SQL Injection

New mass SQL injection attack could be forming

December 02, 2011

Based on a Google search of a malicious SQL string being used, more than 4,000 websites have been infected in less than 24 hours.
 

The bug hunt

November 01, 2011

Recognizing their code bases contain weaknesses and are prime targets for attackers, software companies such as Facebook are beginning to view the research community as more friend than foe.
 

ASP.NET attacks growing in reach

Darren Pauli, editor, SC Magazine, Australia/New Zealand edition October 20, 2011

Another mass SQL injection attack, similar to "Liza Moon" from earlier this year, is impacting more than a million websites.
 

Accused LulzSec hacker pleads innocent to Sony attack

October 18, 2011

A purported member of the hacktivist group LulzSec pleaded innocent Monday in federal court in Los Angeles to charges of hacking into the systems of Sony Pictures Entertainment. Cody Kretsinger, a.k.a. "recursion," 23, of Arizona is facing one count each of conspiracy and unauthorized impairment of a protected computer. He faces a maximum sentence of 15 years in prison. He is accused of participating in a weeklong SQL injection attack, ending in early June, on the Sony Pictures site. The compromise resulted in the theft of data belonging to roughly one million users, some of which was publicly posted.
 

Hacker attacks against retailers up 43 percent

October 12, 2011

Much of the surge can be blamed on SQL injection and the use of exploit toolkits, according to researchers at Dell SecureWorks.
 

Anonymous protests BART by way of web and street

August 15, 2011

Anonymous didn't have to hack into anything to cause service disruptions on Monday night.
 

Anonymous, LulzSec flex muscles after FBI takedowns

July 21, 2011

Despite arrests earlier this week, two hacking groups said they are in possession of multiple gigabytes of sensitive information belonging to NATO and two Rupert Murdoch-owned newspapers.
 

Lady Gaga website hacked to expose users' data

July 18, 2011

The personal information belonging to thousands of Lady Gaga fans was stolen after hackers breached the singer's U.K. website.
 

DHS unveils new programs for software security

June 27, 2011

Software buyers may soon have access to more secure offerings, thanks to a new scoring system that will allow end-users to demand more assurance.
 

LulzSec sailing off will not curb number of breaches

June 27, 2011

Security professionals should find little comfort in the announcement over the weekend that LulzSec was folding up shop following an unprecedented, two-month-long hacking spree that left a trail of disruption and embarrassment across multiple industries.
 

SC Congress Canada: Gain visibility to limit the damage

June 14, 2011

With ready-made exploit kits and classes of vulnerabilities that date back to the 1990s at their disposal, hacker groups are finding easy pickings.
 

Hacker group raids Sony Pictures in latest breach

June 02, 2011

A fresh attack against Sony has yielded the personal information of more than one million users of SonyPictures.com, according to a hacktivist group.
 

Why do SQL injection attacks continue to succeed?

Josh Shaul, chief technology officer, Application Security May 24, 2011

SQL injection vulnerabilities first appeared in the 1990s, yet massive breaches in recent years prove the problem still remains a thorn in the side of security experts.
 

Hacker pleads after busted with 675K stolen cards

April 22, 2011

A Georgia man has pleaded guilty after authorities found him in possession of more than 675,000 credit card numbers, some of which he obtained by hacking into business networks.
 

New report finds most applications don't pass security tests

April 20, 2011

A new report from Veracode paints a grim picture of the security built into application software.
 

Barracuda hack highlights importance of defense-in-depth

April 14, 2011

The latest cyberattacks aimed at high-profile security firms underscore that any company, even those that do security for a living, can be compromised.
 

Hackers disclose SQL injection of Barracuda website

April 11, 2011

Hackers revealed Monday that they exploited an SQL injection vulnerability on the website of Barracuda Networks to steal the names and contact information of partners, end-users and Barracuda employees.
 

Security firm tracks mass SQL injection attack

March 31, 2011

At least 380,000 web pages have been infected via SQL injection to serve rogue anti-virus programs, known as scareware, security firm Websense reported Thursday. The sites were injected with code that directs victims to a website called Liza Moon, which automatically redirects users to a notorious site serving fake anti-virus. Both domains currently are down, according to Websense. This latest round appears to be targeting iTunes URLs that are used to update podcasts. This is one of the largest mass SQL injection attacks that Websense has detected since that style of attack became popular in 2008 and 2009.
 

Oracle's MySQL.com hacked via SQL injection

March 28, 2011

Hackers over the weekend compromised Oracle's MySQL.com customer website via SQL injection and posted a list of usernames and passwords online.
 

eHarmony advice site hacked to expose user information

February 11, 2011

eHarmony has confirmed that a hacker recently gained access to a file containing user information, weeks after another popular dating site was compromised.
 

Dating site PlentyOfFish hacked to expose passwords

January 31, 2011

The credentials of nearly 30 million online daters are at risk following the exploit of a common website vulnerability. The exact circumstances of the incident remain in question.
 

NYC bus tour company's database hacked of credit card info

December 21, 2010

The credit card details belonging to customers of CitySights NY were stolen when a database belonging to the sightseeing bus tours company was hacked.
 

Cyberthreats: A long haul

December 01, 2010

Enterprises are under constant seige from cyberthreats that continue to evolve to new levels of sophistication, reports Deb Radcliff.
 

Automated web attacks: Interview with Amichai Shulman, co-founder and CTO of Imperva

September 16, 2010

In a conversation with SC Magazine Deputy Editor Dan Kaplan, Amichai Shulman, co-founder and CTO of Imperva, introduces a new research initiative underway and addresses the automated methods now used by attackers to compromise legitimate websites.
 

New wave of website hacks seek to spread malware

June 11, 2010

A new round of mass SQL injection attacks began Friday morning and, at that time, 1,000 pages, including the websites for Chicago Public Radio and IndustryWeek, were infected.
 

Wall Street Journal, others, hit in mass SQL attack

June 10, 2010

Security researchers have discovered a widescale SQL injection attack that has compromised thousands of websites to spread malware.
 

Injection tops list of web application security risks

April 19, 2010

Injection flaws and cross-site scripting are the two most critical web application security flaws, according to the newly updated version of the OWASP Top 10.
 

Brokerage firm fined $375,000 over breach

April 13, 2010

The Financial Industry Regulatory Authority (FINRA) announced Monday it has fined Montana-based brokerage firm D.A. Davidson & Co. over a December 2007 breach that exposed the personal information of approximately 192,000 customers. The company's database was compromised via SQL injection, allowing attackers to steal the names and Social Security numbers of customers. Prior to the breach, D.A. Davidson did not have adequate safeguards, such as encryption, to protect customer information, FINRA said. A company spokeswoman told SCMagazineUS.com that no clients have fallen victim to ID theft, but the company settled to put the matter behind it. — AM
 

WordPress users report hacked blogs

April 09, 2010

Some WordPress users are complaining that their blogs have been compromised to point users to malicious websites, an IT security monitoring firm said Friday.
 

JCPenney joins Heartland, TJX as Gonzalez victims

March 30, 2010

Court documents unsealed Friday name JCPenney and another retailer as additional targets of notorious hacker Albert Gonzalez' cybercriminal gang.
 
Powered by Disqus
Popular Topics
Analyst Reports & Industry Surveys Android Anonymous Breaches & Exposures Canada Data Breaches DNS Education Finance Government Hackers Hacktivism Health Care Lawbreakers & Cybercrime Lawsuit Legislation LulzSec Malware Mobile Applications Mobile Devices Patch Management PCI Compliance SC Awards 2012 Trojans Vulnerabilities & Flaws