2007
December 2007 :
- ScanSafe predicts Web 2.0 exploits and roaming workers will top security threats in 2008
- Crime and punishment: The botnet barons
- A Chronology of Data Breaches
- Storm botnet drops strippers, switches to New Year's greeting, Gregg Keizer, computerworld.com
- 'You've Got Cross-Site Scripting', Free email alert service lets customers know when an XSS vulnerability is found on their sites
- Hackers targeting 'forgotten' web apps
- Phishers pinch billions from consumers' pockets
- Insurer gets record fine for ID theft disaster
- The 2007 Security Hall of Shame, Bad breaches, ghastly gaffes and five people we'd like to forget
- VoIP: Security Fear Factor
- The Information Security Forum Releases Report on Dangers of Information Leakage, webwire.com
- Major Identity Theft Operation Exposed
- Shell, Rolls Royce reportedly hacked by Chinese spies
- Where the botnets are
- Web Hosting Providers Let Security Sag
- Why PCI Is Good For Business
November 2007 :
- Buggy Web Apps And Carelessness Top 2007 SANS Threat List
- Three takeaways from the SANS Top 20 (sort of) Internet Security Risk List
- Cyber cold war fears grow, 120 countries have cyber-espionage capability
- The Cost Of Data Loss Rises
- Perspective: The new battleground in cybercrime business
- Police raid botmaster blamed for 1 million infections
- Google looks for help finding malicious Web sites
- Hacker steals nonprofits' data from marketing firm
- Site Hacking for Malice and Profit
- Alleged Cisco hacker convicted in Sweden, bewails fate
- Swatters tricked AT&T while making fake 911 calls Robert McMillan
- Chinese Espionage Cited As Top Risk To U.S. Technology Industry
- Cyber-Crime Crackdown Won’t Stop Cyber Crime
- One in six PCs could be infected with malware
- Stop Data Loss Before it Happens
- The case for application security
- Cyberwar is genuine threat
- Survey finds thousands of database servers open to attack
- PCI DSS Compliance: A Difficult But Necessary Journey
- Know Your Enemy: Behind the Scenes of Malicious Web Servers
- Data Breach Research Offers Hope, but No Reason to Relax
- Federal Prosecutor: Cybercrime Is Funding Organized Crime
- ID Theft Still a Rising Threat as Criminals Grow More Organized
- Cyber-criminals use copycat domain names to infect visitors to legitimate websites
- "Botmaster" admits infecting 250,000 computers
- Indian news site dispensing malware during holiday
- Update: Russian hacker gang vanishes day after moving to China
- Ex-security pro admits running huge botnet, Gregg Keizer
- Two charged with hacking PeopleSoft to fix grades
- Survey: Most Companies Clueless About Costs of Unsecured Data
October 2007 :
- 17 charged in massive ID theft bustGilbert Kallenborn
- Privacy Breach Impact Calculator
- Web application security, development unite
- No Breach, No Foul
- Website Security Seals Get a Boost
- Botnets are getting smaller to evade detection
- European banks remain complacent about compliance and security, survey shows
- Secret Service data reveals the true pain of identity theft
- Silent cyberwar besieges computer networks of US companies and government
- Does Identity Theft Really Come at a Heavy Price for the Victims?
September 2007 :
- Web Security Remains Wild and Wooly
- Web application security is a scary world
- Security Metrics from Jeremiah Grossman
- Is the U.S. at risk from cyberwarfare?
