SQL Injection

Report: SQL injection a pervasive threat, behavioral analysis needed

Report: SQL injection a pervasive threat, behavioral analysis needed

By

Long lag times between detection and resolution and reliance on traditional methods impair an organization's ability to combat SQL injection attacks.

First Look: Seeking application security

First Look: Seeking application security

By

Seeker from Quotium takes a somewhat different approach to application security from most similar products.

Prime pickings: Application security

Prime pickings: Application security

By

Applications provide the path to an organization's coveted assets. And even if they're not public-facing, they still can be a ripe target. We talk to Marcus Prendergast, CSO of ITG, for this month's cover story.

Purported LulzSec member charged in Sony Pictures hack

By

Authorities believe Raynaldo Rivera joined previously accused Cody Kretsinger in compromising SonyPictures.com to steal personal information on about a million people.

Anatomy of an Attack

Anatomy of an Attack

Traditional approaches to security breaches on the Internet will no longer work. A multi-vector attack requires a multi-vector security strategy.

PayPal to offer payment for finding security bugs

By

PayPal has joined the likes of Google and Facebook by announcing Thursday that it will begin paying researchers who discover vulnerabilities on its website.

What we learned from Anonymous/AntiSec

What we learned from Anonymous/AntiSec

An examination of the evolution from the 2010 and 2011 campaign operations provides some hints about what IT vendors might expect from hacktivists in 2012.

Google to offer up to 20K prize for bug finds

By

Google has significantly increased its finder's fee for vulnerability researchers.

LulzSec hacker reverses guilty plea for Sony Pictures attack

By

An accused member of the hacktivist group LulzSec pleaded guilty Thursday in federal court in Los Angeles to charges of hacking into the systems of Sony Pictures Entertainment, according to reports.

RockYou to pay FTC $250K after breach of 32M passwords

By

The FTC seemed most upset with RockYou's failure to protect the personal information of 179,000 children who registered to use the site.

Verizon: Hacktivists reigned supreme in 2011

By

Traditionally known for defacing websites and knocking them offline, so-called hacktivists stepped up their game last year and were responsible for a majority of data stolen in breaches, according to an annual study from Verizon.

Porn site Digital Playground hacked to expose card numbers

By

Online hackers have compromised two adult websites, including the very popular YouPorn, in recent weeks, apparently to highlight weak security.

New mass SQL injection attack could be forming

By

Based on a Google search of a malicious SQL string being used, more than 4,000 websites have been infected in less than 24 hours.

The bug hunt

The bug hunt

By

Recognizing their code bases contain weaknesses and are prime targets for attackers, software companies such as Facebook are beginning to view the research community as more friend than foe.

ASP.NET attacks growing in reach

Another mass SQL injection attack, similar to "Liza Moon" from earlier this year, is impacting more than a million websites.

Accused LulzSec hacker pleads innocent to Sony attack

By

A purported member of the hacktivist group LulzSec pleaded innocent Monday in federal court in Los Angeles to charges of hacking into the systems of Sony Pictures Entertainment. Cody Kretsinger, a.k.a. "recursion," 23, of Arizona is facing one count each of conspiracy and unauthorized impairment of a protected computer. He faces a maximum sentence of 15 years in prison. He is accused of participating in a weeklong SQL injection attack, ending in early June, on the Sony Pictures site. The compromise resulted in the theft of data belonging to roughly one million users, some of which was publicly posted.

Hacker attacks against retailers up 43 percent

By

Much of the surge can be blamed on SQL injection and the use of exploit toolkits, according to researchers at Dell SecureWorks.

Anonymous, LulzSec flex muscles after FBI takedowns

By

Despite arrests earlier this week, two hacking groups said they are in possession of multiple gigabytes of sensitive information belonging to NATO and two Rupert Murdoch-owned newspapers.

Lady Gaga website hacked to expose users' data

By

The personal information belonging to thousands of Lady Gaga fans was stolen after hackers breached the singer's U.K. website.

DHS unveils new programs for software security

By

Software buyers may soon have access to more secure offerings, thanks to a new scoring system that will allow end-users to demand more assurance.

LulzSec sailing off will not curb number of breaches

By

Security professionals should find little comfort in the announcement over the weekend that LulzSec was folding up shop following an unprecedented, two-month-long hacking spree that left a trail of disruption and embarrassment across multiple industries.

SC Congress Canada: Gain visibility to limit the damage

By

With ready-made exploit kits and classes of vulnerabilities that date back to the 1990s at their disposal, hacker groups are finding easy pickings.

Hacker group raids Sony Pictures in latest breach

By

A fresh attack against Sony has yielded the personal information of more than one million users of SonyPictures.com, according to a hacktivist group.

Why do SQL injection attacks continue to succeed?

Why do SQL injection attacks continue to succeed?

SQL injection vulnerabilities first appeared in the 1990s, yet massive breaches in recent years prove the problem still remains a thorn in the side of security experts.

New report finds most applications don't pass security tests

By

A new report from Veracode paints a grim picture of the security built into application software.

Barracuda hack highlights importance of defense-in-depth

By

The latest cyberattacks aimed at high-profile security firms underscore that any company, even those that do security for a living, can be compromised.

Hackers disclose SQL injection of Barracuda website

By

Hackers revealed Monday that they exploited an SQL injection vulnerability on the website of Barracuda Networks to steal the names and contact information of partners, end-users and Barracuda employees.

Security firm tracks mass SQL injection attack

By

At least 380,000 web pages have been infected via SQL injection to serve rogue anti-virus programs, known as scareware, security firm Websense reported Thursday. The sites were injected with code that directs victims to a website called Liza Moon, which automatically redirects users to a notorious site serving fake anti-virus. Both domains currently are down, according to Websense. This latest round appears to be targeting iTunes URLs that are used to update podcasts. This is one of the largest mass SQL injection attacks that Websense has detected since that style of attack became popular in 2008 and 2009.

Oracle's MySQL.com hacked via SQL injection

By

Hackers over the weekend compromised Oracle's MySQL.com customer website via SQL injection and posted a list of usernames and passwords online.

eHarmony advice site hacked to expose user information

By

eHarmony has confirmed that a hacker recently gained access to a file containing user information, weeks after another popular dating site was compromised.

Sign up to our newsletters

POLL