Exploits / vulnerabilities - News, Features, and Slideshows

News

• MySQL website falls victim to SQL injection attack

  Oracle's MySQL.com customer website was apparently compromised over the weekend by a pair of hackers who publicly posted usernames, and in some cases passwords, of the site's users.

• Russian security team to upgrade SCADA exploit tool

  A Russian security company plans to release an upgraded exploit pack for industrial control software that incorporates a raft of new vulnerabilities released by an Italian security researcher.

• SCADA vulnerabilities prompt US government warning

  A flurry of software vulnerabilities found in a variety of industrial control systems has prompted vendors to begin developing patches, following a warning by the U.S. government's Computer Emergency Readiness Team (CERT).

• New attacks leverage unpatched IE flaw, Microsoft warns

  An Internet Explorer flaw made public by a Google security researcher two months ago is now being used in online attacks.

• Security conference dives into SAP coding problems

  The Black Hat Europe conference in Barcelona next week will feature a keynote on cyberwar from Bruce Schneier, and presentations on security flaws in Apple's Mac OS X and SAP's business software.

• Symantec finds fake Google Android update

  Google's latest update for its Android mobile OS appears to already have been subverted by hackers, according to the security vendor Symantec.

• Tests find security programs fooled by attack vector

  A new round of antivirus testing found some products fail to detect malware that tries to infect a computer via a different attack vector, such as through a local network fileshare or a USB drive.

• European agency warns of botnet dangers

  The battle against groups of hacked computers known as botnets is suffering from a lack of coordination, resulting in a cybercrime industry worth more than US$10 billion worldwide annually, according to a report from a European Union security agency.

• After attacks, Google vows to fortify Android Market

  Google will build new safeguards into Android Market, its application store for the Android mobile OS, following an attack that infected thousands of phones and forced the company to wipe the malware remotely from phones, it said late Saturday.

• Prison for four who ran credit card fraud market

  Four men who ran what U.K. police say was the largest English-language criminal forum for selling stolen credit card numbers and the tools to steal data were imprisoned for a combined total of more than 15 years, according to the Metropolitan Police.

• Android Market spiked with malware-laced apps

  More than 50 applications containing malware have been discovered in Google's application market for its Android mobile OS, a sign that hackers are hard at work trying to compromise mobile devices.

• Advanced Zeus Trojan hits Polish ING customers

  A version of the Zeus malware that intercepts one-time passcodes sent by SMS (Short Message Service) is targeting customers of the financial institution ING in Poland.

• Vulnerability management tools: Dos and don'ts

  <strong>DON'T shortchange remediation.</strong> Surprisingly, organizations will perform vulnerability scans, or hire someone to conduct a scan, get a report and then not follow through. They may cherry-pick one or two critical items and neglect the rest. The result is that the organization has spent time and money without doing much for its security.

• Google extensions could aid Java security

  Google is developing a set of extensions for Java that should aid in better securing Java programs against buffer overflow attacks.

• 'Night Dragon' attacks from China strike energy companies

  Chinese hackers working regular business hours shifts stole sensitive intellectual property from energy companies for as long as four years using relatively unsophisticated intrusion methods in an operation dubbed "Night Dragon," according to a new report from security vendor McAfee.