Block rogue queries before they bite A SQL (Structured Query Language) injection attack occurs when an attacker injects a piece of SQL script in order to manipulate the SQL script running on a database-driven web-application in an attempt to access/modify/delete something within the database. It can even execute certain administrative scripts. The SQL injection attack is one of the most common attacks out there. Companies are getting hit by these attacks constantly. You’ve probably seen stories about user information getting posted on sites like PasteBin. Business Impact of a SQL Injection Attack The business impact can range widely depending on
Category: Cybersecurity
Cut out the silent middle-man The man-in-the-middle attack is an appropriate term for this type of attack. The network traffic is routed through the attackers machine and the hacker can see unencrypted data as it passes through. How does man-in-the-middle attack work? The Man-in-the-Middle attack works by having the attacker inject their machine between two devices that are communicating with each other. Those two devices will send all of their packets to the attacker’s machine and the attacker will usually route the communication to the destination machine after sniffing out the contents of those packets. ARP (Address Resolution Protocol) Poisoning
Why Cybersecurity is a Business Concern It seems like every day now, we hear about a new hack. But the problem is not just technology. It’s also a business problem that everyone needs to understand and address. And it affects every business in some way or another. I personally believe it’s because of the word itself, cybersecurity. It sounds technical, it involves technology, so it must be 100% an IT issue to fix. Let’s walk through a quick scenario and see who fits into each point: Finance: sets up a login for their bank account. IT: provides security awareness training
The Importance of Security Awareness I started off by reading an article today on how CloudFlare and Twilio were phished and breached. They required that all of their employees have Multi-Factor Authentication enabled, and yet the attackers still got in. How? https://arstechnica.com/information-technology/2022/08/phishers-breach-twilio-and-target-cloudflare-using-workers-home-numbers/?source=post_page—–f515c1d56e56——————————– TLDR: the attackers created a website clone and sent out a phishing email. They waited for the individuals to fall for it. When the users clicked on the email, they were directed to the attacker’s domain where they entered their credentials. The hackers were on standby and automatically entered the credentials on the legitimate domain. This triggered the
What is Cybersecurity? Easy question with a not-so-straightforward answer. The definition differs based on the person or organization that you ask. A person that needs to safeguard their Instagram account will define Cybersecurity much differently than an organization that deals with patient data, and even that organization will define it differently than a government that’s safeguarding its citizens. Individuals are mostly concerned with securing their personal data and keeping their accounts protected from hijackers. They want their devices operating efficiently and without prying eyes. Businesses need not only worry about their intellectual property, they also need to secure customer