web application security
Easily exploitable Drupal bug can lead to total site compromise
Admins of sites that run Drupal 7 are advised to update to the latest version of the platform – version 7.32 – because it fixes a critical SQL injection …
Personal info of 850k Oregon jobseekers potentially compromised
851,322 individuals who used Oregon Employment Department’s WorkSource Oregon Management Information System (WOMIS) will soon be receiving notices that they information …
Joomla update fixes high risk bug that could lead to site compromise
The developer team behind the popular open-source content management system Joomla is urging users to update the software to the latest version – v3.3.6 (or v3.2.7 for …
XSS bug allows Amazon account hijacking
A recurring XSS bug in Amazon’s Kindle Library, i.e. the “Manage your Kindle” web application, can be exploited by attackers looking to hijack users’ …
Coursera privacy issues exposed
When well-known lawyer and Stanford law lecturer Jonathan Mayer was invited to teach a course on government surveillance on Coursera, the popular online website offering free …
How important is website security?
In this interview, Nicholas Sciberras, Product Manager at Acunetix, illustrates why website security should be a priority in any organization. He talks about the challenges …
Disqus WordPress plugin vulnerabilities
During a penetration testing for a client, Australian based independent security consultant Nik Cubrilovic, discovered a couple of security issues within the very popular …
UK application security programs lagging behind US
UK enterprises are lagging behind US enterprises when it comes to application security programs. A new IDG study revealed that on average UK companies are spending …
vBulletin releases patches for critical SQL injection flaw
The vBulletin team has issued emergency patches for the critical SQL injection vulnerability responsibly reported by the Romanian Security Team. The flaw affects vBulletin …
vBulletin vulnerable to SQL injection
A Romanian hacking community has discovered and responsibly reported a critical SQL injection vulnerability found in the latest version (5.1.2) of the popular web forum …
CNET attacked by Russian hackers, user database stolen
Russian hacker group W0rm has apparently managed to breach servers belonging to media website CNET, and make off with databases containing usernames, emails, and encrypted …
Quarter of all UK attacks target web services and applications
A comprehensive analysis of security alerts in 2013 reveals that a quarter of all attacks in the UK were application specific attacks or targeted at web applications. This is …