Web 2.0 technologies, such as Facebook, MySpace and Twitter, are a major security concern for businesses, according to research by Deloitte.

A survey of 200 technology, media and telecommunications firms shows 83% view the exploitation of vulnerabilities in Web 2.0 as a significant threat .

“In some cases, employees unintentionally release sensitive information without realising the consequences,” said James Alexander, partner in Deloitte’s Security and Privacy Team.

Continue reading …

Newly released client data from White Hat Security finds organizations are slow to close known security holes in their Websites

Most Websites harbor at least one major vulnerability, and over 80 percent of Websites have had a critical security flaw, according to new data released today by WhiteHat Security.

The Website vulnerability statistics, based on Website vulnerability data gathered from WhiteHat’s own enterprise clients, show that 63 percent of Websites have at least one high, critical, or urgent vulnerability issue, and there’s an average of seven unfixed vulnerabilities in a Website today.

Continue reading the article …

Security researchers have revealed that the websites of no less than six anti-virus firms are vulnerable to cross-site scripting flaws, of a type that might lend themselves to phishing attacks.

Some of the firms involved have admitted problems, while others say the issues raised have either already been fixed or are erroneous.

Read more ….

Government audit of 70 Federal Aviation Administration Web-based applications finds flaws that could put air traffic, itself, at risk

A government audit (PDF) has pinpointed more than 3,800 vulnerabilities — 763 of which are high-risk — in the Federal Aviation Administration’s Web-based air traffic control system applications, including some that could potentially put air travel at risk.

The U.S. Department of Transportation report, with the help of auditors from KPMG, determined that the ATC’s Web-based applications aren’t secured from attacks or unauthorized access, and that the FAA hasn’t set up the necessary intrusion-detection functions to catch security incidents at ATC locations.

Read more …

More than 62 percent of companies experienced a security breach in the last twelve months due to insecure software, a survey conducted by Forrester has revealed.

Forrester’s “Application Risk Management in Business Survey” research, commissioned by application risk management platform supplier Veracode, surveyed more than 200 respondents from 180 different businesses across various industry sectors. Development, security and risk professionals across the UK and US were interviewed.

Continue reading the article

As the Conficker worm has evidenced, with an estimated 10 million systems infected, the problem of criminally motivated malware infiltration and computer compromise is highly pervasive. The billion-dollar cyber crime economy is relatively under-policed. As a result, cyber criminals have become very aggressive in pushing the malware technology envelope. The latest exploits render traditional security solutions ineffective as cyber criminals capitalize on newly discovered vulnerabilities and leverage mainstream applications such as the Internet.

Continue reading the article