SQLi part 5: Inferential SQLi (Blind SQLi)

Inferential SQL injection, unlike in-band SQLi, may take longer for an attacker to exploit, however, it is just as dangerous as any other form of SQL injection. In an inferential SQLi attack, no data is actually transferred via the web application and the attacker would not be able to see the result of an attack […]

Read More →

The Draft UK Investigatory Powers Bill

This week a draft ‘Investigatory Powers Bill’ was released by Home Secretary Theresa May and is receiving a great deal of media intention, instead being dubbed the UK ‘Surveillance Bill’. What’s it for? The bill is introduced as being for consolidation of all the laws governing communications data, in order to make it more straightforward […]

Read More →

In the headlines: TalkTalk breach, Joomla and Drupal patches, CISA bill, 1000 KKK members, and more

TalkTalk breach could affect 4 million users Another cellphone provider has hit the headlines with a breach; this time the UK provider TalkTalk. Following an attack which occurred in February, this latest breach happened last week and the company has admitted that not all stolen data was encrypted. Information stolen includes names, credit card details, […]

Read More →

SQLi part 4: In-band SQLi (Classic SQLi)

SQL injection can be classified into three major categories – In-band SQLi, Inferential SQLi and Out-of-band SQLi. In this article we shall be exploring In-band SQL Injection. In-band SQLi (Classic SQLi) In-band SQL injection is the most common and easy-to-exploit of SQL injection attacks. In-band SQL injection occurs when an attacker is able to use […]

Read More →

000webhost Breach Exposes 13 Million Passwords

000webhost is one of the most popular free hosting providers out on the Internet. Unfortunately for them and their users, all their 13 million user accounts have had their usernames and passwords leaked through what was eventually revealed to be a database breach via an exploit of a vulnerability in an old version of PHP. […]

Read More →

New Joomla! SQL Injection vulnerability gives attackers full control of your website

A high-severity SQL injection vulnerability has been identified in versions 3.2 through to 3.4.4 of Joomla!. The popular Content Management System (CMS), second only to WordPress with a staggering 6.6% CMS marketshare (as of October 23, 2015, based on a W3Techs’ trend reports runs on an estimated 2.8 million sites (according to a survey carried out by […]

Read More →

Get tested during Cyber Security Awareness Month

It is October again, and that means that it is a better time than ever to set aside some time to gather the relevant troops inside your organization to evaluate your information security posture – because October is National Cyber Security Awareness Month! Since its inception in 2004, National Cyber Security Awareness Month (NCSAM) is […]

Read More →