SQL injection

Pierluigi Paganini October 28, 2015
Joomla SQL Injection Vulnerability exploited in the wild

Security experts at Sucuri reported a number of attacks exploiting a critical SQL injection flaw recently disclosed in the Joomla Content Management System. A few days ago, security experts disclosed a critical SQL injection vulnerability in the Joomla Content Management System (CVE-2015-7858), but as expected, threat actors in the wild are exploiting it in attacks against websites […]

Pierluigi Paganini October 23, 2015
New Joomla release patches a serious SQLi flaw

Joomla just released a patch to fix a critical vulnerability that can allow an attacker to get full administrative access to a website. The new version of the popular Joomla content management system, the Joomla 3,4,5, is available online. The new release fixes a critical SQL injection vulnerability that could be exploited by attackers to […]

Pierluigi Paganini August 26, 2015
Be aware enterprises, it’s time to block Tor network

A research conducted by the IBM X-Force team reveals that a growing number of cyber attacks against big IT enterprises relies on the Tor network. With the increase of Tor-based attacks, something needs to change, and IBM is advising companies to start blocking Tor. A research conducted by the IBM X-Force team reveals that SQL […]

Pierluigi Paganini July 22, 2015
Joomla Helpdesk Pro flaws leave systems vulnerable to several attacks

The Outpost24 team has identified several vulnerabilities that affect Joomla HelpDesk Pro extension, the flaws can lead to remote code execution on servers. Kasper Bertelsen, a security researcher at Outpost24 has discovered a number of vulnerabilities in the Joomla Helpdesk Pro extension which can lead to remote code execution on servers. The Helpdesk Pro Joomla extension is developed […]

Pierluigi Paganini May 29, 2015
Ganaa hacked, data of 10 Million registered users leaked

A Pakistani hacker claimed responsibility for a data breach at Gaana music streaming service that exposed data of  more than 10 Million registered users. Gaana (Gaana.com), one of the most popular music streaming service in India has reportedly been hacked. Gaana service has more than 10 Million registered users and 7.5 Million monthly visitors, according to various sources available on […]

Pierluigi Paganini May 04, 2015
Anonymous Hacker breached WTO database and Leaked data of internal staff

Hackers belonging to the Anonymous collective hacked the website of the World Trade Organization (WTO) and leaked personal data of thousands of officials. Hackers belonging the Anonymous collective compromised the website of the World Trade Organization (WTO) and leaked its database containing personal data of its members. The stolen data are related to personnel of […]

Pierluigi Paganini April 24, 2015
Magento Flaw Exploited in the Wild a few hours after disclosure

Sucuri revealed that cyber criminals are attempting to hijack online shops based on Magento platform by exploiting a recently disclosed critical flaw. According to the security experts at Sucuri firm, within 24 hours after the disclosure of the vulnerability in Magento platform, bad actors are already attempting to hack e-commerce websites using it. The experts traced back the attacks […]

Pierluigi Paganini April 15, 2015
Dell report revealed attacks on SCADA system are doubled

A recent report published by Dell revealed a 100 percent increase in the number of attacks on industrial control (SCADA) systems. The new Dell Annual Threat Report revealed that the number of attacks against supervisory control and data acquisition (SCADA) systems doubled in 2014 respect the previous year. Unfortunately, the majority of incidents occurred in SCADA systems is […]

Pierluigi Paganini March 16, 2015
ICS-CERT MONITOR report states most critical infrastructure attacks involve APTs

DHS ICS-CERT MONITOR report reveals that most critical infrastructure attacks involve APTs, but organizations lack monitoring capabilities. The DHS’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has issued its new ICS-CERT MONITOR report related to the period September 2014 – February 2015. The ICS-CERT MONITOR report According to the report, the Industrial Control Systems […]

Pierluigi Paganini February 26, 2015
More than 1 Million WordPress websites are vulnerable to blind SQL Injection Attacks

A security bug in the WordPress plugin WP-Slimstat could be exploited by attackers to discover a “secret” key and use it to run blind SQL Injections. More than one million WordPress sites are potentially vulnerable to SQL injection attacks due to the presence of a critical flaw in the popular plugin WP-Slimstat. WP-Slimstat is an analytics plugin for […]