A self-proclaimed grey-hat hacker has located a critical SQL injection vulnerability in a website belonging to security giant Symantec. The flaw can be leveraged to extract a wealth of information from the database including customer and admin login credentials, product serial numbers, and possibly credit card information.The flaw was found by a Romanian hacker going by the online handle of Unu, according to whom an insecure parameter of a script from the pcd.symantec.com website, allows for a blind SQL injection (SQLi) attack to be performed. In such an attack, the hacker obtains read and/or write permission to the underlying database of t... [read more >>] Three individuals were charged on November 19 for their role in an attack, which involved hijacking the comcast.net domain name and redirecting its traffic to a rogue website. According to the indictment, the defendants used social engineering in order to obtain information that facilitated their plans to alter the domain's DNS records.In May 2008, the comcast.net domain name, belonging to one of the largest Internet service providers in the United States, started redirecting to a Web page reading "KRYOGENIKS Defiant and EBK RoXed COMCAST sHouTz to VIRUS Warlock elul21 coll1er seven.” This made it impossible for Comcast customers... [read more >>] The largest credit card recall effort in Germany's history is underway after an undisclosed payment processor in Spain was breached. Affected individuals are currently being notified and they will be reimbursed if they suffered any losses.The warning about the dangerous situation came from both Visa and Mastercard. “The German banking industry has responded rapidly to the warning of VISA and MasterCard regarding a possible theft of credit card data from German customers at a Spanish company,” Germany's Central Credit Committee (ZKA), announces (translated from German).The total number of recalled credit cards is estima... [read more >>] Adobe has recently rebutted the claims of a security researcher, according to whom a design flaw in the way Flash Player executes SWF files can put websites accepting user uploads at risk. The professional now says the company totally missed the point and that its expectations of webmasters to address this are completely unrealistic. Almost two weeks ago, we reported about the security risks of misconfigured crossdomain.xml files. These files contain rules for Flash's cross-domain access policy. However, more recently, a security researcher named Mike Bailey has exposed an ever more dangerous issue with Flash's same origin policy... [read more >>] The gang of fraudsters who stole $9 million after hacking into the RBS WorldPay payment processor last year have been indicted by a grand jury in Atlanta, the United States Department of Justice announces. Four hackers and six cashers were charged with various counts of wire fraud, computer fraud and aggravated identity theft.Back in December 2008, close to the winter holidays, a major US-based payment processor called RBS WorldPay announced that its network and computer systems were breached by unknown attackers. The company, which is operated by the Royal Bank of Scotland Group, said at the time that only around 100 re-loadable payroll ca... [read more >>] A Web developer has documented a proof-of-concept attack that could have been used to hijack accounts and steal private information on Facebook and MySpace. The attack leveraged a serious security oversight in XML configuration files used to define the cross-domain access policy for Flash applications.The discovery was made while 24-years-old Dutch Web developer Yvo Schaap tried to find a workaround to a problem he was having with one of his Facebook applications. “I found a solution to one of my function limitations. Surprisingly, when looked into more carefully my solution allowed full access and control to the Facebook user account... [read more >>] Malwarebytes accuses Chinese antivirus vendor IObit of stealing its intellectual property and threatens to pursue legal action. Despite the solid evidence presented by Malwarebytes, IObit denies any wrongdoing and plans to respond through its lawyers.Malwarebytes Corporation is a US-based company developing several security-oriented applications. Its flagship and most popular product is called Malwarebytes' Anti-Malware (MBAM), which comes in both free and commercial flavors and is particularly renowned for its ability to remove rogueware.In a post published on its official blog yesterday, Malwarebytes takes aim at IObit for allegedly ... [read more >>] Security researchers report that a wave of Halloween-themed threats are out to get you. Beware of dodgy e-cards, screensaver downloads, poisoned search results, and spam, they warn.In this day and age, it goes almost without saying that the Internet is a scary place on every holiday. But Halloween in particular is a special time for Internet users, if not for the unusual high number of threats floating around, at least for the irony - this holiday is all about scary stuff. And guess what, according to numerous security experts, you should be scared.There are a few types of tricks that users should be particularly wary about. Free downloads ... [read more >>] Internet users resolving DNS requests through the OpenDNS were not able to access pages on the Ebay UK website yesterday. The problem was caused by a bogus entry in the phishing filter used by the service.The reports started flowing in around last night, when many users trying to access any page starting with http://cgi.ebay.co.uk received a "Phishing Site Blocked" error. "Phishing is a fraudulent attempt to get you to provide personal information under false pretenses. We prevented you from loading this page as part of our safer, faster, and smarter DNS service. […] Powered by OpenDNS," the message read.The problem lasted for about ... [read more >>] A former antivirus analyst ostracized by the AV community for unethical behavior is accusing Kaspersky Lab of injecting malicious code into his newly launched website. Researchers with the Russian antivirus vendor portray the former white hat as a cyber-criminal associated with the Sinowal gang.Peter Kleissner is an 18-year-old hacker living in Vienna, Austria. He made a name for himself partially due to a research paper regarding master boot record (MBR) rootkits, which he presented at the 2009 Black Hat security conference. MBR rootkits consist of malicious code that is able to execute before the operating system and reinfect it on every ... [read more >>] | 
RSS
