It is a common technique for criminals to target gaming applications as a propagation vector for malware distribution. Recently, I observed just such a malicious Android app, which acted as an interesting information stealer and then self-destructed. I took this case to investigate further as an interesting research.
Web Application security has become the biggest concern for almost all organizations who wish to bring their business to the Internet. There are various reasons behind why we are still unable to fix issues like SQL Injection, Cross-Site Scripting etc. These range from developer complacency, lack of knowledge about the security issues, lack of management […]
Recently “watering hole attacks” are getting popular among the hacking groups for targeting large groups of victims who routinely visit a popular website or discussion forum to share or discuss on common interests. Technically, these attacks work by tricking people to click on a “popular link” which is actually a window to download various malicious […]
What is Information Rights Management? Information Rights Management is the set of techniques and methods which protect the highly sensitive information of the organization irrespective of the file location whether it resides “in” or “outside” the corporate boundaries. This happens as the permissions embedded inside the file don’t allow unauthorized access, modification, copying or printing. […]
What is Data Leakage Prevention? Data Leakage Prevention is the category of solutions which help an organization to apply controls for preventing the unwanted accidental or malicious leakage of sensitive information to unauthorized entities in or outside the organization. Here sensitive information may refer to organization’s internal process documents, strategic business plans, intellectual property, financial […]
I was reading the Joomla Update, http://developer.joomla.org/security/news/563-20130801-core-unauthorised-uploads A bug in Joomla Core and having the criticality is always awesome to see 🙂 I decided to give the bug a look to see what the actual problem was. I looked at the diffs (changes made) to the latest version 2.5.14 https://github.com/joomla/joomla-cms/commit/fa5645208eefd70f521cd2e4d53d5378622133d8 From the commits, there are […]
Introduction Protecting the confidentiality, integrity and availability of patient information by healthcare organizations became a legal requirement via the Health Insurance Portability and Accountability Act, (HIPAA), which came into enactment in 1996. HIPAA is a federal law, designed to protect the privacy of individually identifiable patient information, both physically and electronically. It provides continuity and […]
What is a Spear Phishing? Spear phishing is a deceptive communication technique in which a victim is lured via e-mail, text or tweet by an attacker to click or download a malicious link or file. The common objective of this technique is to compromise the victim machine by stealthily inserting a backdoor which seeks to […]
Introduction Advanced Persistent Threats (APTs) are growing as a serious concern as they represent a threat to an organization’s intellectual property, financial assets and reputation. In some cases, these threats target critical infrastructure and government institutions, thereby threatening the country’s national security itself. The defensive tools and other controls are frequently rendered ineffective because the […]
OWASP TOP 10 list is being constantly updated every 3 years to keep pace with the current threat landscape for web application security. Key factors in its evolution are advances made by attackers, the release of new technologies with new weaknesses, more built in defences, and the deployment of increasingly complex systems. On June 6, […]
