Dark Reading

Cacti Monitoring Tool Spiked by Critical SQL Injection Vulnerability

A critical vulnerability in the Cacti Web-based open source framework for monitoring network performance gives attackers a way to disclose Cacti's entire database contents — presenting a prickly risk ...
Bleeping Computer

Telegram-Based SQL Injection Scanner Available for $500 on Hacking Forum

A new tool is making the rounds on the criminal underground. Called Katyusha Scanner, this is a hybrid between a classic SQL injection (SQLi) vulnerability scanner and Anarchi Scanner, an open-source ...
adtmag.com

UPDATED: Microsoft Tool Helps Filter SQL Injection Attacks

Microsoft on Thursday released an improved security filter for its Internet Information Services (IIS) Web server that is designed to help thwart SQL-injection attacks. The free application, called ...
ZDNet

Fast-Fluxing SQL injection attacks executed from the Asprox botnet

The botnet masters behind the Asprox botnet have recently started SQL injecting fast-fluxed malicious domains in order to enjoy a decent tactical advantage in an attempt to increase the survivability ...
CSOonline

What is SQL injection? How these attacks work and how to prevent them

Immortalized by “Little Bobby Drop Tables” in XKCD 327, SQL injection (SQLi) was first discovered in 1998, yet continues to plague web applications across the internet. Even the OWASP Top Ten lists ...
Computerworld

Phishing botnet expands by hacking legit sites

A botnet is now using a SQL injection attack tool designed to hack legitimate Web sites, a move meant to add more hijacked PCs to its collection, according to a security researcher. The Asprox botnet, ...