Search results

Indeed, attacks on Web applications and on the application layer in general are plentiful. Protecting against these types of attacks is particularly challenging since many are zero-day exploits caused by software bugs or Web server misconfiguration. Application security is a complex problem. You...

An attacker will first attempt to gain access to the device by exploiting a vulnerability or by tricking the user into installing malware. If successful, the attacker would have gained access with the privilege of the exploited program or of a normal app in the case of a malware install. While...

“The Dyre Wolf” by IBM Security researchers, shows a brazen twist from the once-simple Dyre malware by adding sophisticated social engineering tactics likely to circumvent two-factor authentication. In recent incidents, organizations have lost between $500,000 and $1.5 million to attackers...

We are going consider how to delete flash cookies and keep our PCs out of reach of some prying websites.When you watch videos on the internet, Adobe Flash Player stores cookies on your computer. These Flash Cookies or Local Shared Objects (LSOs) may be desirable as they are able to transfer...

What is a proxy and what types of proxies exist? A proxy is nothing more than a tool allocated to act as an intermediary in communications. Depending on what type of proxy is used, it may be possible to identify the information sent by the user—and this may be recorded on some kind of equipment...

The first thing I would recommend to folks looking to get into this industry is to take some classes on Information Security. You can do that in a school setting, or you can get education in the form of a training program, or as part of a conference depending on how comfortable you are with...

Contact customer service If the hack is of Facebook, Twitter or another online service provider, you should contact their customer service teams as soon as possible. These companies, especially in the social networking space, are getting better at cracking down on stolen accounts and even have...

A portion of customer data from much-respected anti-virus firm BitDefender has leaked online and, according to the hacker who took the data and tried to extort the firm, usernames and passwords were not encrypted. The perpetrator told FORBES all the data he stole was unencrypted. Usernames and...

These are some of the biggest computer hacks of the past five years. 1. Adobe (October 2013) Number of people affected: 150 million Information stolen: Email addresses and passwords for 150 million users, according to security vendor Sophos, as well as credit card data for 2.9 million users. A...

Criminals seek out these systems because they know that’s where they can gain access to a large number of records of customer data, specifically credit and debit card information. Here are two common attack vectors and some details on what can be done to keep such systems mostly immune from...

Never in my wildest dreams did I expect that blog to be tweeted, posted to LinkedIn, shared on Facebook or emailed as much as it has been since the initial publication date. I’m truly grateful for the interest in the topic and for the support in getting our valuable mobile application security...

Securing Web applications is not just a matter of writing secure code. Organizations large and small must establish a well-defined application security testing program that includes their entire application portfolio. This program must touch on various areas including education, threat modeling...

For years, we have all been aware of PC-based malware and how it might infect and damage our computers. As a result, most of us are running antivirus software to protect against infection. Many of us have also become ultra-diligent about not opening questionable emails or clicking links that...

Nowadays, application development is moving more and more onto the Web. The Web hosts entire productivity suites such as Google Docs, calculators, email, storage, maps, weather and news — everything we need in our daily lives. Our mobile phones are useless without the Internet since nearly all...

The goal of this blog is not to discourage you from using these applications. Rather, its goal is to educate organizations and their users on potential risks and mobile security best practices to use the applications safely. Potential Exploits in Dating Apps The vulnerabilities IBM discovered...

The other day, a colleague was musing about whether we need new security tools for the Internet of Things (IoT). If a watch or car navigation console runs Android 5.0 (Lollipop) or apps from the Google Play Store that use a cellular or Wi-Fi connection, what makes securing those devices...

Adulterers around the world are wetting their collective pants over news that notorious cheating site Ashley Madison has been hacked — with the hackers threatening to leak the site’s user data if it isn’t shut down. Of course, that’s not the only digital break-in to make headlines lately...

Google is not just listening to your searches, but the search engine is also recording and storing every single voice search you make. Google is incredibly accurate at understanding your voice. The company secretly stores its users' searches from its voice-activated assistant Google's Voice...

Facebook is set to launch a new ‘Photo Magic’ tool to make it easier for you to share photos with your friends even before you upload them to the social network. The tool, which will be integrated with Facebook Messenger will scan through your camera roll with the help of facial recognition...

ahoo was started nearly 20 years ago as a directory of websites that helped users explore the Internet. While we are still committed to connecting users with the information they’re passionate about, our business has evolved and at the end of 2014 (December 31), we will retire the Yahoo...