Hot on the release of Acunetix v11, check out what’s NEW in this brief presentation highlighting: A brand new web interface re-engineered from the ground up for greater usability and manageability New integrated vulnerability management features to prioritize and manage vulnerabilities Multi-user, Multi-role features Issue tracker…
In the headlines: DNC email breach, Avtech IoT devices, UN nuclear power plant hack, and more
US accuses Russia of interfering with elections In what could be the most highly publicized nation state cyber attacks since the Sony Pictures hack, the US have officially accused Russia of interfering with the elections. The DNC email breach was the first stage in a…
In the headlines: Yahoo hack, Krebs DDoS attack, Drupal vulnerabilities and more
500m users affected in giant Yahoo hack and lawsuits already filed The latest breach to be dubbed ‘the biggest breach ever’ is the newly revealed theft of the data 500 million Yahoo users, which took place in 2014. Yahoo admitted this news just last week,…
33% of websites and webapps are vulnerable to XSS
Cross-site Scripting (XSS) is a much talked-about type of injection vulnerability that occurs on the client-side (that is, in a user’s browser). It occurs, predominantly through the use of JavaScript due to its prevalence in most browsing experiences. Cross-site Scripting can be classified into four…
SQL injection slowly receding, but still a major concern
SQL injection (SQLi) is a frequent topic on this blog – it refers to an injection attack that allows an attacker to execute malicious SQL statements that allow the attacker to control a web application’s database server. Since an SQL injection vulnerability could possibly affect…
In the headlines: US Department of Energy, IBM census site, NSA cyber defense hack, Sage data breach and more
US Department of Energy invests $34m in cybersecurity The Department of Energy in the US is set to invest $34m in 12 individual projects aimed to secure the smart grid. The projects are described as being aimed to improve the ‘reliability and resilience’ of US…
Drupal Ransomware Vulnerability Attacks – Rex
For the past few months, multiple reports regarding a ransomware primarily affecting the popular CMS, Drupal have been emerging. The ransomware itself has no official name however is currently being dubbed as Rex. In May 2016, it was reported that 400 Drupal installations were affected, and…
Pentest Diaries: Negative Transfers and Android eWallets don’t Mix
eWallets, or digital wallets are becoming evermore popular. Most Android eWallets are apps that allow a user to make electronic transactions, including purchasing items online or in-person. Some services even allow an individual’s bank account to be linked to the service. Naturally, breaking the security…
Hunting for XXE in Uber using Acunetix AcuMonitor
XML External Entity (XXE) vulnerabilities are attacks which involve an attacker abusing an application which parses XML. The attack occurs against an XML parser which has XML entities enabled. If you are not familiar with XML entities, you can think of them as a rarely…