High-Severity Flaw in PostgreSQL Allows Hackers to Exploit Environment Variables

November 15, 2024 at 02:46AM A high-severity vulnerability (CVE-2024-10979) in PostgreSQL allows unprivileged users to modify environment variables, potentially enabling arbitrary code execution and information disclosure. With a CVSS score of 8.8, it has been patched in recent PostgreSQL versions. Users are advised to implement strict permissions on extensions and functions. ### Meeting Takeaways – … Read more

Fortra fixes critical FileCatalyst Workflow hardcoded password issue

August 28, 2024 at 01:06PM Fortra has issued a warning about a serious hardcoded password vulnerability in FileCatalyst Workflow. This flaw has the potential to enable unauthorized access to an internal database, leading to data theft and the acquisition of administrator privileges. Based on the meeting notes, it seems that Fortra is alerting about a … Read more

New Malware PG_MEM Targets PostgreSQL Databases for Crypto Mining

August 22, 2024 at 12:48AM Cybersecurity researchers have discovered a new malware, PG_MEM, targeting PostgreSQL databases. The malware mines cryptocurrency by brute-forcing its way into the databases and exploiting weak passwords. It subsequently deploys malicious activities and a cryptocurrency miner. The attack underscores the risks of misconfigured and weakly protected internet-facing databases. Key Takeaways from … Read more

Meta and SQL Server make strange bedfellows on a couch of cyber-pain

June 24, 2024 at 04:38AM The IT world’s diverse issues converge on the importance of software and services supply chain integrity. Despite its critical role, end-of-life database software receives inadequate attention, contrasting with the prominent AI and cybercrime coverage. Parallels are drawn with the food standards regulatory system, advocating for a similar approach to software … Read more

Physical security biz exposes 1.2M files via unprotected database

May 7, 2024 at 06:35AM UK-based physical security business Amberstone Security exposed nearly 1.3 million documents, including pictures of guards and suspected offenders, through a misconfigured public database. The exposed data raised concerns about personal privacy, public safety, and the integrity of security operations. After notification, Amberstone revoked public access to the database and initiated … Read more

A Database-Oriented Operating System Wants to Shake Up Cloud Security

March 25, 2024 at 05:37PM DBOS is an operating system that utilizes a relational database, aiming to minimize expenses, streamline application creation, and uphold cybersecurity and data integrity. Based on the meeting notes, the key takeaways are: 1. The operating system, DBOS, uses a relational database natively. 2. The primary goals are to reduce cost, … Read more

Critical Flaw in Popular ‘Ultimate Member’ WordPress Plugin

February 26, 2024 at 10:21AM A critical SQL injection vulnerability in the Ultimate Member WordPress plugin with 200,000 installations allowed unauthenticated attackers to extract sensitive data by appending SQL queries. The flaw, tracked as CVE-2024-1071, was assigned a CVSS score of 9.8. The issue was resolved in the Ultimate Member version 2.8.3 on February 19. … Read more

What’s worse than paying an extortion bot that auto-pwned your database?

January 17, 2024 at 10:10AM The Border0 security researchers have identified a malicious extortion bot targeting publicly exposed PostgreSQL and MySQL databases with weak passwords. This bot autonomously wipes out vulnerable databases and leaves a ransom note, claiming to back up the data when in reality it only saves a small portion. It has managed … Read more

Celebrities Found in Unprotected Real Estate Database Exposing 1.5 Billion Records

December 21, 2023 at 10:09AM Unprotected database belonging to Real Estate Wealth Network left accessible online for unknown duration. Discovered by Jeremiah Fowler, 1.16TB database contained 1.5B records, including property, tax, ownership, and personal information of millions, including celebrities and politicians. Real Estate Wealth Network responded by blocking public access and confirming ownership. Fowler warns … Read more

Nearly a million non-profit donors’ details left exposed in unsecured database

December 13, 2023 at 05:31AM Close to a million records containing personally identifiable information of donors to non-profits were exposed in an online database owned by DonorView, provider of a fundraising platform for schools, charities, and religious institutions. The exposed data included donor names, addresses, phone numbers, emails, and payment methods, raising concerns about potential … Read more