Yahoo Advertising announced a new integration with Twilio Segment Customer Data Platform (CDP) to drive greater advertising reach and relevance, without relying on third-party cookies.
Google is making Google Play Protect’s security capabilities even more powerful with real-time scanning at the code-level to combat novel malicious apps. Google Play Protect will now recommend a real-time app scan when installing apps that have never been scanned before to help detect emerging threats.
LG Electronics (LG) unveiled a new brand direction and visual identity, which will shed more light on the value of Life's Good with a more dynamic and youthful look across all physical and digital customer touch points.
Microsoft introduced Microsoft 365 Copilot earlier this year, which will bring powerful new generative AI capabilities to apps millions of people use every day like Microsoft Word, Excel, PowerPoint, Outlook, Microsoft Teams and more.
Organizations in Singapore are increasing their reliance on the cloud. Nearly nine in ten organizations in the country are using cloud services, with about 70% taking a hybrid cloud approach.
Akamai Technologies, Inc. announced entering into a definitive agreement to acquire Neosec, an API detection and response platform based on data and behavioral analytics.
Microsoft has released its fourth edition of Cyber Signals, highlighting a surge in cybercriminal activity around business email compromise (BEC), the common tactics employed by BEC operators, and how enterprises can defend against these attacks.
A new study from Juniper Research forecasts that the greatest merchant losses to fraud will be via remote physical goods purchases, with losses reaching $5.1 billion across emerging markets in 2028, up from $1 billion in 2023.
HUMAN Security, Inc., a cybersecurity company that protects organizations by disrupting digital fraud and abuse, just announced the release of its 2023 Enterprise Bot Fraud Benchmark Report. The annual report provides insights into automated attack trends across enterprise use cases, including account takeover, brute forcing, carding, credential stuffing, inventory hoarding, scalping and web scraping.
F5's latest Curve of Convenience 2023 report shows data security taking a back seat with APAC consumers, with an increased willingness to save and share personal payment data on multiple platforms.
Yahoo and purpose-led ad platform Good-Loop announced a global partnership offering carbon neutral private marketplace (PMP) media opportunities to advertisers to help them become more sustainable.
Cisco unveiled the latest progress towards its vision of the Cisco Security Cloud, a unified, AI-driven, cross-domain security platform. Cisco's new XDR solution and the release of advanced features for Duo MFA will help organizations better protect the integrity of their entire IT ecosystem.
At its Experience ‘24 conference, Medallia, Inc. announced four ground-breaking innovations that will fundamentally alter the way organizations can personalize customer and employee experience
New research commissioned by IBM found that about 42% of enterprise-scale organizations (over 1,000 employees) surveyed have AI actively in use in their businesses. Early adopters are leading the way,
Zendesk, Inc. today released its annual Customer Experience(CX) Trends Report, the findings of which signal a rapid transition towards intelligent CX. In this era, the shift to AI-driven service will
IBM announced plans to expand its relationship with Amazon Web Services to help more mutual clients operationalize and derive value from generative artificial intelligence.
Yahoo Advertising announced a new integration with Twilio Segment Customer Data Platform (CDP) to drive greater advertising reach and relevance, without relying on third-party cookies.
Google and the Cyber Security Agency of Singapore (CSA) announced a strategic collaboration to bolster Singapore’s cyber resilience. This partnership covers four key pillars: threat intelligence
Web 2.0 may be a blessing to many of us, especially in online business today, and over the years we’ve been seeing more and increasingly complicated and sophisticated services built around this technology pop up. Xing, LinkedIn, Facebook, YouTube, RSS feeds and other web services have all become an everyday part of our lives.
However, there is a dark side to Web 2.0. Its greater complexity of tools and applications can be seen as a nightmare as you can imagine, a diverse group of software applications working together behind the scenes to bring us a whole slew of wonderful applications/services across the globe. Many of these websites and web services are constantly under attack but not many people actually know this.
How many of us would actually realize that websites are prone to coding imperfections and are therefore prone to hacker-exploitable vulnerabilities?
Asian eMarketing recently caught up with Anthony Lim, Rational software security director of IBM Asia Pacific, to find out why Web applications are coming under attack. According to Lim, this can happen because the IT security solutions that we are familiar with (firewalls, IPS, access control, authentication, etc) deal with IP (network) traffic and hence typically do not stop web attacks, which are http traffic. It’s because of this that hackers are having a field day as not is it only a new area for them to exploit but there are also little or practical defenses at the moment.
Lim also reiterates that at the moment, very few people are aware, understand or care about web attacks or coding vulnerabilities at all. “It’s a cultural thing,” he explains. “Half don’t know about it and the other half don’t care. Why?
