Injection vulnerabilities are one of the oldest exploitable software defects, which unfortunately are still prevalent today. Doing a simple search on cve.mitre.org com for the term injection returns with over 10,852 injection-related vulnerabilities in commercial and open source software since the year 2000, and the number of injection vulnerabilities continues to grow daily. The earliest
Tag: SQL Injection
Databases often hold the backbone of an organization; Its’ transactions, customers, employee info, financial data for both the company and its customers, and much more. are all held in databases, often left to the power of a database administrator with no security training. Database security and integrity are essential aspects of an organization’s security posture.
In early April 2016, reports emerged detailing history’s largest data leak, the Panama Papers. This incredible leak of sensitive data concerning both Mossack Fonseca and their clients contained 2.6 TB of data which included 11.5 million documents relating to over 200,000 companies and exposed the hidden fortunes of politicians, dictators and the super-rich. In comparison to
Hospitals and medical clinics were once places where patients were sheltered from the outer world and had the privacy they required for recovering safely. But with the Internet of Things (IoT) revolution in full swing and online health monitoring devices in abundance, the risks involving data leakage and privacy violation are rising exponentially. How safe
Members of “Anonymous” have breached a number of sub-domains of the European Space Agency website and leaked personal and login credentials of thousands of subscribers and officials. The leaked data includes full names, email addresses, office addresses, institution names, phone numbers, fax numbers and in many of the cases, clear-text passwords have also been exposed. Overall, more
Parents freaked out when hackers stole millions of records from VTech, a Hong Kong-based toy maker. Because the records included information on at least 200,000 children, those mothers and fathers were probably more worried about kidnappings and child pornography than financial mischief. But hacks like the attack on VTech are almost never related to violent
Cybercrime has evolved significantly over the years. While initially based mainly on social engineering and phishing, hackers today implement a wide range of techniques to exploit vulnerable applications with porous code. Code injections have arguably become the weapons of choice for hackers and are constantly being used to perform high-profile hackings worldwide.
PayPal has revolutionized the e-commerce market in recent years with its convenient characteristics that bolster user privacy. Gone are the days when online shopping required cumbersome bank transfers or complex credit card verifications. Unfortunately there is still work to be done on the security front after Egyptian researcher Yasser Ali shocked the world with his PayPal bug
The impact of the Drupal fiasco is still being felt across all industry sectors. The world’s third biggest CMS platform was compromised with arguably the oldest hacking technique in existence – the SQL injection (SQLi). While the Drupal 7.32 update has resolved this specific problem, SQL injections won’t really go away until they are treated from the
Samsung is currently topping sales charts worldwide with a wide range of Android powered phones catering to virtually all market segments. This mass distribution of mobile devices has magnified the importance of creating secure mobile applications. Unfortunately, a CSRF loophole has been found in one of the the South Korean phone manufacturer’s proprietary applications.