You are viewing 'SQL Injection'

Hacks Targeting Voter Rolls

Hack the vote blog series: part 2

Chris Camejo

October 25, 2016 - Posted by Chris Camejo to Security Insight

Voter Rolls Hacking

At first glance, the hacks targeting voter registration databases are a bit confusing: the voter rolls are considered a public record in many states, often obtainable by paying a fee of a few hundred dollars. Websites can and have legally republished this data. Records are also available to political campaigns, even in states where the records are not otherwise publicly available, and these lists can be bought online. It raises the question: why hack into a database that can be had just by politely asking for it?

So far the conversation around the voter database hacks has focused on the confidentiality of these records, as if the exposure of this data presents some sort of increased risk. Illinois, a... read more >

The Uncanny Exploit Kit Cycle

7 Stages of Advanced Malware Threats

Robert Clauff

January 22, 2015 - Posted by Robert Clauff to Security Insight

malware

Unless you have been living under a rock the last few years, I am sure you are aware of the rise of security breaches and the compromise of Fortune 500 companies.

This has a lot to do with the increasingly complex and advanced malware that is introduced into the wild, as well as those targeted towards specific companies and environments.

The days of simple viruses and malware are a thing of the past, similar to the days of $2.99 comic books. In case you were not aware, I am kind of a comic book nerd, but not just that, I am really passionate about good storytelling. While analyzing some advanced malware activity, I noticed a large similarity between the malware and the stories of which I am a fan. They both are very detailed and have complex patterns and paths.

Newly advanced malware... read more >

Protecting your Website from SQL Injection Attacks

Why Your Website May be Hacked Once Google Indexes It

Jacob Faires

November 18, 2014 - Posted by Jacob Faires to Security Insight

SQL Injection

SQL injection (SQLi) vulnerability on a website is a big fear for a web developer, a bigger fear for a business and one of the biggest fears for anyone involved with finance or point-of-sale (POS).

The attack methodology usually follows these lines:

  1. Identify SQL input locations.
  2. Determine capability of injection.
  3. Use SQLi to exfiltrate data/install backdoor.

How do attackers identify vulnerable targets?

Tools with SQL scanning capabilities, like Burp Suite, Havij and Acunetix, are able to discover vulnerabilities in websites, but they are not the most common way to... read more >

Hackers Amass 4.5 Billion Account Records

Russian Cybercrime Gang

Jon-Louis Heimerl

August 06, 2014 - Posted by Jon-Louis Heimerl to Threat Intelligence

Password Breach

Russian hackers, over a period of several years, have bought or compromised websites to amass 4.5 billion account records (usernames, passwords and email addresses), according to a recent report released from Hold Security. This is a total of about 1.2 billion unique entries. When you consider that there are something on the order of 3 billion total Internet users in the world, that means as many as 40% of all world-wide Internet users are directly affected by this compromise.

From available information, it appears that the Russian hackers bought or traded for site and account information, then built a prolonged process to locate and compromise websites that they could include in their botnet. Part of their process was to compromise website databases and steal any account credentials they could... read more >

Cybercrime: People Have War Stories Too

Cyberattacks Are Not just a Corporate Issue

Jon-Louis Heimerl

July 29, 2014 - Posted by Jon-Louis Heimerl to Security Insight

Internet Crime

We read about hacks and vulnerabilities all of the time.

A retailer is successfully attacked via advanced malware and credit cards are stolen through a series of servers and compromises.

A credit card processing company is hacked via cross site scripting, allowing the attacker to query and then extract the contents of the company’s corporate database including all of their client credit cards.

An online social media company is attacked through a SQL injection attack and usernames and passwords are stolen.

We like to learn from case studies or war stories. We like to hear about real events, to gain insight into something that happened in the real world, instead of some theoretical tale of FUD (fear, uncertainty and doubt).

Stories about complex... read more >

Voted one of the Best Computer Security Blogs 2016
NTT Security (US), Inc. (formerly Solutionary) is a security consulting and managed security services provider. The NTT Security blog is a place for IT professionals to both learn and talk about the latest in IT security and compliance.

Get the NTT Security Blog delivered to your inbox!

Enter your Email:

(We will not share your email or use it for anything else.)

LATEST TWEETS