Long lag times between detection and resolution and reliance on traditional methods impair an organization's ability to combat SQL injection attacks.
Seeker from Quotium takes a somewhat different approach to application security from most similar products.
Applications provide the path to an organization's coveted assets. And even if they're not public-facing, they still can be a ripe target. We talk to Marcus Prendergast, CSO of ITG, for this month's cover story.
Authorities believe Raynaldo Rivera joined previously accused Cody Kretsinger in compromising SonyPictures.com to steal personal information on about a million people.
Traditional approaches to security breaches on the Internet will no longer work. A multi-vector attack requires a multi-vector security strategy.
PayPal has joined the likes of Google and Facebook by announcing Thursday that it will begin paying researchers who discover vulnerabilities on its website.
An examination of the evolution from the 2010 and 2011 campaign operations provides some hints about what IT vendors might expect from hacktivists in 2012.
Google has significantly increased its finder's fee for vulnerability researchers.
An accused member of the hacktivist group LulzSec pleaded guilty Thursday in federal court in Los Angeles to charges of hacking into the systems of Sony Pictures Entertainment, according to reports.
The FTC seemed most upset with RockYou's failure to protect the personal information of 179,000 children who registered to use the site.
Traditionally known for defacing websites and knocking them offline, so-called hacktivists stepped up their game last year and were responsible for a majority of data stolen in breaches, according to an annual study from Verizon.
Online hackers have compromised two adult websites, including the very popular YouPorn, in recent weeks, apparently to highlight weak security.
Based on a Google search of a malicious SQL string being used, more than 4,000 websites have been infected in less than 24 hours.
Recognizing their code bases contain weaknesses and are prime targets for attackers, software companies such as Facebook are beginning to view the research community as more friend than foe.
Another mass SQL injection attack, similar to "Liza Moon" from earlier this year, is impacting more than a million websites.
A purported member of the hacktivist group LulzSec pleaded innocent Monday in federal court in Los Angeles to charges of hacking into the systems of Sony Pictures Entertainment. Cody Kretsinger, a.k.a. "recursion," 23, of Arizona is facing one count each of conspiracy and unauthorized impairment of a protected computer. He faces a maximum sentence of 15 years in prison. He is accused of participating in a weeklong SQL injection attack, ending in early June, on the Sony Pictures site. The compromise resulted in the theft of data belonging to roughly one million users, some of which was publicly posted.
Much of the surge can be blamed on SQL injection and the use of exploit toolkits, according to researchers at Dell SecureWorks.
Despite arrests earlier this week, two hacking groups said they are in possession of multiple gigabytes of sensitive information belonging to NATO and two Rupert Murdoch-owned newspapers.
The personal information belonging to thousands of Lady Gaga fans was stolen after hackers breached the singer's U.K. website.
Software buyers may soon have access to more secure offerings, thanks to a new scoring system that will allow end-users to demand more assurance.
Security professionals should find little comfort in the announcement over the weekend that LulzSec was folding up shop following an unprecedented, two-month-long hacking spree that left a trail of disruption and embarrassment across multiple industries.
With ready-made exploit kits and classes of vulnerabilities that date back to the 1990s at their disposal, hacker groups are finding easy pickings.
A fresh attack against Sony has yielded the personal information of more than one million users of SonyPictures.com, according to a hacktivist group.
SQL injection vulnerabilities first appeared in the 1990s, yet massive breaches in recent years prove the problem still remains a thorn in the side of security experts.
A new report from Veracode paints a grim picture of the security built into application software.
The latest cyberattacks aimed at high-profile security firms underscore that any company, even those that do security for a living, can be compromised.
Hackers revealed Monday that they exploited an SQL injection vulnerability on the website of Barracuda Networks to steal the names and contact information of partners, end-users and Barracuda employees.
At least 380,000 web pages have been infected via SQL injection to serve rogue anti-virus programs, known as scareware, security firm Websense reported Thursday. The sites were injected with code that directs victims to a website called Liza Moon, which automatically redirects users to a notorious site serving fake anti-virus. Both domains currently are down, according to Websense. This latest round appears to be targeting iTunes URLs that are used to update podcasts. This is one of the largest mass SQL injection attacks that Websense has detected since that style of attack became popular in 2008 and 2009.
Hackers over the weekend compromised Oracle's MySQL.com customer website via SQL injection and posted a list of usernames and passwords online.
eHarmony has confirmed that a hacker recently gained access to a file containing user information, weeks after another popular dating site was compromised.
Sign up to our newsletters
SC Magazine Articles
- State breakdowns: Anthem breach by the numbers
- Malware on Lime Crime website, payment cards compromised
- Florida law enforcement docs show widespread stingray use, secrecy
- Botnet of Joomla servers furthers DDoS-for-hire scheme
- Bug in popular WordPress plugin opens up websites to SQL injection attacks
- State breakdowns: Anthem breach by the numbers
- Carbanak APT campaign made off with $1B from banks globally
- BMW issues security patch for bug allowing attackers physical access into vehicles
- NIST requests final comments on ICS security guide
- Disconnect yawns between CISOs, exec leadership, study says
- Natural Grocers investigating unauthorized access to POS systems
- Proposed Consumer Privacy Bill of Rights Act doesn't go far enough, critics say
- Data at risk for about 50,000 current and former Uber drivers
- North Carolina credit union notification says laptop containing data missing
- Skills in demand: Application security engineers