Last Monday, Community Health Systems (CHS) filed an 8-K filing with the US Securities and Exchange Commission, confirming a security breach which occurred in April and June, 2014. CHS blamed the breach on a group of Chinese hackers. The 8-K filing confirms that the hackers…
Author Archives Nicholas Sciberras
THE AUTHOR
Nicholas Sciberras
Principal Program Manager
Principal Program Manager
Word Press Security Revisited
Starting as just a good blogging system in 2003, Word Press has grown to be the most popular Content Management System (CMS), used in over 22% of the top 1 million web sites. It is the CMS that can be installed in less than 5…
AcuMonitor could have Detected PayPal’s Blind XSS Vulnerability
Vulnerability-Lab, a Germany-based security research company, recently identified an application-side validation web vulnerability, which allows an attacker to inject code in his user profile. The injected code gets executed when a PayPal employee loads the user’s details on PayPal’s backend system. This type of vulnerability…
Common Platform Enumeration (CPE) Explained
When running a network scan on your perimeter server using Acunetix Vulnerability Scanner, one of the Informational alerts shown in the scan results is the CPE Inventory. The data that is collected during the scan is aggregated using the CPE standard, originally defined by MITRE,…
The Importance of Scanning Your Internet-Facing Assets
If your network is in any way connected to the Internet, the security of your network is being put to the test. Your Internet-facing servers are being probed by hackers looking for ways to damage your resources or steal them. It is important that no…
Acunetix Web Vulnerability Scanner v9, build 20140206 includes several new tests for vulnerabilities on well-known web applications
Acunetix Web Vulnerability Scanner version 9, build 20140206 is able to scan WordPress more efficiently, and includes various new checks for vulnerabilities in well-known systems such as MediaWiki, IBM Web Content Manager, Joomla! and Oracle. New Functionality in Acunetix Web Vulnerability Scanner v9 Added a…
Acunetix WVS v9, build 20131009 checks for HTML Injection, detection of weak passwords in Joomla! and Django
Acunetix Web Vulnerability Scanner version 9, build 20131009 includes checks for HTML Injection, and adds the detection of weak passwords in Joomla! and Django’s Administrative interfaces. In addition, the new build includes the detection of readme documentation files, together with various other updates and fixes….
Acunetix Web Vulnerability Scanner v9 build 20130904 introduces detection of BREACH and CRIME SSL vulnerabilities
Acunetix Web Vulnerability Scanner version 9, build 20130904 contains various new features including the detection of BREACH and CRIME SSL / TLS vulnerabilities, the detection of vulnerabilities in OpenX and vBulletin, and various other improvements. New Functionality Implemented the detection for BREACH vulnerabilities. Implemented the…
OWASP Updated the Top 10 List of Risks for 2013
Last week, the OWASP team officially updated the Top 10 list of risks so as to make it relevant for the web attack vectors identified in the last three years. The OWASP Top Ten summarizes and often combines web application vulnerabilities into an easy to interpret and…