Following the news that Epic Games has confirmed that the Unreal Engine and Unreal Tournament forums, as well as some of its legacy forums, have been compromised in a massive breach affecting over 800,000 users. The attack was carried out on 11 August – allegedly using and SQL injection vulnerability. John Smith, Principal Solution Architect, Veracode commented below.
John Smith, Principal Solution Architect at Veracode:
“While there have been high levels of discussion around the SQL injection since the high profile TalkTalk breach last year, we’re continuing to see consumer data exposed by this attack vector. Although having been around for more than a decade and regularly featuring on the OWASP Top 10 list (the widely accepted standard for application security), the SQL injection vulnerability remains worryingly common. In fact, recent Veracode analysis of over 50,000 enterprise applications found that over one in five had at least one SQL injection vulnerability.
“However, organisations can avoid SQL injection with the right care and attention. All organisations must commit to gain full visibility into their web application perimeter, and run frequent scans on all existing applications, to ensure that they remain protected from the threats that new or updated applications introduce.”
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Celebrating Data Privacy Day – 28th January 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Most Active Commenters
Recent Comments
Chat systems such as Slack and Teams need to be…
“This is a sophisticated phishing scam that will catch out…
“Cybersecurity is increasingly complex, in part, due to the interconnected…
“Unfortunately, time and time again we see NGOs, hospitals and…
As I have always said - it is verified trust…