Archives of Security Breaches

Real security is made up of a number of different processes, policies, and technologies. If one part of the security picture is missing then the data is vulnerable. Where are backups kept? Are they in a secure location? While the following example is a fairly rare occurrence, it is a good reminder about backup security. […]

A tool, discovered by Sans Security Handlers, has shed light on how 10000 web sites were compromised earlier this year. An automated SQL injection attack that utilized google searches against ASP pages that contained potential sql injection points is at the core of the attack. While we had a general idea about what they do […]

2021 The United Nations Office of Information and Communications technology has a Vulnerability Disclosure Program. A Security Research Group made up of independent security experts - Sakura Samurai - was running tests and was able to find 100K+ Employee Records of the United Nations Environmental Programme (UNEP). A misconfigured Apache webserver exposed files linked to […]

Interesting study by Google on the distribution of malware across different web servers. They took a sample of 70'000 sites so it is a good indication of what is being compromised to serve up malware to the public. The breakdown by server software is depicted below. It is important to note that while many servers […]

Located in Russian underground forums and built as a commercial package, the MPack Exploit kit was the first documented type of its kind. On 18th of June 2007, a large scale attack was uncovered at an Italian based Web Hosting company. First discovered by Panda Software in May 2007, reports are stating over 10'000 sites […]