Manual SQL Injection demonstration using DVWA
Scripts are nice, but they will fail eventually. But, that doesn’t mean the flaw is not exploitable. Eventually you will need to turn to manual techniques to verify a …
Google warns Gmail users on spying attempts from China
Recently, a number of users have been witnessing a glaring red banner popping up when they accessed their Gmail account, saying “Warning: We believe your account was …
ZeuS tries to bypass two-factor authentication
Since more and more financial institutions and companies are beginning to use mobile text messages in order to provide two-factor authentication to its users, it was just a …
As the PCI deadline looms, merchants should avoid quick fix measures
On Thursday 30 September 2010, the latest PCI DSS deadline kicks in, requiring all level one merchants (those processing more than six million transactions per year) to adhere …
USB drive identifies and extracts data, leaving no footprint
Harris Corporation introduced a highly customizable USB thumb drive that quickly extracts targeted data from computers. The device – called BlackJack – is designed …
60% of organizations suffered $2 million losses for Web 2.0 security issues
While organizations see the potential value of Web 2.0 tools, decision makers continue to debate whether or how to allow employee usage of the technology in the workplace. A …
Free malicious PDF analysis e-book
Didier Stevens, the hacker who became a synonym for malicious PDFs, released a free e-book. It’s a chapter he wrote as co-author of a malware analysis book. For more …
Week in review: Stuxnet, XSS Twitter flaw, and 2-factor authentication from Google
Here’s an overview of some of last week’s most interesting news and articles: Cybercriminals steal Interpol Chief’s identity to access info on fugitives …
Bizarre tale behind conviction for botnet initiated DDoS attack
In a curious twist of fate, a man who refused to continue his collaboration with a group who’s goal was to unmask pedophiles because he was concerned that their methods …
Examining the Stuxnet worm
Digging into the Stuxnet worm reveals all kinds of interesting information. Maybe you’ve heard that the worm propagates by exploiting the Windows .lnk file vulnerability …
“Girl killed herself” Facebook scam returns
If the title of the “Girl killed herself, after her dad posted This to her Wall” Facebook page sounds somewhat familiar, it is because almost two months ago the …
E-crime gangs targeting classifieds, social networking and gaming websites
Phishing gangs have been increasing their efforts against brands in the social networking, online classifieds and online gaming industries, according to the APWG. In its …