Following the news that Epic Games has confirmed that the Unreal Engine and Unreal Tournament forums, as well as some of its legacy forums, have been compromised in a massive breach affecting over 800,000 users. The attack was carried out on 11 August – allegedly using and SQL injection vulnerability. John Smith, Principal Solution Architect, Veracode commented below.
John Smith, Principal Solution Architect at Veracode:
“While there have been high levels of discussion around the SQL injection since the high profile TalkTalk breach last year, we’re continuing to see consumer data exposed by this attack vector. Although having been around for more than a decade and regularly featuring on the OWASP Top 10 list (the widely accepted standard for application security), the SQL injection vulnerability remains worryingly common. In fact, recent Veracode analysis of over 50,000 enterprise applications found that over one in five had at least one SQL injection vulnerability.
“However, organisations can avoid SQL injection with the right care and attention. All organisations must commit to gain full visibility into their web application perimeter, and run frequent scans on all existing applications, to ensure that they remain protected from the threats that new or updated applications introduce.”
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Experts Insight On US Pipeline Shut After Cyberattack
Most Active Commenters
Recent Comments
“Cybersecurity Awareness Month’s new evergreen theme "Secure Our World” is…
“Avoid storing data on personal devices: A crucial but often overlooked…
“I recommend a new nuance to passwords that isn’t often…
“In my role overseeing cloud environments and incident response, I'm…
“Cybersecurity Awareness Month serves as a reminder to confront the…