New updates have been released that test for a new Joomla! remote code execution vulnerability affecting versions 1.5.0 through 3.4.5 CVE-2015-8562. Other updates also include improved XML External Entity (XXE) testing, multiple Cross-site Scripting tests in commonly used libraries and other improvements/bug fixes. Below is the…
Webroot report shows SMBs unprepared to counter cyber security attacks
A number of big name retailers, insurance providers and companies have hit the headlines with their cyber attacks and data breaches over the last year or two. But what about the small and medium businesses? There’s no doubt they have their own security incidents but…
In the headlines: Mr Grey hacker, Vtech hack, US government office hack and more
FBI hunting ‘Mr Grey’ hacker and his 1.2 billion stolen logins In a massive botnet operation which stole data from over 420,000 websites, the FBI are now zoning in on one member of a Russian crime ring known as ‘CyberVor’, with their target being known…
Defence in Depth – Part 3 – The Least Privilege Principle
An application does not need to use the root (MySQL), sa (Microsoft SQL Server), postgres (PostgreSQL) or SYSDBA (Oracle Database) to connect to the database. Likewise, it’s a bad idea to run daemons or services as root (Linux) or Administrator (Microsoft Windows), unless there is…
Highlights from Security Leaders in Sao Paulo
Sunlit Technologies the Acunetix distributor for Brazil, exhibited at the 6th edition of Security Leaders in Sao Paulo on 18th and 19th November 2015, at Fecomércio / SP – Rua Doutor Plinio Barreto, 285 – Sao Paulo. Since 2010, Security Leaders and the Brazilian IT market have been following a…
Takeaways from the VTech Hack, and the Vigilante Side of Security Breaches
Anyone following the news this week likely learned of the massive breach exposing the personal data of millions of parents and their children. VTech, a Hong Kong-based toy maker was hacked, exposing everything from children’s names and home addresses, to pictures (reportedly, 190GB worth of…
HIMSS survey uncovers critical weaknesses in hospital web security
A new report has just been published, covering the current state of cybersecurity in the US healthcare sector. Considering the very public breaches of Anthem and other health insurers over the last year, the sector is particularly under scrutiny. Unfortunately the results are not very…
Acunetix 10 build includes security checks in CORS configurations, Rails web applications and identifies the vBulletin 5 RCE
Acunetix 10 (build 20151125) has been released. This new build checks for insecure DNS records, insecure CORS configurations, Rails web applications running in development mode, web applications running Tornado and Pyramid in debug mode and various new and updated vulnerability checks including one for vBulletin…
PWC Global State of Information Security Survey 2016
Price Waterhouse Coopers have just published a report about cybersecurity. Not about the attacks and threats themselves, but about how businesses are tackling the risks. Titled the Global State of Information Security Survey 2016, its key findings relate to measures such as external collaboration and…