If you’re a Magento admin, stop what you’re doing and patch now.
Tag Archives: SQL Injection
Server? What server? Site forgotten for 12 years attracts hacks, fines
The University of Greenwich might not have noticed the website but hackers did.
TalkTalk keeps talking about that data breach but never says the right thing
With every new piece of information about the TalkTalk breach, we seem to get no closer to the truth about what exactly happened, who was responsible, and what TalkTalk is doing to fix this messy affair.
Hacker detained for giving US service members’ personal info to ISIS
A hacker detained in Malaysia now faces extradition to the US to face charges that he provided material support to the Islamic State, which US Department of Justice (DOJ) officials are calling a “first of its kind” case.
The malicious side of online ads – how unpatched servers hurt us all
SophosLabs looked behind a malvertising campaign from September 2015, and found servers that hadn’t been patched for two years or more.
Accused game hacker flees to Europe, says he can’t afford defence
The Australian, who’s fled to Europe, was 17 when he allegedly took part in the heist of unreleased gaming and Apache helicopter training software.
Millions of Drupal websites at risk from failure to patch
You should assume that your Drupal 7 website has been compromised if you didn’t patch it within 7 hours of the release of Drupal 7.32 on 15 October 2014.
Racing Post let off with stern warning after data breach
The Racing Post, which suffered a data breach affecting over 677,000 users late last year, has been slacking off on its security arrangements since at least 2007. It’s been given until the end of February 2015 to get its house in order.
1.2 billion logins scooped up by CyberVor hacking crew – what you need to do
Hackers have amassed a vast collection of stolen data, including 1.2 billion unique username/password pairs, by compromising over 420,000 websites using SQL injection techniques. This data haul may yet turn out to be a ‘Heartbleed’ moment for website owners who assume their sites are too small to be of interest to hackers.
SSCC 158 – What do you mean, “Don’t knit your own remote authentication?” [PODCAST]
Here’s this week’s Chet Chat security podcast for your listening pleasure. Chester Wisniewski and Paul Ducklin of Sophos dissect the week’s security news to see what we can learn from other people’s mistakes…