-
Hackers exploit Ruby on Rails vulnerability to compromise servers, create botnet
Hackers are actively exploiting a critical vulnerability in the Ruby on Rails Web application development framework in order to compromise Web servers and create a botnet.
-
Highly critical vulnerability fixed in Nginx Web server software
The development team behind the popular Nginx open-source Web server software released security updates on Tuesday to address a highly critical vulnerability that could be exploited by remote attackers to execute arbitrary code on susceptible servers.
-
Web server hackers install rogue Apache modules and SSH backdoors, researchers say
A group of hackers that are infecting Web servers with rogue Apache modules are also backdooring their Secure Shell (SSH) services in order to steal login credentials from administrators and users.
-
Top 10 tech stories of 2012: a busted IPO, spotlight on workers, titans in transition
Change in any industry involves conflict. Evolution and revolution in tech this year took place not only in the marketplace but also in the courtroom, the factory, and on the Web. Here are the top news stories of 2012 as selected by the editors of the IDG News Service.
-
Unprotected Apache server status pages put popular websites at risk
Many Apache Web servers, including those hosting some popular websites, expose information about the internal structure of the sites they host, the IP (Internet Protocol) addresses of their visitors, the resources users access and other potentially sensitive details because their status pages are left unprotected.
Get exclusive access to CSO, invitation only events, reports & analysis. 
Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).
- Have an incident response plan.
- Pre-define your incident response team
- Define your approach: watch and learn or contain and recover.
- Pre-distribute call cards.
- Forensic and incident response data capture.
- Get your users on-side.
- Know how to report crimes and engage law enforcement.
- Practice makes perfect.
Warning: Tips for secure mobile holiday shopping
I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.
