- SQL Injection attacks rose 69% in Q2 according to cloud provider, FireHost. They saw almost 470k attacks in this quarter (as opposed to 277k attacks in Q1. The senior security engineer believes this is due to the lack of security involvement in many software development lifecycles. Via InfoSecurity Magazine, more here.
- Dropbox left itself open to attacks, as well as failed to foresee user misconduct, creating a huge target surface for attacks. This article attributes the recent Dropbox security incident to user misconduct and zero remediation to protect users. This incident provides a good set of lessons learned for any security professional. Via eWeek, more here.
- Microsoft has released the 1.0 version of their Attack Surface Analyzer. This is the same tool that Microsoft professionals use themselves. It scans networks and compares the current state to known states, identifying changes along the way. If you are interested, hit the link to download it. Via Net-Security.org, more here.
- Google has updated their App developer rules to fight malware and spam. The Google Play Store is FILLED with junky apps, they may sound like their real counter parts (sometimes even with good names) but spam your phone or do worse. Google has updated their developer language to help fight these. Via eWeek, more here.
- Sophie Curtis of TechWorld asks why mobile phones cannot be the security token of the future. I think this is a great idea, and already use the Google Authenticator myself for multi-factor authentication. A concern might be how easy some of these devices are to hack (or rather, how easy their users are to hack). More here.
- Cybersecurity Bill’s Prospects Wane Amid Election-Year Politics – politics are bogging down the passing of cybersecurity standards that some say will hurt business profits. In these extremely constrained financial times, it is paramount to protect your business from cyber attacks (attacks which can cost millions). It is estimated that every one dollar spent in prevention saves ten dollars in remediation. Via Bloomberg Businessweek, more here.
- General Alexander of USCYBERCOM and NSA recently quoted McAfee stating that cybercrime costs $1 trillion a year. Wired examines this claim (which if not true right now, will certainly be true historically). Via Wired, more here.
- Skype Spamming Tool offered for only $10. Net-Security.org examines Skype Flooder, a security tool that can be purchased in underground forums for just a few dollars. This tool comes pre-loaded with 5,000 names with which to flood. More here.
- Microsoft Tool Evaluates New Software’s Impact on OS Security (pcworld.com)
- SQL injection vulnerability scanner (daniweb.com)
This post by RyanKamauff was first published at CTOvision.com.
Leave a Reply
You must be logged in to post a comment.