Southern writes:  

This page provides information about identifying, removing, and preventing badware on your website. It does not cover every situation, only the most common cases that we see at StopBadware. Some cases may require further assistance from security professional. You may also find additional information and volunteer assistance in our online community. We provide this advice as-is and cannot guarantee the results of following it. Like you, we do the best we can.

More: StopBadware

Southern writes:  

Several high-profile hacks over the past year including those at Heartland, Hannaford Bros., and 7-11, all have had one thing in common: they were launched with a SQL injection attack.

Cross-site scripting (XSS) had been the king of Web attack techniques for some time, and for good reason -- the ability to steal user credentials, hijack active Web sessions and take action on behalf of a user without their knowledge is particularly nasty. But the classic SQL injection attack has regained the lead as the most popular of Web attacks. Most of all reported Web breaches the first half of this year, according to the new Web Hacking Incidents Database (WHID) report, were conducted via SQL injection. And SQL injection is one of the most common vulnerabilities in Web applications today.

SQL injection attacks take advantage of an application not validating input (like on Twitter and Facebook), or input into a form, such as a site search. The user's input is then incorrectly executed by the backend database server and can have a myriad of results. The simplest example is entering a single quote (') into a search field or login form, and receiving an error message that the SQL query failed.

The attack basically lets the bad guy take an ordinary input field and abuse it in ways that allows him to bypass authentication into the Website, manipulate the database to disclose large amounts of data, or access and control the database server itself.

More: Dark Reading

SECUNIA ADVISORY ID: SA40479

VERIFY ADVISORY: Secunia.com: http://secunia.com/advisories/40479/

RELEASE DATE: 2010-07-06

CRITICAL: Highly Critical!

DESCRIPTION: Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can potentially be exploited by malicious people to compromise a vulnerable system.  Read More...

SECUNIA ADVISORY ID: SA40355

VERIFY ADVISORY: http://secunia.com/advisories/40355/

RELEASE DATE: 2010-07-01

DISCUSS ADVISORY: http://secunia.com/advisories/40355/#comments

DESCRIPTION: A vulnerability has been reported in TortoiseSVN, which can be exploited by malicious people to conduct spoofing attacks. The vulnerability is caused due to the use of a vulnerable version of the neon library.

For more information: SA36371. Note: This also fixes a Denial of Service when processing certain XML entities.  Read More...

nb1 writes:  

Internet Explorer 9 and Firefox 4 will support it, and Microsoft recently touted its advantages. But the upcoming version of HTML, which builds rich Internet application features into the Web programming language and shifts more Web functions to the client machine, also could open up new Web attack vectors.
Read the full article

SECUNIA ADVISORY ID: SA39792

VERIFY ADVISORY: http://secunia.com/advisories/39792/

DESCRIPTION: Some vulnerabilities have been reported in MySQL, which can be exploited by malicious users to bypass certain security restrictions or potentially compromise a vulnerable system and by malicious people to cause a DoS (Denial of Service). Successful exploitation of this vulnerability may allow execution of arbitrary code. The vulnerabilities are reported in versions prior to 5.1.47.
 Read More...