Some of the popular web application exploits like parameter tampering and SQL injections can easily be prevented, and the method of preventing them is not proprietary to IBM or a secret practice. The answer is simple, and called “input validation”. This is a basic programming security practice which for some strange reason few people actually bother to include.
A most basic application vulnerability – “buffer overflow” - has been around for 25 years, yet its still happening rampantlhy. Secure-coding need-awareness was created 20 years ago, but to date not a lot of people seem to care.
Elaborating, Lim adds that basic programming security techniques like “access control” and “input validation” can eliminate 80% of standard application attacks such as SQL injection. “But again, most people don’t pay attention” he says.
Again the question is why? Lim says that it’s mainly because many people don’t know or understand these threats and therefore don’t deal with them, or due to resource constraint pressures, don’t want to deal with them. It’s like an ostrich sticking its head under the sand,” he notes.
He points to 2008’s Monster.com data leakage case. “The first thing the IT Security folks would check upon the breach discovery typically is the firewall logs and they of course would find nothing wrong. Then they’ll check the IPS logs and again nothing. Then they’ll panic …
It turned out to be a web application attack that stole a hundred thousand or more CV’s – think about all that privacy and confidential data that got compromised …
Types of Web Application attacks Two of the most common attacks are SQL injection and Cross-site scripting. There are dozens more types of web app attacks.
In SQL injection, an attacker sends a database SQL command which is executed through and by a web application, exposing the back-end database. SQL injection can occur when a web application utilizes user-supplied data without proper validation or encoding as part of a command or query. The specially-crafted user data tricks the application into executing unintended commands or changing data. It allows an attacker to create, read, update, alter or delete data stored in the back-end database. In its most common form, SQL injection enables attackers to access sensitive information like financial or transactional data and personal information like cell phone numbers and credit card numbers.
Cross-site scripting allows code injection by malicious web users into the web pages viewed by other users. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy. Vulnerabilities of this kind have been exploited to craft powerful phishing attacks as well as browser exploits. In 2007 alone, cross-site scripting on websites were roughly 80% of all documented security vulnerabilities. During a cross site scripting attack everything may look fine to the end user, but in actuality they are being subject to identity theft, unauthorized access and so on. Lim also mentions a new kind of Web-based Man-in-the-middle attacks . This case was first published at the recent OWASP APAC 2009 Conference in Australia.
At the same conference, another presentation showed how Microsoft’s new Internet Explorer 8, which is cleverly designed to include a built-in anti-cross-scripting filter, can already still be bypassed. “We’ve heard of zero-day attacks but now we’re looking at MINUS-day attacks!” he jokes.
Lim applauds Microsoft’s being both proactively defensive, and addresses a clear and present danger by including an anti-cross-site-scripting filter in IE8. What the hack demonstrates though, is the threat web application attacks pose today.”
Web application attacks, like network attacks and worms, are just even worse over time, at least until people learn to write programs defensively, predicts Lim. “Just recently there were two stories of Google vulnerabilities circulating. All of which hopefully have been fixed already. Also, there was a news report about the US FAA going down a few weeks ago and it looked like it was a web attack,” says Lim.
“The firewall today is ubiquitous, so hackers know that the network/gateway is no longer the first place to try to hack. They need to find a new entry point into your infrastructure and steal your database, and this new entry point your world-facing web application.”
He stresses that hackers attack web applications not for the sake of attacking them and it is also not the application they want but rather, they are trying to find a way into the user’s database server to of course, steal data.
Another reason why web applications are under attack, says Lim, is because of their large footprint. “Ten years ago, if you wanted to hack for example, say MediaBUZZ, you needed to do a lot of discovery to find an IP address of the correct server you want to hack into, because an IP address is just a bunch of numbers – eg. 102.11.56.149 – is this your mail server? Printer? Router? Laptop? PDA? File server? … A good deal of homework was needed therefore, in order to hack then. Today however, it’s definitely much easier. Forget IP addresses. Try Mediabuzz.com. Wrong? Mediabuzz.com.sg? Mediabuzz.net? Still wrong? Google Mediabuzz and you will get it Once you get the organization’s home page, you’ve found your starting point of attack.
Social networks have a huge target on their backs. Facebook for example was attacked no less than 3-4 times in the past year. Lim shares that there are 2 reasons why Facebook is a target. Firstly, many people unwittingly put personal and professional data on it. “Facebook is trying to become like LinkedIn – and vice versa - and unfortunately, many people think so too. This creates a gold mine, pardon the pun, for hackers to attack Facebook to mine the data,” he points out.
