"German researchers have discovered more than 300 cybercrime servers full of stolen credentials on more than 170,000 people -- and it is only the tip of the iceberg, they say. Researchers at the University of Mannheim's Laboratory for Dependable Distributed Systems were able to access nearly 100 so-called "dropzone" machines, and...
The Web Application Security Consortium (WASC) is pleased to announce the WASC Web Application Security Statistics Project 2007. This initiative is a collaborative industry wide effort to pool together sanitized website vulnerability data and to gain a better understanding about the web application vulnerability landscape. We ascertain which classes of attacks...
"An innovative malware honeypot project backed by a leading consortium of IT security experts is preparing to re-launch its global sensor network after Jan. 1 in an effort to dupe more cyber-criminals into handing over information about their latest attack methods. Project link: The Web Application Security Consortium's Distributed Open Proxy...
"The average zero-day (0day) bug has a lifespan of 348 days before it is discovered or patched, and some vulnerabilities live on for much longer, according to security vendor Immunity Inc.'s chief executive officer. Zero-day bugs are vulnerabilities that have not been patched or made public. When discovered and not disclosed,...
"According to reports, thousands of Web sites, predominantly in Italy, were recently compromised using the MPack malware kit, which contained iframe tags that pointed surfers towards hacker-controlled Web sites. A security researcher at the SANS Institute's Internet Storm Centre says that only one of the Web sites hosted on the machine...
"The number of malicious Web sites has skyrocketed over the past few months, going from 5,000 new ones a day in April to nearly 30,000 a day now. "This certainly is a huge increase," said Carole Theriault, a senior security consultant with Sophos, Inc., in an e-mail to InformationWeek. "In June,...
Kevin Beets from avertlabs has published some interesting stats on month of bugs projects including the amount of vulns published verses fixed. For more information visit the article link below. Article Link: http://www.avertlabs.com/research/blog/?p=286
"At least one in 10 web pages are booby-trapped with malware, according to Google. A five-strong Google research team found that 450,000 pages, out of a sample of 4.5 million pages, contained scripts to install malicious code, such as Trojans and spyware on vulnerable PCs, the BBC reports. This is a...
The Web Application Security Consortium (WASC) is pleased to announce the inital release of data collected by the Distributed Open Proxy Honeypot Project. This first release of information is for data gathered from January - April, 2007. During this timeframe, we had 7 internationally placed honeypot sensors deployed and sending their...
"The takeaway is that researchers are paying a lot more attention to web vulnerabilities, and if companies don't want to get caught up in that, then they need to pay attention to those flaws," said Steven Christey, the security researcher that authored the draft report and the CVE Editor for The...
"We are seeing people discover vulnerabilities in software with tiny distribution and low installed base--free guestbooks that are written left and right, available by the thousands. And we are seeing that it takes no skill to find vulnerabilities in these applications. " - Securityfocus http://www.securityfocus.com/news/11367
