Sean Michael Kerner Avatar
  • Yahoo Password Breach Puts SQL Injection In the Crosshairs

      SQL Injection has long been identified as one of the top vulnerabilities affecting web applications. Even though SQL Injection attack vectors are well known, it’s an attack that keeps on yielding big name website results -– just ask Yahoo. On Wednesday night, a hacker group known as “D33Ds Company” publicly posted a password dump […]

  • Understanding the Flame Malware

    While most Americans enjoyed a long holiday weekend, researchers in the security community were working around the clock to unravel the mysteries of one of the most intimidating pieces of malware code ever found. Known by the names Flame, Flamer, and sKyWIper, the malware is significantly more complex then either Stuxnet or Duqu — and […]

  • Google Wallet Compromised with Hackers Access to PIN & Funds

    What would happen if you lost your wallet to a thief? It’s a question that Google Wallet users on Android phones are asking themselves in the wake of multiple reports of security vulnerabilities in Google’s mobile payment technology. Google Wallet is a virtual payment system that can be used with online merchants on the web, […]

  • Protecting Against SQL Injection Attacks with Oracle Database Firewall

    Exploits that take advantage of SQL Injection (SQLi) vulnerabilities in software are among the most dangerous and prevalent attacks on the Internet today. In a SQLi attack, hackers typically take advantage of security flaws in web application software to pass malicious commands to a database back-end. A SQLi vulnerability can potentially enable an attacker to […]

  • Which Browser is the Most Secure?

    Editor’s Note: An updated version of this article can be found here: Which Browser is Best for Security? For as long as there has been more than one browser, users have been asking which browser is more secure. Answering the question has often led to an evaluation of publicly disclosed vulnerabilities and determining how long […]

  • Detecting Malicious Traffic in HTTP Headers

    In the battle against malicious traffic and infected websites, security researchers are always looking for new avenues of detection. According to Trustwave Security Researcher Rodrigo Montoro, one such approach could come from an analysis of HTTP headers to detect potentially malicious traffic. Speaking at the SecTOR security conference in Toronto, Montoro detailed his approach toward […]

  • Fraudulent SSL Cert for Google Revoked

    SSL is supposed to protect web users by encrypting data. When it comes to trusting an SSL certificate, Web browsers rely on authoritative certificate authorities (CA) that validate the authenticity of a given SSL certificate. But what happens when a CA issues a fraudulent SSL certificate? This week, certificate authority DigiNotar was found to have […]

  • WordPress Gets Clickjacking Protection

    The open source WordPress blogging application is being updated to version 3.1.3 this week adding multiple security fixes and improvements. Among the fixes is a moderately critical patch for arbitrary file upload vulnerability “The application improperly validates uploaded files, which can be exploited to execute arbitrary PHP code by uploading a .phtml file with e.g. […]

  • IronBee Open Source WAF Project Launches

    Web Application Firewall (WAF) technology is seen by manyas a much needed technology for Web application security. In the open source world, the ModSecurity project has helped to lead the charge for WAFs, but there is now a group that is aiming to build a new open source WAF called IronBee. Spearheaded by Qualys security […]

  • IBM AppScan Takes Aim at Input Validation

    Cross-site scripting (XSS) and SQL injection flaws are among the most common and lethal types of security vulnerabilities. Both sets of flaws often stem from the same root cause, which is typically some form of an input validation issue. Ensuring that input validation is done correctly is no easy task, which is where the new […]

Top Cybersecurity Companies

Top 10 Cybersecurity Companies

See full list

Get the Free Newsletter!

Subscribe to Cybersecurity Insider for top news, trends & analysis