New attack vector – Man-in-the-Browser Malware –
OWASP has a good description of Man-in-the-Browser or MITB attacks. I am trying to explain it with an image (this is a fictional account)- 1. the Customer (person trying to…
Computer hacker pleads guilty on ATM fraud
CBS local in New York has an audio spot $14mil in 2 days in 17 countries on 15000 ATM devices. Apparently JPMorgan Chase processed debit card transactions for the American…
NASDAQ, PNC Bank, Heartland Payment Systems, 7-Eleven, JC Penney hacked
Arstechnica has an old story that I thought was interesting: From 2005 – 2012 there were multiple break -ins thus the hacker “owned” the various company sites. The overwhelming attack…
Everything Matters – what is important? HP Loadrunner vulnerability
Managers have to make decisions as to what to focus on: HP Loadrunner vulnerability is one of those. specifically 11.52 and here is the money quote: RESOLUTION HP has provided…
High exploit vulnerability: Alt-N Security gateway
IBM’s ISS explains the potential problem and with informative links: The problem is the software is vulnerable to a specially crafted HTTP request to SecurityGateway.dll using a long username parameter,…