SQL Injection - Security Intelligence

Woman shopping online could be at risk of a recent Magento flaw

news

Magento Flaw Lets Cybercriminals Access E-Commerce Sites Without Authentication

Security researchers discovered a Magento flaw that could enable cybercriminals to penetrate and control features within the popular e-commerce site without authentication.

April 3, 2019 | By Shane Schick

news

Illustration of a laptop under an umbrella: Drupal security flaws

article

Is Your Site Protected Against Drupal Security Flaws?

This past summer saw a pair of Drupal security flaws exposed and patched. Is your website secure?

October 12, 2018 | By David Strom

article

A man using a laptop in a modern office: cybersecurity strategy and policy

article

How Can Media Companies Be More Confident in Their Cybersecurity Strategy and Policy?

According to recent research, only 1 percent of media companies are very confident in their cybersecurity strategy and policy.

September 11, 2018 | By Kacy Zurkus

article

A programmer writing code on a laptop while jotting notes on a piece of paper: application security risk

article

What’s the Best Strategy to Manage Application Security Risk?

To protect their organizations from threat actors targeting software vulnerabilities, security leaders should adopt an integrated approach to application security risk management.

July 6, 2018 | By Hamsa Srinivasan

article

news

Just 1 Percent of Companies Feel Ready to Fend Off Media Security Threats, Survey Reveals

According to a recent study, just 1 percent of U.S. media companies reported high levels of confidence in their ability to withstand a variety of media security attacks.

April 11, 2018 | By Shane Schick

news

A blogging platform displayed on a computer screen.

news

WordPress Issues Security Patch to Mitigate SQL Injection

With its latest update, WordPress patched a vulnerability that could enable malicious plugin and theme developers to execute SQL injection attacks.

November 2, 2017 | By Larry Loeb

news

A leaking spigot against a backdrop of clouds and blue sky.

article

Leaking Cloud Databases and Servers Expose Over 1 Billion Records

According to IBM X-Force, misconfigured cloud databases accounted for more than 71 percent of reported leaked records so far in 2017.

September 21, 2017 | By Jason Kravitz

article

Application-layer protection tends to be a low priority for IT teams despite the fact that application vulnerabilities account for 32 percent of security compromises, according to a Ponemon Institute study on application security and risk management.

article

Why Do We Care So Little About Application-Layer Protection?

In the current world of cloud and agile development, we deliver code monthly, weekly and even daily. One of my engineering teams at IBM affectionately refers to updates as the “daily dose.” We have developed robust processes to ensure...

October 5, 2016 | By Denis Kennelly

article

Command injection attacks remain one of the most serious threats facing enterprises today. A successful one can cause the total compromise of a system, which means enterprises must work vigilantly to prevent the threat from becoming a reality.

article

Command Injection: A Deadly Needle in the Haystack

Command injection attacks may not get a lot of hype, but they can be seriously damaging to an enterprise that isn't careful about its security.

July 14, 2016 | By Dave McMillen

article

Recent IBM X-Force research indicated that many organizations are repeat offenders when it comes to being a cybercrime victim. It seems these enterprises aren't learning from their mistakes and continue to leave doors open for actors.

article

Fool Me Once, Shame on You — Fool Me Eight Times, Shame on My Security Posture?

Organizations with weak security posture are an attractive target for cybercriminals, and they may find themselves coming under fire frequently.

June 23, 2016 | By Michelle Alvarez

article

InterPlanetary Storm Malware Using IPFS P2P Network to Hide Its Activities

Threat Actors Use Targeted Attack Tools to Distribute Cryptocurrency Miners, Ransomware

XENOTIME Threat Group Now Targeting Electric Utility Organizations

Fraudsters Abuse Smartphone Google Calendar Feature to Push Through Scam Offers

Voices of Security

X-Force Red in Action

A Secure Start

On the Front Line With IBM X-Force IRIS

IoMT Security: A Comprehensive Approach to Mitigate Risk and Secure Connected Devices

High Stakes, Rising Risks: The Ripple Effects of Cybersecurity in the Healthcare Sector

Industrial Control Systems Security: To Test or Not to Test?

Critical RCE Vulnerability in TP-Link Wi-Fi Extenders Can Grant Attackers Remote Control

One Big Lesson From the Cyber Range to Help Solve Confirmation Bias

Observations of ITG07 Cyber Operations

Getting Quantum Ready and What This Means for Cryptography

Podcast: Development Agility and Open-Source Vulnerability Prioritization

Podcast: Lateral Movement: Combating High-Risk, Low-Noise Threats

Podcast: Travel Security: Why Data Safety Doesn’t Get a Day Off

Podcast: Lessons from a Gray Beard: Transitioning From the Military to Cybersecurity

Webinar: Under the Radar: IBM QRadar Demo Series

Webinar: Appliance Networking Topics

Webinar: zSecure Real Time Feeds: Alert vs. Audit

Webinar: zSecure Real Time Feeds: Alert vs. Audit

Tag: SQL Injection

Magento Flaw Lets Cybercriminals Access E-Commerce Sites Without Authentication

Is Your Site Protected Against Drupal Security Flaws?

How Can Media Companies Be More Confident in Their Cybersecurity Strategy and Policy?

What’s the Best Strategy to Manage Application Security Risk?

Just 1 Percent of Companies Feel Ready to Fend Off Media Security Threats, Survey Reveals

WordPress Issues Security Patch to Mitigate SQL Injection

Leaking Cloud Databases and Servers Expose Over 1 Billion Records

Why Do We Care So Little About Application-Layer Protection?

Command Injection: A Deadly Needle in the Haystack

Fool Me Once, Shame on You — Fool Me Eight Times, Shame on My Security Posture?