/c/cybersecurity - Cybersecurity News & Discussion

2090 readers

4 users here now

A community for technical news and discussion of cybersecurity and closely related topics.

founded 4 years ago

MODERATORS

[email protected]

Clop ransomware gang claims the hack of hundreds of victims (securityaffairs.com)

submitted 1 year ago by [email protected] to c/[email protected]

3 comments fedilink hide all child comments

Clop seems to be on a roll, first with GoAnywhere and now with Moveit

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 1 points 1 year ago (2 children)

Yet another proprietary security solution turns out not to have been as secure as advertised, and it's easy to see why: companies that sell software are motivated not to make it secure, but to develop it as quickly as possible with as few developers as possible and then add as many features as often as possible.

[–] [email protected] 1 points 1 year ago (1 children)

https://community.progress.com/s/question/0D54Q0000AL2k8jSQB/moveit-transfer-critical-vulnerability-may-2023

I agree there should perhaps have been better controls in place to check for SQL Injection vulnerabilities, and that yea some businesses try hard to maximise profits, but I would also say that developers are not infallible :)

Without seeing anything standing out on their website, I think this does show the importance of getting your product regularly security audited by and external, third party :)

[–] [email protected] 2 points 1 year ago

SQL injection? Oh, good grief. Here I was assuming it was some subtle bug, like use-after-free or using a cryptographic primitive slightly wrong—an honest mistake made by a developer who's working too hard. But SQL injection vulnerabilities are the result of doing something we've been taught for decades to never do, so I can't imagine any excuse for this.