From SearchSecurity (Rob Westervelt)
Stolen FTP credentials are suspected as the root cause of a massive attack compromising over 40,000 web sites.
Attackers have targeted legitimate websites in the latest wave, and so far researchers at security vendor Websense Inc. say it isn’t likely that SQL injection, cross-site scripting or other website vulnerabilities are to blame. Instead, the attackers are easily injecting malicious JavaScript code into sites by logging in with stolen usernames and passwords. Read the full story [techtarget.com]