US-Cert warns of widespread SQL injection attacks

News

US-Cert warns of widespread SQL injection attacks

Antony Savvas

The US Computer Emergency Readiness Team (US-Cert) has warned of widespread SQL injection attacks that are compromising websites.

The attacks are targeting websites across all sectors, said US-Cert. The compromised sites have been modified to include a malicious JavaScript file.

When a user unknowingly visits a compromised site, they are re-directed to a series of malicious web pages that attempt to exploit multiple client-side vulnerabilities in a number of applications, including Internet Explorer and RealPlayer.

To mitigate the risk, US-Cert is urging users and administrators to update RealPlayer, if they have it, to the latest version, and to disable ActiveX controls in their browsers.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.
 

COMMENTS powered by Disqus  //  Commenting policy