US-Cert warns of widespread SQL injection attacks
The US Computer Emergency Readiness Team (US-Cert) has warned of widespread SQL injection attacks that are compromising websites.
The US Computer Emergency Readiness Team (US-Cert) has warned of widespread SQL injection attacks that are compromising websites.
The attacks are targeting websites across all sectors, said US-Cert. The compromised sites have been modified to include a malicious JavaScript file.
When a user unknowingly visits a compromised site, they are re-directed to a series of malicious web pages that attempt to exploit multiple client-side vulnerabilities in a number of applications, including Internet Explorer and RealPlayer.
To mitigate the risk, US-Cert is urging users and administrators to update RealPlayer, if they have it, to the latest version, and to disable ActiveX controls in their browsers.
Read more on IT risk management
-
![]()
Potential SSL API flaw could reveal private keys
By: Michael Heller
-
![]()
HTTP public key pinning: Is the Firefox browser insecure without it?
By: Michael Cobb
-
![]()
Disable Java to protect from latest zero-day
By: Warwick Ashford
-
![]()
Gumblar Trojan drive-by exploits spike following Adobe update
By: Robert Westervelt
