US-Cert warns of widespread SQL injection attacks
The US Computer Emergency Readiness Team (US-Cert) has warned of widespread SQL injection attacks that are compromising websites.
The US Computer Emergency Readiness Team (US-Cert) has warned of widespread SQL injection attacks that are compromising websites.
The attacks are targeting websites across all sectors, said US-Cert. The compromised sites have been modified to include a malicious JavaScript file.
From forensic cyber to encryption: InfoSec17
Security technologist Bruce Schneier’s insights and warnings around the regulation of IoT security and forensic cyber psychologist Mary Aiken’s comments around the tensions between encryption and state security were the top highlights of the keynote presentations at Infosecurity Europe 2017 in London.
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.
When a user unknowingly visits a compromised site, they are re-directed to a series of malicious web pages that attempt to exploit multiple client-side vulnerabilities in a number of applications, including Internet Explorer and RealPlayer.
To mitigate the risk, US-Cert is urging users and administrators to update RealPlayer, if they have it, to the latest version, and to disable ActiveX controls in their browsers.
Read more on IT risk management
-
Why businesses must think like criminals to protect their data
-
Security Think Tank: Use awareness, education and controls to halt cryptojacking
-
Security Think Tank: Awareness is a good starting point to counter fileless malware
-
Security Think Tank: Human, procedural and technical response to fileless malware
Start the conversation
0 comments