web application security
New DDoS attack and tools use Google Maps plugin as proxy
Attackers are using Joomla servers with a vulnerable Google Maps plugin installed as a platform for launching DDoS attacks. A known vulnerability in a Google Maps plugin for …
Google’s new Cloud Security Scanner detects common security bugs
Here’s some good news for Google App Engine developers: Google has released a new application security scanner that’s especially fitting to test new app builds for …
SQL injection vulnerabilities surge to highest levels in three years
UPDATE: Tuesday, 20 January 2015, 1:10 PT – Jericho from Attrition.org has written an insightful post that essentially debunks the data released by DB Networks. …
Hackers use Pastebin to deliver backdoor code
Cyber attackers taking advantage of legitimate online services is not a new thing, and “online clipboard” Pastebin.com is often used to anonymously leak stolen …
Top 3 reasons businesses should prioritize web security
2014 was a year of high-profile hacks for businesses around the world. From The Home Depot breach to the recent Sony data leak, it seemed like as soon as one data breach was …
Rails security scanner Brakeman 3.0.0 released
Brakeman is an open source vulnerability scanner specifically designed for Ruby on Rails applications. It statically analyzes Rails application code to find security issues at …
Four cyber security risks not to be taken for granted
It’s pretty difficult to make information security predictions, and even more difficult to verify them afterwards: we can only judge the effectiveness of information …
Info of millions of AliExpress customers could have been harvested due to site flaw
A programming flaw in the code of popular online marketplace AliExpress, which connects small Chinese businesses with international buyers and has over 7.7 million registered …
Google open sources Firing Range, a test tool for web app security scanners
Google has open sourced another security tool: it’s called Firing Range, and it’s an effective testing ground for a variety of automated web application security …
Assume your Drupal 7 site has been compromised
Administrators of sites that run Drupal 7, and have not yet updated to version 7.32 or have done so later than 7 hours after the public revelation of the highly critical SQL …
Easily exploitable Drupal bug can lead to total site compromise
Admins of sites that run Drupal 7 are advised to update to the latest version of the platform – version 7.32 – because it fixes a critical SQL injection …
Personal info of 850k Oregon jobseekers potentially compromised
851,322 individuals who used Oregon Employment Department’s WorkSource Oregon Management Information System (WOMIS) will soon be receiving notices that they information …
Featured news
Resources
Don't miss
- CISA: Use Signal or other secure communications app
- Another NetWalker affiliate sentenced to 20 years in prison
- Why cybersecurity is critical to energy modernization
- Cryptocurrency hackers stole $2.2 billion from platforms in 2024
- CISA orders federal agencies to secure their Microsoft cloud environments