lead-to-malware/

Information Security Breaches

Companies are failing to do their security jobs in pretty much the same way they’ve been failing for years. Too many organizations aren’t taking the security threat seriously and smaller organizations aren’t even employing the most basic of security measures. According to PwC information security partner Chris Potter “breaches occur through ignorance rather than malice. Greater security awareness is vital but it is not being implemented.  Possession of a security policy by itself does not prevent breaches; staff need to understand it and put it into practice.”
For more information please go to:

http://www.infosecurity-magazine.com/view/25232/pwc-2012-information-security-breaches-survey-preliminary-findings-report-continued-mobile-insecurity-/

The following two tabs change content below.

Administrator

Latest posts by Administrator (see all)

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.