Blog Posts Tagged with "SQl Injection"
It's Not the Spam Email But What Lies Behind Them
March 15, 2012 Added by:Alan Woodward
The fact that such large proportion of home machines host unknown malware hides a bigger threat. By hijacking so many PCs it is possible to mount a massive probing operation that can seek out high value targets that are susceptible to classic hacking attacks...
Comments (0)
Examining the Top Ten Database Threats
March 14, 2012 Added by:PCI Guru
Most attacks are perpetrated inside the perimeter, so protection from an inside attack is important. Once an attacker is on the inside, it is easy to use SQL injection or other techniques to obtain data. Organizations are just beginning to understand the insider threat...
Comments (0)
ICS-CERT: Advantech Webaccess Multiple Vulnerabilities
February 17, 2012 Added by:Headlines
ICS-CERT received reports of eighteen vulnerabilities in BroadWin WebAccess. These vulnerabilities include Cross-site scripting (XSS), SQL injection, Cross-site report forgery (CSRF)and Authentication issues. Public exploits are known to target these vulnerabilities...
Comments (0)
The Truth Behind Data Breaches
February 16, 2012 Added by:Neira Jones
SQLi was the number one attack vector found in both the Web Hacking Incident Database and the number one Web-based method of entry in incident response investigations. SQL injections were the number one Web application risk of 2011...
Comments (7)
Disclosures: How Much Sharing is Too Much?
February 15, 2012 Added by:Jack Daniel
What is the point of telling you I was compromised by spear phishing, SQL injection, cross site scripting, cross site request forgery, default credentials, or anything else we’ve know about for years? If you are ignoring all of the well-known risks, it is a waste of time...
Comments (0)
The Valley of Death Between IT and Security
February 03, 2012 Added by:Danny Lieberman
Truly – the essence of security is protecting the people who use a company’s products and services. What utility is there in running 24×7 systems that leak 4 million credit cards or developing embedded medical devices that may kill patients?
Comments (0)
It's Time to Evolve How We Protect Our Data
January 24, 2012 Added by:Josh Shaul
Advanced systems for protecting databases have been available for several years now, and have become mature and reliable technology. Databases can be locked down with secure configurations, strong access controls, and effective patch management strategies...
Comments (0)
2012 Has Delivered Her First Giant Data Breach
January 17, 2012 Added by:Josh Shaul
We consumers need to pressure business to change their practices and protect our information. By asking questions, we’ll force organizations to recognize the importance of effective security, and to either do it properly or lose customers to a competitor who will...
Comments (0)
Lilupophilupop SQLi Attack: One Million URLs Infected
January 05, 2012 Added by:Headlines
"When I first came upon the attack there were about 80 pages infected according to Google searches. Today, well as the title suggests we top a million, about 1,070,000 in fact - there will be duplicate URLs that show up in the searches. Still working on a discrete domain list for this..."
Comments (1)
Want Rapid Feedback? Try a Web Application Security Scan
December 27, 2011 Added by:Brent Huston
While this service finds a number of issues and potential holes, we caution against using it in place of a full application assessment or penetration test if the web application in question processes critical or highly sensitive information...
Comments (0)
Don't Fall Victim to Poor Network Segmentation
December 13, 2011 Added by:f8lerror
If an attacker compromises the DMZ, it is important to stop them there. Firewalls and segmentation is the key to this. Should a user have unlimited access to the internal network from a Citrix server or VPN? Or be able to connect to file shares, internal web applications, and databases?
Comments (0)
Top Ten HTML5 Attack Vectors
December 09, 2011 Added by:Headlines
"HTML 5 applications use DOM extensively and dynamically change content via XHR calls. DOM manipulation is done by several different DOM-based calls and poor implementation allows DOM-based injections. These injections can lead to a set of possible attacks and exploits..."
Comments (0)
Keeping Privileged Users Under Control in Oracle Database
October 03, 2011 Added by:Esteban Martinez Fayo
SYSDBA privilege has unlimited access to all data and can make any configuration change. With DatabaseVault installed, it is possible to restrict SYSDBA users from accessing certain data but the protection is not complete. There are ways to bypass the defenses and compromise the data...
Comments (1)
LulzSec Member Indicted for Sony Systems Hack
September 27, 2011 Added by:Headlines
The indictment alleges that Kretsinger and other coconspirators obtained confidential information from Sony Pictures’ computer systems using an “SQL injection” attack against its website, a technique commonly used by hackers to exploit vulnerabilities and steal information...
Comments (0)
Full Frontal: Is it OK to Expose Weaknesses?
September 18, 2011 Added by:David Martinez
While it might be interesting and a bit exciting finding vulnerabilities in systems, keep in mind that reporting them to the appropriate people might be more hassle then it’s worth, especially when your doing it pro bono, as I discovered...
Comments (0)
Anonymous Defaces BART Site - Posts User Data
August 15, 2011 Added by:Headlines
Hacktivist group Anonymous has hacked into myBART.org website belonging to San Francisco’s BART system. The attack was an SQL injection which was able to extract more than 2,000 records containing names, usernames, passwords (plain text), emails, phone numbers, addresses and zip codes...
Comments (0)
- If You Don’t Have Visibility, You Don’t Have Security
- Ransomware: Why Hackers Have Taken Aim at City Governments
- 5 Limitations of Network-Centric Security in the Cloud
- 1 Million South Korean Credit Card Records Found Online
- Top Three Cross-Site Scripting Attacks You Need to Know Now
- Arkose Labs Launches Private Bug Bounty Program
- Eight Steps to Migrate Your SIEM
- What Call Center Fraud Can Teach Us about Insider Threats
- Best Practices for Remote Workers’ Endpoint Security
- Cisco Patches Critical Flaw in Vision Dynamic Signage Director