A joint report analysing the cost of data breaches has been released by IBM and Ponemon Institute. Having surveyed 350 companies globally, they’ve found that the average cost of a data breach is increasing, having gone from $3.52m in 2014 to $3.79m in 2015. The…
In the headlines: David Jones and T-Mobile hack, remote code execution bugs, WinRAR vulnerability, and more
Australian department store David Jones victim of hack Australian department store giant David Jones has informed customers through a notice on their site, that they were recently hacked. However, they also assured account holders that no financial data had been breached and that there was…
SQLi – How it works (Part 1)
In this 6 part series on SQLi (SQL Injection) we shall be describing the vulnerability and its variants, showing how it works and what an attacker can do with it. SQL injection (SQLi) refers to an injection attack wherein an attacker can execute malicious SQL…
South African cyber crimes bill released, includes 25 year sentencing
South Africa is the latest country taking measures to tighten up on cyber crime. In the draft of their Cybercrimes and Cyber Security bill, are included explicit penalties for cyber crimes, ranging from fines to a maximum of 25 years in prison. The draft includes…
In the headlines: South Korea’s cyber attacks, DHS networks, Adobe Shockwave Player and more
South Korea has had over 110,000 cyber attacks in the last 5 years A recently released report has revealed that South Korean government agencies were subject to over 114,000 cyber attacks in the last five years. The report, compiled using data from the National Computing…
XSS in Google Feedburner
A fundamental aspect of web applications which developers should bear in mind is securing the input inserted by the user. Many times, due to lack of attention or understanding, programmers might ignore the review of the code, resulting in security breaches, which through exploiting represent…
In the headlines: FireEye and Kaspersky vulnerabilities, Windows 10 ‘Keylogger’ and more
Windows 10 ‘Keylogger’ and how to switch it off When the first Windows 10 preview was released, there were reports of it containing a keylogger. It now appears that this feature did indeed make it into the released version, via the Windows helper Cortana. As…
Cross-site Scripting and its variants explained
Cross-site Scripting (XSS) has been making the Top 5 list of exploitable vulnerabilities since it was first discovered way back in the 1990s. The term XSS refers to a client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or…
What preventive steps can SMEs take to reduce the chance of cyber attack?
Every week the headlines carry news of high profile cyber attacks, in fact every day cyber criminals compromise thousands of websites – often without the site owner knowing. A recent study of 15,000 websites found nearly half contained a ‘high-severity’ vulnerability waiting to be exploited…