Checkmarx Acquires Custodela to Bring Enhanced Automation to DevSecOps Programs!

What’s HOT in Application Security Vol #22

Game publisher Ubisoft in hot water due to serious security threat

Ubisoft is a household name synonymous with fantastic, exciting games and also with a zero tolerance approach to game piracy.

The company has been plagued with problems recently after the Uplay network has been absolutely overloaded with issues; outages, technical issues and now security!

It has now transpired that the Ubisoft network plugin which is attached on the browser ( something which is designed to allow the web client to launch games directly ) can also reach all other applications and access them remotely. This has been an issue of serious concern to customers and Ubisoft.

For more information please go to:

 http://www.pcauthority.com.au/News/310385,security-hole-found-and-fixed-in-ubisoft-browser-plugin.aspx 

What is Anonymous up to in Australia?

The infamous Anonymous activists recently managed to access the AAPT, nicked 40GB of highly sensitive customer data then forced 10 Australian Government websites to go down!

It’s pretty embarrassing for the government websites and very concerning for the customers, whose data is so totally unprotected and easily compromised.

What was the reason for this latest string of attacks by the well-known Anonymous group? According to the group, they did so to protest the new privacy laws which aren’t to their liking. Haven’t they heard of a petition?

For more information please go to:

http://www.sbs.com.au/news/article/1675174/Why-is-Anonymous-hacking-Australia 

SQL Injection Attacks up 69% in 2012 alone!

A popular point of contention on this blog has been the increase in SQL Injection attacks. Each year more and more publications are arising on how SQL Injection are yet again, on the rise.

This year we are seeing a 69% rise in the level of SQL Injection attacks. The latest number, which was released by a security company, says that this attack is the most obvious choice of exploitation for data thieves.

All anyone has to do to see this statistic in action is remember the recent Linkedin, Yahoo, last.fm, Android Forums, Billabong etc attacks.

For more information please go to:

http://www.zdnet.com/sql-injection-attacks-up-69-7000001742/

We’ve heard of a cook off- what’s a hack off?

17 Year old Aneesh Dogra, famous for developing a virus which could infiltrate any Linux operating system, has added another string to his bow; a hack off. Dogra recently bet his friends that he could attain more Orkut scraps than them, created a script that would post scraps on his account and has been the source of much media attention ever since.

This day long event, which was intended to expose managing and securing digital information, engaged participants from all over the globe; of different ages, countries and social background. The goal behind the event was simple; Your data is unsafe, do something about it now!

For more information please go to:

http://articles.timesofindia.indiatimes.com/2012-07-30/delhi/32941750_1_cyber-crimes-stricter-laws-orkut

Top Security executive; developers of cloud based applications not prepared for hacker threat

Matt Bertram, chief technologist of software at a Security Company in Asia-Pacific and Japan argues that developers of cloud based applications have yet to catch up with hackers with regards to secure coding. Whist developers of traditional software are  familiar with good security code practices, Bertram claims that cloud based security practices are not as good and may leave loopholes in the code that hackers can exploit.

Bertram also notes that often security for cloud based enterprises come second place to other features such as quality, performance  and resilience.  However, with hackers learning how to attack corporate networks and the application itself, security negligence will have a high price to cloud based application

The Security executive also mentioned the fact that cloud based security practices would need to be more stringent than ever due to the fact that cloud apps are more visible than internal ones and therefore more exposed to hacking. The cost to corporate business will be substantial should a breach occur.

Jump to Category