Bullying in Open Source Software Is a Massive Security Vulnerability (www.404media.co)

eighthave, 2 months ago to fdroid

Three years ago, #FDroid had a similar kind of attempt as the #xz #backdoor. A new contributor submitted a merge request to improve the search, which was oft requested but the maintainers hadn't found time to work on. There was also pressure from other random accounts to merge it. In the end, it became clear that it added a #SQLinjection #vuln. In this case, we managed to catch it before it was merged. Since similar tactics were used, I think its relevant now

https://gitlab.com/fdroid/fdroidclient/-/merge_requests/889

0x58, 4 months ago to Cybersecurity

SQL injection and cross-site scripting (XSS) attacks still going strong 🚀

#cybersecurity #infosec #xss #sqlinjection

https://www.bleepingcomputer.com/news/security/hackers-steal-data-of-2-million-in-sql-injection-xss-attacks/

YourAnonRiots, 4 months ago to infosec Japanese

Hackers steal data of 2 million in #SQLinjection, XSS attacks - #CyberAttack #infosec

https://bleepingcomputer.com/news/security/hackers-steal-data-of-2-million-in-sql-injection-xss-attacks/

YourAnonRiots, 5 months ago to Cybersecurity Japanese

🚨 A new hacker group, #GambleForce, is behind a string of #SQLinjection attacks across Asia-Pacific. Learn how they use basic techniques to steal sensitive data.

https://thehackernews.com/2023/12/new-hacker-group-gambleforce-tageting.html

#cybersecurity #hacking #informationsecurity

itnewsbot, 7 months ago to random

Hackaday Links: October 22, 2023 - The second of three major solar eclipses in a mere six-year period swept across th... - https://hackaday.com/2023/10/22/hackaday-links-october-22-2023/ #hackadaycolumns #dispersedmedia #hackadaylinks #airpollution #sqlinjection #stratosphere #placeholder #spacecraft #speeding #annular #eclipse #version #museum #ticket #foam

YourAnonRiots, 7 months ago to Cybersecurity Japanese

#SQLInjection is still popular, but attackers are now leaning towards Traversal techniques!

Fastly's Network Effect Threat Report sheds light on the latest attack traffic patterns & tactics.

https://thehackernews.com/2023/09/threat-report-high-tech-industry.html

#cybersecurity #hacking

spiegelmama, 9 months ago to random

I wanted to call out this article from Dark Reading today about the continued presence of SQL injection attacks; written by @Omkhar of the OpenSSF, it points out some important changes needed - and contains a link to the OpenSSF's free courses on secure software development. Enjoy! https://www.darkreading.com/edge-articles/moveit-was-a-sql-injection-accident-waiting-to-happen #DarkReading #SQLinjection #SecureSoftwareDevelopment

dHeinemann, 9 months ago to dotnet

.NET developers: is there any indication that parameterized SQL queries using System.Data.SqlClient.SqlCommand do not protect against SQL injection?

A new developer on a project believes that it's necessary to detect and block parameterized queries if their parameters contain SQL keywords, otherwise the database can potentially execute them as SQL. I cannot find evidence of this, or reproduce it.

Do parameterized queries have known vulnerabilities?

#DotNet #SqlServer #SqlInjection

itnewsbot, 11 months ago to security

MOVEit app mass-exploited last month patches new critical vulnerability - Enlarge (credit: Lino Mirgeler/picture alliance via Getty Images)

... - https://arstechnica.com/?p=1952233 #vulnerabilities #sqlinjection #security #exploits #biz⁢ #moveit

lewdthewides, 11 months ago to random

>The Government of Nova Scotia, which uses MOVEit to share files across departments, also confirmed it was affected, and said in a statement that some citizens’ personal information may have been compromised. However, in a message on its leak site, Clop said, “if you are a government, city or police service… we erased all your data.”

No ransom, just death to the state :chad: