Tag: open source

WineHQ Database Hacked, Passwords Stolen

Posted October 12, 2011 by TeamSHATTER Admin in Data Breach, Database Security, MySQL, Technology with 0 comments
WineHQ Database Hacked

Add WineHQ to the list of open-source projects struggling to contain a serious security breach. WineHQ, which manages software that’s used to run Windows applications on Linux, BSD, Solaris and Mac OS X, confirmed the breach and warned that the intruders were able to hijack usernames and passwords. “What we know at this point that someone was able to obtain unauthorized access to the phpmyadmin utility. We do not exactly how they obtained access; it was either by compromising an…

Click for complete article >>

Mass iFrame Injection Attack Hits More Than 3 Million Pages

Posted August 2, 2011 by TeamSHATTER Admin in Attack Vectors, Data Breach, Database Security, e-Commerce with 0 comments
iframe injection attack

The recently discovered iFrame injection campaign rages on, as the number of compromised web pages goes from 90,000+ to over three million. Armorize researchers have been keeping an eye on the unfolding situation and point out that the attackers are taking advantage of a number of vulnerabilities in the Open Source online shop e-commerce solution osCommerce. The injected iFrames point to the willysy.com and exero.eu domains and through a series of redirections and JavaScript loadings of additional iFrames takes the…

Click for complete article >>

2011 – The Year of NoSQL Data Breaches?Team Shatter Exclusive

Posted January 26, 2011 by TeamSHATTER Admin in Data Breach, Database Security, Database Vendor, Team Shatter Exclusive, Uncategorized with 0 comments
data breach

It seems to me that the last couple of years have created some fresh interest in database technology. Nearly every company that I have talked to in the last six months has been considering NoSQL alternatives in many of their business applications. NoSQL includes all types of databases that don’t necessarily follow the relational form. Dozens of videos on InfoQ, numerous presentations on SlideShare and endless posts on YC discuss how small and large businesses can apply NoSQL, replacing traditional relational database management systems (RDBMS). I see teams map-reducing mass amounts of sensitive data for analysis in Hadoop. The buzz about the MongoDB outage at FourSquare got nearly as much attention from the world as the security breaches of traditional RDBMS at Gawker and Silverpop. I believe it’s all going to change soon: TeamSHATTER has seen strong growth in research and hacker activity targeting NoSQL databases. This is an alarming trend and I predict that in 2011 we’re going to read about several high profile data breaches that involve NoSQL databases.

Click for complete article >>

Securing Java Applications with Smart Cards and Single-Sign-OnTeam Shatter Exclusive

Posted November 2, 2010 by TeamSHATTER Admin in Best Practices, Government (Federal), Team Shatter Exclusive with 0 comments
masterlock

I recently visited a large U.S. government agency that has been rolling out a number of security initiatives over the last few years. The organization has been an AppSecInc customer for quite sometime and is currently fully deployed with DbProtect, scanning and monitoring hundreds of databases. They take security seriously and continue reducing their risks with various enterprise-wide activities, one small step at a time. This is my favorite kind of progress, where patience and grit always pays off in the long run.

Click for complete article >>
Powered by