A Deep Dive into Database Attacks [Part II]: Delivery and Execution of Malicious Executables through SQL commands (SQL Server)

A Deep Dive into Database Attacks [Part II]: Delivery and Execution of Malicious Executables through SQL commands (SQL Server)

An organization’s database servers are frequently the prime target of attackers. We recently started a new research project to learn more about database hacking, primarily to understand common database attacks, tools and techniques engaged by attackers. To conduct this research, we set up a honeypot net for popular SQL/NoSQL databases ... Read More
A Deep Dive into Database Attacks [Part I]: SQL Obfuscation

A Deep Dive into Database Attacks [Part I]: SQL Obfuscation

Today, data breaches are a threat to every organization. According to a report from Risk Based Security covering the first half of 2017, over 6 billion records were exposed through 2,227 publicly-disclosed data breaches. The number of exposed records is already higher than the previous all-time high at the end ... Read More
phishing attack flow - figure 1

Our Analysis of 1,019 Phishing Kits

In recent years phishing activity has grown rapidly, with thousands of phishing sites popping for a virtual moment that last weeks, days or even hours, before becoming ineffective—either getting blacklisted by security providers, or brought down by internet providers and authorities, or (in most cases) both. In order to keep ... Read More