What’s HOT in Application Security Vol #19

Cyber Attacks on ATM and online banking are at an allApplication Security News Image time high

Cyber Attacks which are aimed at online banking applications are at an all time high, according to several security experts. Unsurprisingly, almost one third of all attacks were aimed at banks which reside in the Gulf, where the banks are swelling with oil money and where small amounts of money missing from accounts are likely to go un-noticed.

The banking industry, it seems, simply isn’t keeping up with the criminals, who are inventing new and different ways to bypass security systems and get their hands on sensitive data. The Automatic Money Transfer ( ATM ) seems to be plagued by breaches where criminals are continually able to by pass innsufficient security measures.

For more information please go to:
http://gulfnews.com/business/technology/cyber-attacks-on-atm-and-internet-banking-applications-on-the-rise-1.1046051

Malicious malware becomes more than annoyance to new generation of smartphones

Since the beginning of 2010 there has been over a six fold increase in the number of malicious ‘groups’ of malware software for mobile phones. Open source applications such as the hugely popular Android are particularly vulnerable in comparison to Apple’s closed

model of operation. Most malware is still of the Trojan application type that guise themselves as something but steal data. Google has already removed a number of applications that have conned their users into paying premium prices for services such as SMS texts.

For more information please go to:
http://www.indystar.com/article/20120709/BUSINESS06/120709001/-b-Malware-b-Having-trouble-getting-online-Call-your-provider

Prominent researcher to demonstrate the vulnerability of low value data bases to SQL injection

Unsecured and low value databases that contain temporary workload information could be the perfect vender for SQL injection attacks. Whilst low level information does not seem that critical, one prominent researcher, Zachary Culpit will in the coming weeks give a presentation on how he used SQL injection attacks that lead to remote takeovers of WiFi routers. A good example is the storing of login details on SQL Lite databases in a way that if a potential attacker can find SQL injection weakness they could log into the router and remotely dominate its functioning.

Culpit hopes that the presentation will show that even when faced with an SQL injection that does not seem to be of much importance, combined with other vulnerabilities can lead to a damaging attack. The researcher has found and intends to show how SQL injections against routers can extract files from the router file systems

Hackers adopt ‘Ransomeware’ to exploit important data security

What the computer security industry has dubbed ‘Ransomware’ has become an increasing problem for small companies. Typically the scam involves holding sensitive company information hostage unless some form of ransom is paid. A recent example is the so named Revton Trojan which freezes a computer and demands payment for its release.

The illegal scam is very simple in concept. The malware disables a computer and then sends a pop-up message from a ‘legitimate regulatory’ body that claims the address has been linked to an illegal act such as child pornography and will only be released upon payment to an online payment site.

For more information please go to:

http://www.opinion250.com/blog/view/24959/1/computer+fraud+warning+-+ransomware+and+scareware

Google opens up its cloud security to third party scrutiny

With a lot of hesitation about the true information security of cloud applications, Google is taking major public relation strides to calm company fears of cloud security. Third party audits are becoming increasingly popular for cloud based applications to prove their information security superiority.

Google Apps for businesses received a major boost recently when they received ISO 27001 certification. The third party auditor Ernst & Younge CertifyPoint who conducted the Google audit put the business suite through rigorous tests to make sure it met ISO standards. Among these standards include; a management system that is capable of addressing current and future security needs, the impacts of potential security breaches, their impact on businesses and the treatment of potential risks.

This type of security certification is a major accomplishment for Google as well as other cloud based applications and businesses. Since Google’s first fray into the world of cloud computing they have gained a reputation for reliability and ease of use on the go. Third party auditing is becoming an increasing popular way for cloud applications to prove they are a safe, secure and flexible for companies considering to move into cloud computing. The receiving of standardised audit certification will give a competitive disadvantage to those who do not.

http://cloudtimes.org/2012/07/05/googles-cloud-security-reaches-new-high/

The following two tabs change content below.

Checkmarx

Latest posts by Checkmarx (see all)

Jump to Category