SQL Injection News, Articles and Updates
Long lag times between detection and resolution and reliance on traditional methods impair an organization's ability to combat SQL injection attacks.
Seeker from Quotium takes a somewhat different approach to application security from most similar products.
Applications provide the path to an organization's coveted assets. And even if they're not public-facing, they still can be a ripe target. We talk to Marcus Prendergast, CSO of ITG, for this month's cover story.
Authorities believe Raynaldo Rivera joined previously accused Cody Kretsinger in compromising SonyPictures.com to steal personal information on about a million people.
Traditional approaches to security breaches on the Internet will no longer work. A multi-vector attack requires a multi-vector security strategy.
PayPal has joined the likes of Google and Facebook by announcing Thursday that it will begin paying researchers who discover vulnerabilities on its website.
An examination of the evolution from the 2010 and 2011 campaign operations provides some hints about what IT vendors might expect from hacktivists in 2012.
Google has significantly increased its finder's fee for vulnerability researchers.
An accused member of the hacktivist group LulzSec pleaded guilty Thursday in federal court in Los Angeles to charges of hacking into the systems of Sony Pictures Entertainment, according to reports.
The FTC seemed most upset with RockYou's failure to protect the personal information of 179,000 children who registered to use the site.
Traditionally known for defacing websites and knocking them offline, so-called hacktivists stepped up their game last year and were responsible for a majority of data stolen in breaches, according to an annual study from Verizon.
Online hackers have compromised two adult websites, including the very popular YouPorn, in recent weeks, apparently to highlight weak security.
Based on a Google search of a malicious SQL string being used, more than 4,000 websites have been infected in less than 24 hours.
Recognizing their code bases contain weaknesses and are prime targets for attackers, software companies such as Facebook are beginning to view the research community as more friend than foe.
Another mass SQL injection attack, similar to "Liza Moon" from earlier this year, is impacting more than a million websites.
A purported member of the hacktivist group LulzSec pleaded innocent Monday in federal court in Los Angeles to charges of hacking into the systems of Sony Pictures Entertainment. Cody Kretsinger, a.k.a. "recursion," 23, of Arizona is facing one count each of conspiracy and unauthorized impairment of a protected computer. He faces a maximum sentence of 15 years in prison. He is accused of participating in a weeklong SQL injection attack, ending in early June, on the Sony Pictures site. The compromise resulted in the theft of data belonging to roughly one million users, some of which was publicly posted.
Much of the surge can be blamed on SQL injection and the use of exploit toolkits, according to researchers at Dell SecureWorks.
Despite arrests earlier this week, two hacking groups said they are in possession of multiple gigabytes of sensitive information belonging to NATO and two Rupert Murdoch-owned newspapers.
The personal information belonging to thousands of Lady Gaga fans was stolen after hackers breached the singer's U.K. website.
Software buyers may soon have access to more secure offerings, thanks to a new scoring system that will allow end-users to demand more assurance.
Security professionals should find little comfort in the announcement over the weekend that LulzSec was folding up shop following an unprecedented, two-month-long hacking spree that left a trail of disruption and embarrassment across multiple industries.
With ready-made exploit kits and classes of vulnerabilities that date back to the 1990s at their disposal, hacker groups are finding easy pickings.
A fresh attack against Sony has yielded the personal information of more than one million users of SonyPictures.com, according to a hacktivist group.
SQL injection vulnerabilities first appeared in the 1990s, yet massive breaches in recent years prove the problem still remains a thorn in the side of security experts.
A new report from Veracode paints a grim picture of the security built into application software.
The latest cyberattacks aimed at high-profile security firms underscore that any company, even those that do security for a living, can be compromised.
Hackers revealed Monday that they exploited an SQL injection vulnerability on the website of Barracuda Networks to steal the names and contact information of partners, end-users and Barracuda employees.
At least 380,000 web pages have been infected via SQL injection to serve rogue anti-virus programs, known as scareware, security firm Websense reported Thursday. The sites were injected with code that directs victims to a website called Liza Moon, which automatically redirects users to a notorious site serving fake anti-virus. Both domains currently are down, according to Websense. This latest round appears to be targeting iTunes URLs that are used to update podcasts. This is one of the largest mass SQL injection attacks that Websense has detected since that style of attack became popular in 2008 and 2009.
Hackers over the weekend compromised Oracle's MySQL.com customer website via SQL injection and posted a list of usernames and passwords online.
eHarmony has confirmed that a hacker recently gained access to a file containing user information, weeks after another popular dating site was compromised.
SC Magazine Articles
- USAA members hit with multiple phishing attacks
- Industry pros react to Cisco, Fortinet advisories after possible Snowden NSA leak
- Trust exercise: Symantec's new website security expert is reaching out to hacker community
- U.S. government extends offer to protect states from electoral cyberthreats
- Two-thirds of IT security pros surveyed expect a breach to hit their company, report
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- CEO sacked after aircraft company grounded by whaling attack
- Microsoft warns of new, self-propagating ransomware in the wild
- Wendy's POS breach 'considerably' bigger than first thought