Web


Nearly Nine in Ten Websites Contain One Serious Vulnerability

For at least the third year in a row, the number of serious vulnerabilities per website has fallen. That sounds like good news until you look at the numbers and realize that the average website carried an astonishing 56 holes in 2012, according to statistics compiled by WhiteHat Security and based upon data gathered from tens of thousands of websites.

Bots, Zeus, Web Exploits: the Most Potent Threats of 2012

Every year it seems that security-related news advances further from its roots in national security circles, IT departments, and the antivirus industry into the mainstream consciousness. From July to the end of year was no exception. However, despite a handful of flashy security stories, F-Secure claims that the second half of 2012 was really about things that rarely (if ever) come up in local and national news: botnets, ZeroAccess in particular, Java and other Web exploits, and the ubiquitous Zeus banking Trojan.


The Web site MySQL.com and other Web servers belonging to Oracle Corp.’s Sun Microsystems division were compromised on Sunday by Romanian hackers who took advantage of a SQL injection vulnerability in an application running on the server.

Security Experts will tell you that one year is a lifetime in the world of online threats and attacks. But eight years after Microsoft introduced its innovative severity rating system for software vulnerability, the company says its original definitions of what makes a software hole important still apply. Security experts aren’t so sure.

By Rich Mogull (Macworld)
As a security analyst and researcher, I often find myself exploring some of the darker corners of the Internet. In the course of staying current on security issues, I frequently must browse the sorts of Web sites no average person should go anywhere near; I’m also far more likely to be targeted in an attack. That’s forced me to develop a somewhat extreme approach to safer surfing.  Read the full story [macworld.com]

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.