- Cyberthreats Outpace Security Measures, Says McAfee CEO
- China Says It's a Cyber-Attack Victim, not Villain
- Criminals Operating Malware Supermarkets
- The Worst Things About Crimeware: It’s Organized and It’s Easy
- Cyber-Crooks Ape Business Best Practices
- Why Application Security Is Often Overlooked
- Three more western nations have blamed China for an upsurge in hacking attacks against government computers
- Trojan planted on US Consulate website, Russian roulette
- The Times: PLA war-hackers can switch off US navy, Yellow Peril causes wet knickers among excited scribes
- Intrusion detection in the age of compliance
- Symantec: Bank account details fetch $400 online
- Landmark Calif. data breach bill awaits Schwarzenegger OK
- Federal judge backs third-party liability protection for Web sites
- Blunt Advice for IT Follows TJX Breach
- A crime is committed online every 10 seconds in UK
- Storm Worm Botnet More Powerful Than Top Supercomputers
- Web server security wars: Is IIS or Apache more secure
- MPack, Packed Full of Badness
- Custom-built botnet steals eBay accounts
- One in ten Australians victims of ID fraud
- China denies its military hacked Pentagon network
- Web Application Security Statistics
- Ajax application security critical, experts warn
August 2007 :
- Bank of India site hacked, serves up 22 exploits Reminiscent of Super Bowl site hack in January; notorious Russiangang suspected
- 159 million people affected by data breaches in under three years
- Storm Botnet Is Behind Two New Attacks
- Why IT Security Must Combat Organized Cybercrime
- Cenzic Patent Case Worries Web Researchers, Vendors, Controversial patent could affect other Web app scanners
- Survey: Cost of Cybercrime Reaches $7B
- Hacking attacks against banks up 81 percent
- Symantec's 'Dark Vision' mines carder sites. A credit card number can be bought for as little as $6
- Web sites vulnerable to a new generation of attacks
July 2007 :
- The decline of antivirus and the rise of whitelisting
- The limits of web application scanners
- New hacking technique exploits common programming error
- We're All in the Security Business Now
- McAfee SiteAdvisor Phishing Quiz, Can you tell a fake Web site from a real one?
- Application security arms race, Chris van Niekerk
- Web application security -- time for services
- Phishing tool constructs new sites in two seconds
- The Complexities of Assessing XSRF (Cross-Site Request Forgery) Automatically Yet Accurately
- Nearly 30,000 Malicious Web Sites Appear Each Day
- Web application security market shifting
- Application security takes on greater importance in Web 2.0
- Security Appliance Vendors Blasé About CSRF Flaws
- Report: Data breaches don't often result in ID theft
June 2007 :
- Calif. bill holding retailers responsible for data breach costs moves ahead
- Cyber Security: Data Breach Insurance Gains in Popularity
- Hackers compromise 10k sites, launch 'phenomenal' attack
- Data Breach Kit: Five Steps to Help You Survive the Inevitable
- How much spam is your company sending? Study shows organizations blast spam without knowing it
- Jeremiah Grossman on the pervasive nature of XSS
- Retailers fume over PCI security rules
- XSS malware technique branches out; some target kids' sites
- Google: Attack code more likely on Microsoft IIS
- Finding and blocking Web application server attack vectors
May 2007 :
- Handful of States Consider New Data Breach Laws
- Top 10 vulnerabilities in Web applications in Q1 2007
- Google : 10 percent of sites are dangerous
- Tool used to control botnets across 54 countries discovered
- Webhosting companies are hosting A LOT of badware sites
- StopBadware says majority of malware sites hosted by five ISPs
April 2007:
- Companies Say Security Breach Could Destroy Their Business
- Crackers Turn Toward Web Site Attacks
- Web attackers get better at hiding
- A third of IT managers report data breaches: survey
- Web threats to surpass e-mail pests
- Just how much will that data breach cost your company?
- Security Breaches Cost $90 To $305 Per Lost Record
- Botnets Battle Over Turf, Kelly Jackson Higgins
March 2007 :
- Top 10 security threats in 2007
- The birth of a website - can't you bad guys just wait a day?
- ID theft threats have surged 200% since Jan. 1
- Web attacks get personal
- 9 in 10 UK websites 'insecure'
- Report says identity thieves working hand in hand with 'bot herders'
- Criminals selling stolen identities $1 to $14
- ID theft in under 15 seconds
- Web Application Auditing Over Lunch
- Spammers hack websites to make money from online pharmacies
- Hackers broaden risk of cross-site scripting attacks
- Some Companies Lose Data Six Times a Year
- Why your web apps are sitting ducks
February 2007 :
- Don't leave it all to your [network] firewall
- We need web application firewalls to work
- Black Hat: Botnets Go One-on-One
- Know your enemies : web application threats, collective work
- Wait for WAFs
- I don't want a web application security product, I want a solution
- Web apps remain a trouble spot
- 70% websites at direct risk of being hacked
- RSA ’07 Hackers find a wealth of victims on corporate Web sites
- The Year Hacking Became a Business
- New Online Threats for 2007
- US Identity theft loss in 2006