Organizations must conduct regular security evaluation to mitigate website vulnerabilities.
(prHWY.com) May 13, 2011 - Albuquerque, NM -- Recently, the website of Pravda (The Truth), a major Russian newspaper suffered security breach. Cybercriminals allegedly inserted malicious scripts on the site. The malicious scripts are designed to compromise vulnerable computer systems. Security researchers at F-Secure have detected that the webpage surreptitiously load malicious scripts to exploit Java vulnerabilities and installs malware in a user's computer. Usually, cybercriminals alter the home page of the site, leave a message or insert pictures. However, in case of stealth attacks such as the one on Pravda website, the attackers make silent alterations on the site to remain undetected to infect computer systems of large number of visitors. Websites continue to be the favorite target of cybercriminals. Attackers attempt to take advantage of the traffic generated by the websites. Recently, some webpages of NASA, Stanford University and some other American Universities were reportedly rigged by cybercriminals to sell fake software. Attackers allegedly used search engine poisoning to exploit the traffic generated to NASA website before the upcoming launch of the Space Shuttle Endeavor.
Attackers may gain remote access to the compromised computers by executing malicious code. They may modify, delete or extract sensitive data from the affected systems. Attackers may also use compromised computers to launch spam campaigns. They may also use the systems to launch simultaneous attacks on a target web resource. Internet users must avoid visiting reported forged sites, adhere to the warnings from the vendors and Internet security firms. They must install and regularly update security software to safeguard their systems. They may also adjust the browser settings to avoid automatic execution of malicious scripts. Internet users must use genuine software applications and constantly update their browsers.
Attackers constantly scan websites to exploit vulnerabilities. Cybercriminals may not only target Internet users, but also attempt to gain unauthorized access to the databases associated with the webpages. The extract information could be misused for fraudulent purposes. For instance, attackers target University websites to steal personally identifiable information related to students, faculty members and employees such as names, mailing addresses, e-mail address, contact numbers, course details, enrolment numbers, provident fund details and social security numbers. The stolen information could be misused for applying fake student loans, claim fraudulent tax refunds, redirect mail, identity theft and other fraudulent activities. Websites are susceptible to SQL injection, Cross-site scripting and other forms of attacks. Regular in-depth evaluation through professionals qualified in
IT masters degree and penetration testing may help organizations in weeding out security flaws. Organizations may also benefit from the services of Internet security firms to understand weaknesses and initiate mitigating measures. Hiring employees qualified in
online computer degree programs may help in safe online computing practices and adherence to security policies of the organization.
Internet security professionals must constantly upgrade their skills to deal with the vibrant challenges in the cyberspace.Online technology degree programs may help professionals in understanding latest threats and security mechanisms. Proactive approach is crucial to strengthen the defenses of the IT infrastructure and improve the IT security environment.
Contact Press
EC-Council
Website: http://www.eccuni.us
Email: iclass@eccouncil.org
Tel: 505-341-3228
EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.
EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.
EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.
###