Malicious hackers can use verbal commands to perform SQL injections on web-based applications run by virtual assistants such as Amazon’s Alexa, researchers say. “Leveraging voice-command SQL injection techniques, hackers can give simple commands utilizing voice text translations to gain access to applications and breach sensitive account information,” reports Baltimore, Maryland-based Protego Labs, in a blog…
Instagram is reportedly recruiting white-hat researchers to test the security of its new Checkout feature, which allows users to buy merchandise from select brands without ever having to leave the social media app. CNN this week reported that Facebook-owned Instagram is restricting the testing to only those individuals who have submitted high-quality research to its…
Researchers have reported a vulnerability in the Android versions of WhatsApp and Telegram that could allow malicious actors to manipulate media files sent via the apps. This “media file-jacking” flaw could allow attackers to alter photographs, modify invoices (to aid in a financial scam), swap out files in a particular channel feed, or potentially even…
And that’s a big “10-7” (radio lingo for “out of service”) for the Apple Watch Walkie Talkie app after the company reportedly disabled the feature following the discovery of a security vulnerability that could allow eavesdropping on iPhones. According to TechCrunch, Apple learned of the problem through a disclosure on its “report a vulnerability” portal.…
A mobile app that was designed to enhance the experience of watching a touring Cirque du Soleil show left audience members’ devices vulnerable to an attack by others sharing the same public Wi-Fi network, according to a blog post today by researchers at ESET. The app corresponded to the show TORUK – The First Flight,…
A company’s recent analysis of credential abuse activity over a 17-month period uncovered roughly 55 billion credential stuffing attack attempts against various online services, roughly 12 billion of which targeted the gaming industry. Researchers at Akamai Technologies revealed the data in their latest State of the Internet/Security report, which specifically focuses on web attacks and…
The Microsoft Store joined Google Play and the Apple Store as a host for illegal apps after Symantec found 81 available for download. These apps disguised themselves as pertaining to sports, news, utilities and games, but in fact were fronts for gambling and pornography apps. These Potentially Unwanted Apps (PUA) had well-known brand names such…
The Barracuda Web Application Firewall is a hardware-based device which is used to monitor, assess and remediate web-based application vulnerabilities.
The FortiDB 1000D is a hardware appliance that monitors, audits and identifies vulnerabilities in databases. There are three deployment options: network sniffer, native audit and network agents.
WebDefend from Trustwave offers up some excellent features beyond strictly being a firewall.
