The State of Web Application Vulnerabilities in 2017

As a web application firewall provider, part of our job at Imperva is constantly monitoring new security vulnerabilities. To do this, we use internal software that collects information from various data sources such as vulnerability databases, newslett… Continue reading The State of Web Application Vulnerabilities in 2017

Security company Fox-IT reveals, details MitM attack they suffered in September

Dutch IT security consultancy/service provider Fox-IT has revealed on Thursday that it has suffered a security breach, which resulted in some files and emails sent by the company’s customers to be intercepted by an unknown attacker. The attack On… Continue reading Security company Fox-IT reveals, details MitM attack they suffered in September

Bot-driven web traffic and its application security impact

New research conducted by the Ponemon Institute, which focused on such highly targeted industries as retail, healthcare and financial services, exposes the proliferation of bot-driven web traffic and its impact on organizations’ application security. Bots conduct 52% of all Internet traffic flow. For some organizations, bots represent more than 75% of their total traffic. This is a significant finding considering one-in-three organizations cannot distinguish between ‘good’ bots and ‘bad’ ones. The report also found that … More Continue reading Bot-driven web traffic and its application security impact

Equifax breach: Sensitive info, SSNs of 44% of U.S. consumers accessed by attackers

Equifax, one of the three largest American credit agencies, has announced that it has suffered a “cybersecurity incident” affecting some 143 million U.S. consumers. What kind of information was compromised? The attackers gained access to: Names, Social Security numbers (SSNs), birth dates, addresses and, in some instances, driver’s license numbers for the aforementioned 143 million U.S. individuals. Credit card numbers for approximately 209,000 U.S. consumers Certain dispute documents with personal identifying information for approximately 182,000 … More Continue reading Equifax breach: Sensitive info, SSNs of 44% of U.S. consumers accessed by attackers

PACER vulnerability allowed hackers to access legal docs while sticking others with the bill

A CSRF flaw that made it possible for attackers to access court documents on the PACER system while making legitimate users pay for it has finally been plugged. What is PACER? PACER is an electronic public access service of United States federal court documents – briefs, memos, orders, opinions, etc. It is mostly used by lawyers, and to a lesser extent by journalists, but one has to have an account open with the service, and … More Continue reading PACER vulnerability allowed hackers to access legal docs while sticking others with the bill

Telegram-based Katyusha SQL injection scanner sold on hacker forums

Despite regularly achieving one of the top spots on the OWASP Top 10 list of the most critical web application security risks, injection vulnerabilities continue to plague database-driven web sites and get regularly exploited by attackers. And when we talk about injection attacks, SQL injections are the most prominent, mostly because SQL databases are ubiquitous, and the attackers often succeeding in dumping the contents of the entire database. “The severity of SQL Injection attacks is … More Continue reading Telegram-based Katyusha SQL injection scanner sold on hacker forums

Review: Acunetix 11

Acunetix is one of the biggest players in the web security arena. The European-based company released the first version of their product back in 2005, and thousands of clients around the globe use it to analyze the security of their web applications. They recently unveiled Acunetix version 11, so we’ve decided to take it for a spin. Interface, users and roles Before I start, it needs to be noted that I’ve tested the on-premise edition … More Continue reading Review: Acunetix 11