What Are Hackers Doing to Attack Your Business? Just Ask Them
Which parts of your business IT network are likely to come under attack from hackers over the next while? There's no need to guess. To find out what they're interested in, just see what's on the agenda at the next hacker and security convention.
You may think of hackers as sun-deprived loners sitting in a hidden basement somewhere, but many of them actually gather right in the open at highly-publicized conferences at nice hotels. They attend seminars right alongside security professionals and FBI agents at "neutral ground" conferences such as Black Hat, Defcon and HITB (Hack In the Box). Hackers are quite open about which network vulnerabilities they might want to target. All you have to do is read the conference agenda!
To demonstrate, here are some hot topics from the publicized agendas from some of these conferences:
Encoded, Layered, and Trancoded Syntax Attacks: Threading the Needle past Web Application Security Controls
"Learn how to breathe new life into your old web application zero-day syntax attacks...
By properly encoding, double-encoding, and triple-encoding, or by utilizing newer undocumented, transcoding-attacks, it is possible to bypass many common web application security controls to successfully exploit the target parser."
Clobbering the Cloud
"The talk will focus both on attacks against the cloud and on using these platforms as attack tools for general Internet mayhem. For purposes of demonstration we will focus most of our demos and attacks against the big players, like Amazons EC2, Salesforce.com and friends."
Bugs and Kisses: Spying on BlackBerry Users for Fun
"This talk explores other means of how BlackBerry handhelds can be compromised to sniff user’s email (and optionally instant messages, web browsing traffic, and SMS messages)... A live demo involving BlackBerry handhelds will be provided, so all of those who like to get pwned, please bring your BlackBerries!"
SQL Injection Worms for Fun and Profit
Earlier this year the first (publicly known) SQL Injection worm appeared. This worm used SQL Injection to insert malicious scripting tags into the pages of over 90,000 sites that were vulnerable to SQL injection."
Methods for Understanding Targeted Attacks with Office Documents
"In the last few years, we have seen increasing targeted attacks using malicious Office documents against both government and non-government entities."
As you can see, if you want to know what parts of your network you may want to pay special attention to, the information is already available. Your web applications (where a staggering 80 per cent of all attacks on the network begin), cloud platforms, mobile devices, websites and essential business software are all targets for attack. There's no time to waste in locking down these parts of your network.
Would you like help in keeping your organization safe from network and web security threats? For information about website security scanning and other ways to protect your business and customers, contact Boonbox.
Case for Security Webinar: Web Application Security 101
What do hackers look for when attacking Websites? And how do you know when you've been hacked? As hacking expertise has become a lucrative endeavor, hackers rather stay silent instead of promoting their conquests to the world like they did 10 years ago. So what are some easy ways to protect your brand and data from this subversive underworld?
With 400 new application vulnerabilities a month (and growing), you need to keep ahead of hackers by taking proactive approaches towards Web application security. We will walk you through a demonstration of what hackers look for in a Website as "easy prey" and ways they can break into security layers to steal personal information and other valuable data from your system. He'll also show you fast, simple ways to fix such flaws and how to monitor future possible breaches.
Presenter
Lars Ewe is a technology executive with broad background in application development and security, middleware infrastructure, software development and application/system manageability technologies. Throughout his career Lars has held key positions in engineering, product management/marketing, and sales in a variety of different markets. Prior to Cenzic, Lars was software development director at Advanced Micro Devices, Inc., responsible for AMD's overall systems manageability and related security strategy and all related engineering efforts
Date and Time
Wednesday, October 14, 9-10 am Pacific Time
How to Register
1. Go to http://boonbox.webex.com/meet/boonbox
2. Click "Show All Meetings".
3. Click the "Register" link on the right in the Status column for "Web Application Security 101" and fill in the short registration form. You will be sent your registration confirmation information and instructions on how to participate.
Who Should Register
Business owners and IT professionals looking to improve their business operations through better use of IT solutions.
As an additional benefit of signing up for this Case for Security webinar, you will also receive a complimentary subscription to our newsletters, Cyber Security Informer and Pacific Coast Informer.
More event information for Case for Security Webinar: Web Application Security 101
Ask A Security Expert
"What are media player vulnerabilities?"
We download music and videos on our business networks to watch news, educate ourselves, and find other useful business content. For that, you need a media player application. Media players can be exploited to install malware such as viruses, bot-net applications, root kits, spy-ware, and ad-ware.
For Windows, media players include Windows Media Player, RealPlayer, Apple Quicktime, Adobe Flash Player and Apple iTunes.
Mac OS uses RealPlayer, Apple Quicktime, Apple iTunes, Adobe Flash Player.
Good system inventory and patch management practices will help you be proactive against these threats. In addition, review installations of downloaded media players to ensure only authorized applications are resident on your operating systems. Limit installations of software by users.
If your organization requires assistance in developing a user account access system, contact Vancouver's IT consulting and security experts.
Devfense Cyber Alert
PCIS Devfense Cyber Alert identifies websites that are vulnerable to attack. See the latest websites identified as vulnerable to badware at Devfense Cyber Alert on Twitter
This is not a complete list of all vulnerable sites on the Internet, but only represents websites where vulnerabilities were found within the past 90 days. These are only the latest additions to an ever-growing club of sites found to be insecure according to various public sources and online tools used in the web security industry.
If you would like more information on our data and why these sites are listed here, please contact PCIS
Devfense Cyber Alert Sites With Vulnerabilities Discovered in Past 90 Days
actionshoes.com
bowlingballreviews.com
christiantopsites.com
darryltaylor.com
dayofthejedi.com
employersbid.com
eurosoccercompany.com
expressnewsindia.com
flashgreetingscards.com
healthcarebest.com
|
highlander-official.com
instantmarketingsuccess.com
milestoneinteractive.com
mysafesearch.info
mysticalgateway.com
onlinecasinoblog.org
peopletechsearch.com
phpcontactform.com
softwarejobsindia.com
webenterprise.biz |
Other ways to stay connected
About Boonbox
Boonbox is a division of Pacific Coast Information Systems Ltd., specializing in products for web security, network security, password management and data backup.
PCIS is a Vancouver-based company which provides strategic consulting, application development, technology solutions and managed services to companies and government organizations throughout North America.
How to Subscribe/Unsubscribe to the Informer
SUBSCRIBE: To subscribe to the Cyber Security Informer, send a blank email message with subject line "SUBSCRIBE" to informer@pcis.com
UNSUBSCRIBE: If you do not wish to receive future issues of the Cyber Security Informer, send a blank email with subject line "UNSUBSCRIBE" to:informer@pcis.com and we will promptly remove you from our distribution list.
WE WANT YOUR FEEDBACK: Our purpose for providing this free service is to keep our clients and business contacts informed of technology developments. This information can help them resolve common problems and achieve their full potential by strengthening their business processes and infrastructure. Your input is important to us and we welcome your ideas for new features and how we can continue to improve our service to you. Send your comments and suggestions to informer@pcis.com or contact us directly at 604.844.7558
|
