A poll of 1000 Institute of Directors members in the UK has found that two thirds of the companies who fall victim to a data breach are failing to declare it publicly or report it to the police for fear of reputational damage. Also, only…
In the headlines: Cyber bank heist, Federal bug bounty program, Facebook flaw and more
Billion dollar cyber bank job foiled by spelling mistake A huge cyber bank heist was uncovered this week when the perpetrator made some spelling errors. Having already successfully drained $101m from the central bank of Bangladesh by penetrating their systems and impersonating officials, they were…
Alliance Technology Partners offering introductory and advanced Acunetix training courses
Alliance Technology Partners, Acunetix Partners since 2007, have announced they shall be offering Acunetix Training Courses, delivered via the web, by their highly experienced senior security engineer. The 3 hour courses on offer are at introductory and advanced level, as well as providing on-going consulting. Training…
The costs of security bugs and why automated testing can help
A report accompanied with a rating taxonomy aimed to help researchers and customers to determine appropriate payouts for bugs found by researchers in bug bounty programs has recently been released by Bugcrowd. These tools, especially the Vulnerability Rating Taxonomy (VRT), which details a number of…
What’s new in CVSS version 3
The Common Vulnerability Scoring System (CVSS) is an open standard for assessing the severity of security vulnerabilities, designed in such a way that makes it independent from any vendor or industry. In our previous blog post, we discussed CVSS v3 and how Acunetix provides support…
Cybersecurity National Action Plan: Obama Outlines Plans to Spend $19 billion on Cybersecurity
On February 9th President Obama announced the Cybersecurity National Action Plan, including steps such as establishing a cybersecurity commission, introducing new safeguarding measures and supporting both companies and consumers in strengthening their own security. He’s also put the money where his mouth is and backed…
Acunetix v10.5 assigns CVSS 3.0 scoring to its vulnerabilities
The Common Vulnerability Scoring System (CVSS) is an open standard for assessing the severity of security vulnerabilities. “Common” being the keyword, indicating that CVSS is designed to not only be independent to a specific vendor or industry, but also interoperable across systems that vary in…
Drupal Security: Top tips to secure your Drupal application
Drupal is a very popular Content Management System (CMS) on the Internet today. Drupal security should be at the forefront of anyone running a Drupal site, especially if running older versions of the CMS or it’s modules, since these are a ripe target for attackers….
Joomla! Security Tips: Securing Configurations
Heads up — Depending on your web server’s configuration for active extensions, the following could break some functionality. It is strongly advised to try out any configuration in a testing/staging environment before changing any configuration on production servers Prevent Directory Listing Directory Listing occurs when…