What’s HOT in Application Security Vol #27

Could a lack of web application security be affecting your businesses share price?

It has been noted that in larger corporations the linkage of the brand to a string of negative security issues can seriously affect the share price for the worse.

Not only is a security breach likely to be costly and negatively impact your business but it can also affect your share price. A share price is usually indicative of a sound and stable business. A string of hacks indicate that a company does not take its customers’ data protection seriously. If they do not take security seriously then why should they take their finances seriously? Sony, Linkedin and Yahoo have been plagued by a string of negative web application security news in recent months and indeed the share price for that period has reflected that it was more than their reputation that took a hit during these times.

For more information please go to:

http://www.cso.com.au/blog/cso-bloggers/2012/08/31/public-relations-and-information-security/#closeme

Malware: could it threaten virtualized environments?

Malware is used in a variety of different ways by several different organizations. Some are using it for so called ‘cyber espionage’ eg- think Stutnix. Today, many networks are completely based on virtualized security systems. However, are these systems really safe? A good example of open vulnerability is the recent news that a Widows version of the Crisis Malware is able to infect VMware machines.

The malware has been found on VMware virtual machines through compromised hosts and has the capability to reproduce itself onto an image using VMware player tool.

What is interesting is that the malware does not exploit vulnerabilities in the virtualized engine but actually exploits by malicious application the storage of local files.

For more information please go to:

http://www.infosecisland.com/blogview/22254-Crisis-Malware-Threatens-Virtualized-Environments.html

Wikileaks Copycat takes down Swedish Government Sites

WikiLeaks is infamous for high profile hacking; government websites, military websites and news agencies are among only a few of it’s victims. Not only have WikiLeaks gained worldwide notoriety after these hacks, they have also started a large following of fans worldwide. However, with glory, fame and fans galore has also come a string of copycats. One of these wannabee WikiLeak copycats recently took credit for a hack on the Swedish government, army and Swedish institute.

The head of digital media at the Swedish MOD stated they were completely unaware of who was behind the Ddos attacks which succeeded in bringing down the site. However, one only has to look to popular social media sites, like twitter, to see who’s taking responsibility- a WikiLeaks fan who is campaigning against Assange who is in Ecuador avoiding deportation to Sweden by hiding out in an embassy in the UK.

For more information please go to:
http://www.detroitnews.com/article/20120903/NATION/209030379/1361/WikiLeaks-supporters-take-credit-for-hacking–shutting-down-Swedish-websites

Hackers succeed in obtaining almost half a million Yahoo logins

During recent weeks, hackers posted what appeared to be login credentials for various Yahoo sites. The data was retrieved in the form of a very simple, seemingly unsuspicious plaintext document. The data loot was then posted on a public hacking website for the world to see. The data was obtained using the well known SQL Injection method which has plagued the world of application security for many years.

The hackers succeeded in posting around half a million plaintext credentials for Yahoo accounts, nearly 3,000 database table or column names and around 300 MySQL variables.

For more information please go to:

http://arstechnica.com/security/2012/07/yahoo-service-hacked/

The following two tabs change content below.

asaphs

Jump to Category