Secondly, Facebook does not have a professional obligation to keep users’ data safe. “They never asked us to put our personal information on it. (LinkedIn is another story). Similarly, when you go to Starbucks and use their wireless for free, you cannot expect them to have a firewall to protect your data for you. They are after all, already providing the wireless service for free. It’s the same principle for Facebook,” Lim elaborates. “Bearing all this in mind, you can just imagine all the web application attacks they are coming under and the kind of protection they need.”
So why can’t more be done? Again, it boils down to the lack of awareness of web application attacks. The issue says Lim is this: Firstly, traditional security solutions like firewalls, anti-virus and so on are all infrastructure/network solution-focused. Therefore, typically, IT security professionals are from the infrastructure network side. They usually have no knowledge, experience or interest in application development. On the other side of the ring, software application developers usually don’t know or don’t care about network infrastructure and security. “So you can imagine the big gap in the middle and why the hacker has a field day,” notes Lim.
In many organizations these two departments – security and development - and these two don’t normally talk to each other. “Again, you see the problem,” says Lim.
So how can you protect yourself from web application attacks? Lim shares, “The best and most effective way to protect against web application attacks is to ensure you have an adequately (at worst, or defensively, at best) quality-assured application. Quality assurance minimizes hacker-exploitable vulnerabilities in the application. The application must therefore defend itself.”
A professionally developed, automated security testing and remediation tool, backed by worldwide, world-class, ongoing research and development is therefore needed to help you QA your application development and correct any security-associated mistakes. “You’d better QA your web application before the hacker does it for you!” he notes.
So just why are there vulnerabilities in web applications? Lim says, ““Simply because people don’t write their programs properly. But actually, this is not a fair statement because programmers cannot be expected to have perfect knowledge or perfect diligence. Many people can write programs but few actually bear security in mind when doing so."
He elaborates that firstly, programmers don’t k now a lot about coding security. Secondly, it is very tedious process, so many do not bother and thirdly, due to pressures of budget, resources and time, coupled with today’s multi-thousand-line applications, it becomes very easy to make mistakes. “The priority is given to features and products with the best intentions of addressing security issues often remaining just that, intentions that never happen in the end.”
But it’s not all gloom and doom. Legislators have already started to become interested in web application security with the PCI (Payment Card Industry) organization being the first to do so. “It’s moving in the right direction,” observes Lim. “Online trading merchants for example who fail web application security audits are not allowed to use credit card payments until they prove that they have fixed the problem. I predict the next legislated standard will be Internet banking.
The current economic downturn (like the last two) suggests increased use of online web services to conduct business, information transfer and communications, so we can expect not only an increased need for IT security, but nowadays – an increase in web hacking activity – and so it follows, an increase in web application security.
As a parting shot, Lim adds, “ I seriously hope Facebook and Linkedin are my customers.”
Category: Apr–June 2023 - Artificial Intelligence (AI) in Marketing
HUMAN Security, Inc., a cybersecurity company that protects organizations by disrupting digital fraud and abuse, just announced the release of its 2023 Enterprise Bot Fraud Benchmark Report. The annual report provides insights into automated attack trends across enterprise use cases, including account takeover, brute forcing, carding, credential stuffing, inventory hoarding, scalping and web scraping.
Category: Apr–June 2023 - Artificial Intelligence (AI) in Marketing
Meltwater, a global leader in media intelligence and data analytics, today announced the availability of Meltwater Enterprise Intelligence Suite, a comprehensive offering that promises vital insights and transformative impact to enterprise clients.
Category: Apr–June 2023 - Artificial Intelligence (AI) in Marketing
Media placement and creative work hand in hand when it comes to effective advertising strategies. A new study by MAGNA Media Trials and Yahoo set out to understand the role that creative quality plays in ad effectiveness, and the elements that contribute to quality creative. Creative, the Performance Powerhouse found that while media placement helps marketers find consumers where they are, creative quality was responsible for 56% of purchase intent, illustrating the strong performance of both tactics as they work together. The study suggests that marketers can greatly benefit from making small improvements to their creative in order to optimize ad performance, while also driving brand quality and trust.
Category: Apr–June 2023 - Artificial Intelligence (AI) in Marketing
F5's latest Curve of Convenience 2023 report shows data security taking a back seat with APAC consumers, with an increased willingness to save and share personal payment data on multiple platforms.
MediaBUZZ is the first ‘pure’ digital publisher in the region, making an impact in Asia Pacific since 2004. Designed to empower marketers in the vibrant, ever-changing electronic marketing environment, its publication Asian eMarketing covers the digital age and zooms in on the most valuable and indispensable tools of today’s marketers. Circulated weekly to more than 60,000 top management and marketing decision-makers, the useful and informative articles support e-marketers in finding a sound marketing strategy, vital for their growing business success.