A mass-injection attack has infected more than 1 million ASP.NET Web pages, Armorize researchers say. The attack is similar to the highly publicized LizaMoon attacks this past spring. Experts say the same sloppy misconfiguration of website servers and back-end databases that led to Lizamoon’s infiltration. Most of the infected pages were put up by SMBs with little understanding of security practices, researcher says. Expert: SMBs should upgrade all of their third-party libraries or frameworks to the newest version.”]
Source: https://www.darkreading.com/database-security/mass-sql-injection-attack-hits-1-million-sites