The UK 2015 information security breaches survey has just been published, showing as anticipated that just about every aspect of security breaches is on the increase. A staggering 90% of large organisations surveyed admitted to having experienced at least one breach within the last year,…
The What, Why and How of Wassenaar
If you work in the realm of cyber security and monitor its goings-on then you will probably have come across this hashtag lately; #wassenaar. Here we’re going to explain what’s happening, what exactly it means and how it might affect you. Wassenaar is the name…
In the headlines: mSpy, Friend Finder and more
mSpy surveillance service hacked In a somewhat ironic turn of events, mSpy, a provider of software allowing people to track others such as their children or spouses, has admitted to suffering a data breach. The news emerged through the Krebs on Security blog by security…
Telstra reveals Pacnet succumbs to SQLi attack
Telstra, Australia’s largest telephone operating company, revealed yesterday that its internal corporate network Pacnet had been compromised via an SQL Injection attack. So far it is not yet known what exactly was taken from the network, but it is clear that the perpetrators had complete…
Genericons DOM-based XSS Vulnerability
Hundreds of WordPress themes and plugins that make use of the Genericons package, could be vulnerable to a DOM-based XSS vulnerability affecting millions of WordPress installations. Genericons are versatile vector icons embedded in a webfont from Automattic (the creators of WordPress). The vulnerability resides in…
What the Verizon Report 2015 tells us about web app attacks
Verizon’s annual report, now in its eighth year, analyzes breach intelligence and data from multiple sources, including customers of Verizon’s forensics response division and customers of FireEye, the firm that investigated the recent hack of Sony Pictures Entertainment. It also examines data from cases investigated…
WordPress 4.2.1 Security Release addresses yet another XSS vulnerability
Yesterday, WordPress announced another security release, urging all users to update all WordPress installations immediately. WordPress Security Release 4.2.1 fixes yet another Stored Cross Site Scripting (XSS) vulnerability, which allows an unauthenticated user to inject JavaScript in WordPress comments. The injected script can be affect both…
Acunetix helps Sendy discover and remediate their vulnerabilities
‘Acunetix allowed us to identify some major vulnerabilities before hackers were able to exploit them. This has made Sendy a far more secure application and hugely reduced the risk of us being breached.’ Ben Ho, Developer, Sendy Sendy is a self hosted email newsletter application…
Critical XSS vulnerability addressed in latest WordPress update
Yesterday, WordPress 4.1.2 was released. This is a very important security release, which addresses a critical cross-site scripting (XSS) vulnerability, which could allow an anonymous user to compromise a WordPress site. The security release also addresses 3 other vulnerabilities affecting previous releases of WordPress. In…