SQL injections

The Web site MySQL.com and other Web servers belonging to Oracle Corp.’s Sun Microsystems division were compromised on Sunday by Romanian hackers who took advantage of a SQL injection vulnerability in an application running on the server.

Three years after the United Nations’ website
was defaced by activist hackers using a SQL injection attack, the site
still contains multiple instances of these vulnerabilities. Read the full article. [Dark Reading]

A hack attack that can expose users to malware exploits has infected
more than 1 million webpages, at least two of which belong to Apple. The SQL injection attacks bombard the websites of legitimate
companies with database commands that attempt to add hidden links that
lead to malware exploits. Read the full article. [The Register]

With millions of personal records and payment card information stolen
on a regular basis, several recently released reports independently
confirm some of the main sources of breaches. Not surprisingly, that’s
not zero day flaws, not even insiders, but good old fashioned SQL injections next to malware infections. Read the full article. [ZDNet]

Analysis of the 32 million passwords recently exposed in the breach of
social media application developer RockYou last month provides further
proof that consumers routinely use easy to guess login credentials. Read the full article. [The Register]

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.