Drive-By Pharming Attacks could be the next BIG internet threat mainly because they can carry out the malicious exploit and still get undetected . Fortunately, you can prevent it easily.

Drive-By Pharming permits attackers to create a Web page that, simply when viewed, results in critical configuration changes to your home broadband router or wireless access point. As a result, attackers gain complete control over the ways by which you surf the Web, allowing them to direct you to sites they designed.

MySpace.com begun to display some seriously odd performance on Wednesday evening PST, which was certainly caused by a hack. A Mashable reader grabbed some screenshots, which show Tom’s message on the user homepage being replaced by a “Verify Your Email Address” message with Japanese text, apparently from Ozzie (Ozzie is like Tom for MySpace Japan - very unusual to see on the US site).

The "Q406 Roll-up" is a security pain because the exploits are heavily encrypted, say experts.A multi-exploit tool was accountable for nearly three-fourths of all Web-based attacks during December, a security company said Tuesday.

There are reports of a major problem concerning Adobe Acrobat files and Cross Site Scripting (XSS). A flaw was revealed in the way that the Adobe Reader browser plugin can be made to execute JavaScript code on the client side.This development is significant for a number of reasons:

Websense, Inc., a global leader in Web security and Web filtering software, released the results of its first European study of online Christmas shopping behaviour. The analysis found that whilst 75% of online Christmas shoppers were not totally certain about being able to identify a secure Website, only one in four considered keeping their credit card and online banking information safe and secure as their greatest concern.

AttackAPI provides simple and intuitive web programmable interface for composing attack vectors with JavaScript and other client and server related technologies. This is the 2.x branch which among other improvements introduces better interaction with the attack subroutines.

Please join us this week for an informative FREE SANS Webcast that you won't want to miss!

You can now download or subscribe to the SANS webcast calendar at:
http://www.sans.org/webcasts/calendar.ics

The Department of Veterans Affairs has awarded information technology solutions provider Merlin International and Watchfire, a provider of Web application vulnerability software, a multimillion-dollar award to build and maintain a Web application security system that will reduce security breach risks at the VA.

Application Security, Inc. today announced Oracle on Linux support in AppRadar -- the industry's most complete database activity monitoring and security auditing solution. AppSecInc made the announcement in conjunction with Oracle OpenWorld, taking place this week at the Moscone Center in San Francisco.

IronPort® Systems Inc., the leading Internet gateway security provider, and Webroot Software, Inc., the leading provider of anti-spyware software for the consumer, enterprise and SME markets, today announced a partnership to stop spyware at the corporate perimeter.

IronPort is using the Webroot RockSafe E1000 SDK in IronPort's new S-Series Web Security Appliances. The IronPort S-Series Web Security Appliance combines a high performance web proxy for application layer analysis with a wire-speed Layer 4 Traffic Monitor, yielding the fastest and most comprehensive protection in the industry.