SQL injection attacks have been going on for years, and the vulnerabilities and exploitation techniques are well-understood and widely discussed. However, they’re still quite prevalent and are used in a variety of scenarios. One recent example is the attack on a Yahoo site that resulted in a breach of 450,000 usernames and passwords. In this video, Ryan O’Boyle of Veracode discusses the nature of SQL injection attacks and how to defend against them.
The Microsoft Security Response Center announced today that it will ship ten bulletins in the March edition of patch Tuesday. MSRP considers just two of the patches critical, one of which supplements the currently available “Fix it” tool that resolved the IE vulnerability exploited recently in an attack targeting the U.S. Department of Labor.
Researchers at Cylance released details of a custom exploit designed to defeat a vulnerability in a Tridium Niagara Framework device installed at Google’s Sydney, Australia campus.
For at least the third year in a row, the number of serious vulnerabilities per website has fallen. That sounds like good news until you look at the numbers and realize that the average website carried an astonishing 56 holes in 2012, according to statistics compiled by WhiteHat Security and based upon data gathered from tens of thousands of websites.