VB Migration

Tag: sql injection

  • New paper: Detection of vulnerabilities in web applications by validating parameter integrity and data flow graphs

    Web application vulnerabilities are an important entry vector for threat actors. Indeed, according to the 2019 Verizon Data Breach Incident Report , web applications, privilege misuse and miscellaneous errors account for 81 per cent of breaches of retail organizations. In a paper presented at VB2019 in London, Prismo Systems researchers Abhishek Singh and Ramesh Mani…

  • Kaspersky website suffers SQL vulnerability

    Hackers gain access to tables, no user data stolen. A security flaw in a local website of security firm Kaspersky Lab was spotted by hackers over the weekend, with an SQL infection attack potentially leading to exposure of customer details. No details were in fact extracted from the vulnerable databases, and the flaw was quickly…

  • Flash exploit used to steal gaming passwords

    Despite initial panic, threat no longer believed to a zero-day exploit. In the past few days, thousands of websites have indirectly been serving malicious Adobe Flash (.SWF) files. It is believed that legitimate sites have been hacked via SQL injection to include a script that causes browsers to redirect to sites hosting malicious .SWF files.…

  • Mass attack infects over half a million web pages

    United Nations and UK Government sites among those infected by SQL injection. Hackers have managed to insert malicious code into hundreds of thousands of websites, making their pages serve malware to users who have not patched their computers. Among the affected sites are various websites run by the United Nations as well as by the…

  • China-Tibet row spills over into malware attacks

    Both sides of debate targeted to spread malicious code. With the political row over China’s involvement in Tibet continuing to make the headlines, cybercriminals have been as quick as ever to exploit the public interest in the topic, using the story as a hook for several malware attacks. The first was as wave of SQL-based…

  • SQL attack hacks wide range of sites

    CA among victims of major attack linking sites to malware. Huge numbers of legitimate websites – perhaps as many as 100,000 according to some reports – fell victim to hackers over the last couple of weeks thanks to SQL injection problems leaving sites vulnerable. The hacks redirect traffic to sites in China, where click-fraud is…