Over 170,000 people are part of the Sophos community on Facebook. Why not join us on Facebook to find out about the latest security threats. Don't show me this againHi fellow Twitter user! Follow our team of security experts on Twitter for the latest news about internet security threats. Don't show me this againDon't forget you can subscribe to the SophosLabs YouTube channel to find all our latest videos. Don't show me this againHi there! If you're new here, you might want to subscribe to our RSS feed for updates. Don't show me this againAlready using Google+? Find us on Google+ for the latest security news. Don't show me this againHe'
A complex targeted cyber-attack that collected private data from countries such as Israel and Iran has been uncovered, researchers have said.
Russian security firm Kaspersky Labs told the BBC they believed the malware, known as Flame, had been operating since August 2010.
The company said it believed the attack was state-sponsored, but could not be sure of its exact origins.
In the past, targeted malware - such as Stuxnet - has in the past targeted nuclear infrastructure in Iran.
This new threat appears not to cause physical
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post. Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use. A SQL injection is a virus or bug that effects an application that is not properly coded or secured. There are many different configurations of various software used to build and run a website. An
Conference speakers of the future are to be given the opportunity to be mentored and trained via the ‘rookie track' at next year's Security B-Sides London.With offers of an experienced mentor to help the speaker prepare for a friendly, introductory environment, the rookie track is designed to bring new blood into the speaking circuit.B-Sides London rookie track co-organiser Robin Wood told SC Magazine that they were inviting people who have never spoken at a conference before to submit talks with full support available to help them with it.He said: “It can be very daunting to get up on stage and speak for an hour in front of a large group of
So one of the core aspects of my mostly-kidding-but-no-really White Hat Hacker Flowchart is that, if the target is a web page, and it’s not running on your server, you kind of need permission to actively probe for vulnerabilities.
One could make the argument that you can detect who in the marketplace has a crack security team, by who’s willing and able to commit the resources for an open vulnerability review policy.
Some smaller sites have also jumped on board (mostly absorbing and reiterating Salesforce’s policy — cool!):
There’s some interesting implications to all of this,
You don't have to look very hard to find an article discussing password breaches. Recently there was a lot of buzz around LinkedIn, LastFM, and eHarmony, three very large sites suffering from passwords being leaked to the public. This is not a new phenomenon (Earlier this year everyone was all up in arms about the Zappos password breach), but one that continues to garner attention in the media.
However, what most journalists are saying about password breaches is likely different from what I am about to tell you; it simply does not matter how strong your password
Blizzard announced today they they have suffered a major data breach, and sensitive user data was stolen from their servers. According to their statementÂ the specific data stolen includes email address, theÂ answer to the personal security question, and information relating to two-factor authentication. They also lost their SRP server-side verifier database, which is the database they use to verify user passwords.
And despite what Blizzard is claiming, I believe the vast majority of their users’ plain text passwords have been exposed as well.
- BYOD into the Cloud: The Next Phase of Enterprise Mobility -
- Big Data: Architecting Systems at Speed - E2 Conference Boston
- Get practical information on how to develop your organization's mobile commerce application - Mobile Commerce World - Mobile Commerce World
- Mobile Connect - E2 Conference Boston - E2 Conference Boston
- How to Choose a SaaS Vendor - E2 Conference Boston
This Week's Issue
Free Print SubscriptionSubscribe
Current Government Issue
- The Government CIO 25: These influential and accomplished government IT leaders are finding ways to be cost efficient and still innovate.
- Rethink Video Surveillance: It's not just about networked cameras anymore. New technology provides analytics, automation, facial recognition, real-time alerts and situational-awareness capabilities.
- Read the Current Issue
- Strategy: Heading Off Advanced Social Engineering Attacks
- Strategy: Developing a Strategy for Enterprise Application Security
- Informed CIO: SDN and Server Virtualization on a Collision Course
- Strategy: One-Click Disaster Recovery
- Strategy: Smartphone Smackdown: Galaxy Note II vs. Lumia 920 vs. iPhone 5