SQL injection
ResumeLooters target job search sites in extensive data heist
Group-IB identified a large-scale malicious campaign primarily targeting job search and retail websites of companies in the Asia-Pacific region. The group, dubbed …
SQLi vulnerability in Cacti could lead to RCE (CVE-2023-51448)
A blind SQL injection vulnerability (CVE-2023-51448) in Cacti, a widely-used network monitoring, performance and fault management framework, could lead to information …
F5 BIG-IP vulnerabilities leveraged by attackers: What to do?
The two BIG-IP vulnerabilities (CVE-2023-46747, CVE-2023-46748) F5 Networks has recently released hotfixes for are being exploited by attackers in the wild, the company has …
It’s time to patch your MOVEit Transfer solution again!
Progress Software customers who use the MOVEit Transfer managed file transfer solution might not want to hear it, but they should quickly patch their on-prem installations …
HashiCorp Vault vulnerability could lead to RCE, patch today! (CVE-2023-0620)
Oxeye discovered a new vulnerability (CVE-2023-0620) in the HashiCorp Vault Project, an identity-based secrets and encryption management system that controls access to API …
5 critical questions to test your ransomware preparedness
I’m a pentester – that is, a professional penetration tester. Some call me an ethical hacker, a white hat, or red teamer. In the heat of the moment, I’ve been called much …
Even when warned, businesses ignore critical vulnerabilities and hope for the best
A Bulletproof research found the extent to which businesses are leaving themselves open to cyber attack. When tested, 28% of businesses had critical vulnerabilities – …
API attacks are both underdetected and underreported
Akamai released a research into the evolving threat landscape for application programming interfaces (APIs), which according to Gartner will be the most frequent online attack …
46% of all on-prem databases are vulnerable to attack, breaches expected to grow
46% of all on-prem databases globally are vulnerable to attack, according to a research by Imperva. A five-year longitudinal study comprising nearly 27,000 scanned databases …
Top tips for preventing SQL injection attacks
In the wake of the Colonial Pipeline attack and other high-profile cases, IT teams may be scrabbling to shore up their endpoint protection. But those in the developer …
Cyberattack traffic targeting video game industry surged during the pandemic
Cyberattack traffic targeting the video game industry grew more than any other industry during the COVID-19 pandemic. According to Akamai’s report, the video game industry …
3.4 billion credential stuffing attacks hit financial services organizations
Akamai published a report that provides an analysis of both global and financial services-specific web application and credential stuffing attack traffic, revealing …