Finjan Reports FindingsFinjan Reports Findings
Finjan announced its findings on the latest web security trends as uncovered by its Malicious Code Research Center (MCRC)
October 11, 2006
SAN JOSE, Calif. -- Finjan Inc., the global provider of best-of-breed proactive web security solutions for businesses and organizations, today announced its findings on the latest web security trends as uncovered by its Malicious Code Research Center (MCRC). In its Web Security Trends Report (Q3 2006), Finjan presents new findings related to malicious code found on storage and caching servers, as well as insights into trends related to sophisticated new threats that target Web 2.0 platforms and technologies. The report also includes a follow-up story showing additional examples of "vulnerabilities for sale," as exposed in Finjan's previous Web Security Trends Report, released in July, which focused on the commercialization of malicious code and a widening black market.
Malicious Code in Cached Web Pages Served by Storage and Caching Servers The new report details Finjan's discovery of malicious content residing in cached web pages on storage and caching servers, such as those used by ISPs, enterprises and leading search engines. "This malicious code can be referenced by third-party web pages and can be used to exploit an The report presents several instances of malicious code found by Finjan security researchers on public storage and caching servers. "This is more than just a theoretical danger," Ben-Itzhak said. "Owing to this exploit, it is possible that storage and caching servers could unintentionally become the largest 'legitimate' storage venue for malicious code. Such 'infection-by-proxy' introduces new risks for businesses and consumers."
About the Author(s)
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023