Sunbelt Software reports that the Bank of India's Web site has been hacked and is used to distribute an enormous amount of malware, including rootkits and trojans, to the bank visitors. "It's very destructive stuff," says Alex Eckelberry, president of security firm Sunbelt Software.

Eckelberry says some of Sunbelt's employees was doing research during the past few hours and accidentally visited the Web site and determined it was infected with at least a dozen malware programs attempting to infect any vulnerable machine used by someone visiting Bankofindia.com.

New version of popular Web security appliance now complements Trend Micro Total Web Threat Protection; extends protection from insidious Web attacks.The appliance is available in two versions, InterScan Web Security Appliance Standard and InterScan Web Security Appliance Advanced. InterScan Web Security Advanced provides customers with fully integrated, policy based URL Filtering and Applet and ActiveX Security in addition to the InterScan Web Security Standard version features.

InterScan Web Security Appliance now includes real-time Web reputation from Trend Micro, which assesses the safety of a Web page based on both behavior and content. This industry-leading reputation technology complements the powerful content scanning and URL filtering capabilities the product has had for years.

Cross Site Scripting (XSS) attacks force the user’s browser to execute malicious JavaScript code within the security context of the designated victim website.

Mozilla intends to put an end to XSS attacks in the next version of its popular Firefox 3 browser. The Alpha 7 development release includes support for a new W3C working draft specification that is intended is secure XML over HTTP requests (often referred to as XHR) which are often the culprit when it comes to XSS attacks. XHR is the backbone of Web 2.0 enabling a more dynamic web experience with remote data.

Facebook is involved into a security incident after the company admitted that some of its source code had leaked on to the web. No more security by obscurity.

The biggest change we have seen over the last three years is the rise in the web as a significant weapon in the cybercriminals’ armory. Now an indispensable business tool, the web is still a relatively unprotected route to the users’ desktops and laptops. Once infected, these compromised computers can be used to steal confidential data and trade secrets or to spam out millions of emails. The real change is the way in which users’ computers are infected

Steps have finally been taken by Microsoft to protect millions of exposed networks vulnerable to a .Net exploit that was first discovered nine months ago.During that time many customers were not only left in the dark, but left dangerously exposed by the vulnerability which was a null byte exploit.

No matter what PHP project you start, you should always code with security in mind. There alre lots of PHP security tips out there  but here is your first  Top 10 PHP Web Application Security Rules you should never break.

In Q3 of 2007, Xcerion intends to release a new, free operating system that has the potential to fundamentally alter the economics of software development.
Meet XIOS.
If successful, it may be able to alter the power Microsoft draws from control of the desktop, to beat Google at its software-as-a-service play, and to make commodity Linux boxes more doable alternatives as a computing platform for the masses.

Drive-By Pharming Attacks could be the next BIG internet threat mainly because they can carry out the malicious exploit and still get undetected . Fortunately, you can prevent it easily.

Drive-By Pharming permits attackers to create a Web page that, simply when viewed, results in critical configuration changes to your home broadband router or wireless access point. As a result, attackers gain complete control over the ways by which you surf the Web, allowing them to direct you to sites they designed.

MySpace.com begun to display some seriously odd performance on Wednesday evening PST, which was certainly caused by a hack. A Mashable reader grabbed some screenshots, which show Tom’s message on the user homepage being replaced by a “Verify Your Email Address” message with Japanese text, apparently from Ozzie (Ozzie is like Tom for MySpace Japan - very unusual to see on the US site).