Older installations of WordPress have recently experienced a new wave of attacks as they have been increasingly targeted by hackers. These installations are highly susceptible to a variety of attacks. What to do, then, when your installation has been comprimised? Here's a good list from WordPress...
If Google detects that your website is hosting malware, it is pretty clear your site has been attacked. Attackers are consistently using automated attack tools looking for SQL Injection points, trying to include files remotely, or attempting to determine ssh passwords via guessing. A frightening trend...
Corporate web communications have grown from simple web pages to massive and complex applications. The security department has mostly kept up and maintained a secure perimeter—even when that perimeter included outsourced and vendor systems. Contracts were in place, systems were secured, and life...
Recently, a state agency announced that their site had been compromised by computer hackers. The attackers left a ransom note on the web site claiming that they had captured 8.3 million patient records and 35.6 million prescriptions. The attackers also claimed to have created a password-protected, encrypted...
Wired is running the story “ The Untold Story of the World's Biggest Diamond Heist ” on their site and in the next issue. You may have already read it, since it’s pretty popular on the tubes right now. If you haven’t—while it’s pretty long—it’s an interesting read on physical security, criminals...
It's 2:34am, local time. You're snoring up a storm after a hard day at the office. You've patched all your servers, your lockdown scripts have been verified, and your IDS is humming along perfectly. Oh, and by the way, someone named "R0kk1t" just stole your customer database. A...
It's the words that keep IT Security Managers up at night - "We have a problem, I think we've been hacked". Of course, there are few possible responses... Acknowledge Responsibly - You can acknowledge what has happened, open an investigation, and communicate with the public and your...
Netcraft is reporting today about a phishing attack leveraging XSS against an Italian bank. From the article (emphasis mine) An extremely convincing phishing attack is using a cross-site scripting vulnerability on an Italian Bank's own website to attempt to steal customers' bank account details...