October 11th, 2011 
Mourad Ben Lakhoua 10,000 websites have been compromised to redirect users to a new exploit toolkit called Nice Pack, discovered Wednesday, attempts to take advantage of flaws in users’ third-party apps, such as Java and Adobe, to install the “Zero Access Trojan,”. Malicious URL are not always related to a single domain, attackers mostly try to place redirect [...]
Posted in Malwares, Tools, Web Security 
Tags: jsunpack-n, Malicious Web Site, Wireshark 
4 Comments » August 27th, 2011 Mourad Ben Lakhoua Malysian CERT announced a new free service DNSwatch that will check every website address your computer is trying to access. Basically the checks are performed while you’re browsing the internet, clicking a link in an email, or running a program “under the hood” trying to communicate with servers for information or updates. DNSwatch will help [...]
Posted in Web Security Tags: cybersecurity, CyberSecurity Malaysia, DNSwatch, MyCERT, Web Security 1 Comment » August 23rd, 2011 Mourad Ben Lakhoua One of main problem in HTTP protocol is encrypting traffic and verifying data security, securing the web application against any threat is very important especially that if hackers conduct a Man-in the middle attack he can get all users information while data are transferred in a clear text form. HTTPS is a combination of the [...]
August 15th, 2011 Mourad Ben Lakhoua Hacktivist group Anonymous has hacked into myBART.org website belonging to San Francisco’s BART (Bay Area Rapid Transit) system. The attack was an SQL injection against the site and was able to extract more than 2,000 records containing names, usernames, passwords (plain text), emails, phone numbers, addresses and zip codes. The website has been running a [...]
Posted in Vulnerabilities & attacks, Web Security Tags: Anonymous, Defacement, OpBART, SQL Injection, Web Defacement 2 Comments » July 30th, 2011 Mourad Ben Lakhoua New vulnerability has been discovered in Elgg an open-source application that helps to create social networking engine, delivering the building blocks that enable businesses, schools, universities and associations to create their own fully-featured social networks and applications. Well-known Organizations with networks powered by Elgg include: Australian Government, British Government, Federal Canadian Government, MITRE, The World [...]
Posted in Vulnerabilities, Vulnerabilities & attacks, Web Security Tags: Elgg, open source, Vulnerability, XSS, XSS Vulnerability 3 Comments » July 24th, 2011 Mourad Ben Lakhoua WebSurgery is another suite of tools for security testing of web applications. It was designed for security auditors to help them with the web application planning and exploitation. Currently, it uses an efficient, fast and stable Web Crawler, File/Dir Bruteforcer and Fuzzer for advanced exploitation of known and unusual vulnerabilities such as SQL Injections, Cross [...]
July 22nd, 2011 Mourad Ben Lakhoua Access to the internet has become essential for almost every business. Sometimes there is the urge to prevent employees from using the internet to stem productivity losses or out of fear that something bad will happen if everyone in the organization has unrestricted internet access. In reality, studies show that employees who do not have [...]
Posted in Web Security Tags: Access Control, GFI, internet access control software, Internet Security No Comments »
