000webhost is one of the most popular free hosting providers out on the Internet. Unfortunately for them and their users, all their 13 million user accounts have had their usernames and passwords leaked through what was eventually revealed to be a database breach via an…
SQLi part 3: The anatomy of an SQL Injection attack
An SQL injection needs just two conditions to exist – a relational database that uses SQL, and a user controllable input which is directly used in an SQL query. In the example below, it shall be assumed that the attacker’s goal is to exfiltrate data from…
New Joomla! SQL Injection vulnerability gives attackers full control of your website
A high-severity SQL injection vulnerability has been identified in versions 3.2 through to 3.4.4 of Joomla!. The popular Content Management System (CMS), second only to WordPress with a staggering 6.6% CMS marketshare (as of October 23, 2015, based on a W3Techs’ trend reports runs on an estimated…
Get tested during Cyber Security Awareness Month
It is October again, and that means that it is a better time than ever to set aside some time to gather the relevant troops inside your organization to evaluate your information security posture – because October is National Cyber Security Awareness Month! Since its…
In the headlines: Flash and Chrome patches, Dridex botnet, WP Akismet and more
Flash Zero Day receives emergency patch Poor old Flash is in the headlines again, and this time for a zero-day flaw which is being actively exploited. Reported by a researcher and the Google Zero Day project, no details of the vulnerability have been disclosed but…
Gartner recognizes Acunetix as a Challenger for Application Security Testing in 2015
Acunetix Receives 2nd highest product score for Manual Web Penetration Testing in Gartner’s 2015 Critical Capabilities for Application Security Testing Report Gartner, Inc., the leading provider of research and analysis on the global information technology industry, has recognised Acunetix as a challenger, assigning Acunetix Web…
SQLi part 2: What’s the worst an attacker can do with SQL?
SQL is a programming language designed for managing data stored in an RDBMS, therefore SQL can be used to access, modify and delete data. Furthermore, in specific cases, an RDBMS could also run commands on the operating system from an SQL statement. Keeping the above…
The 2015 Cost of Data Breach analysis by Ponemon Institute
A joint report analysing the cost of data breaches has been released by IBM and Ponemon Institute. Having surveyed 350 companies globally, they’ve found that the average cost of a data breach is increasing, having gone from $3.52m in 2014 to $3.79m in 2015. The…
In the headlines: David Jones and T-Mobile hack, remote code execution bugs, WinRAR vulnerability, and more
Australian department store David Jones victim of hack Australian department store giant David Jones has informed customers through a notice on their site, that they were recently hacked. However, they also assured account holders that no financial data had been breached and that there was…