#MSSQL

Threat Actors Target Accounting Software Used by Construction Contractors

by

September 18, 2024 at 11:14AM Huntress warns of cyberattacks targeting Foundation Accounting Software, widely used in construction. Threat actors are brute forcing the application and exploiting default credentials, compromising organizations in various sub-industries. The attackers target MSSQL accounts, execute OS commands, and automate attacks. Only 33 publicly exposed hosts running the software with unchanged default … Read more

Ivanti Releases Fixes for More Than 2 Dozen Vulnerabilities

by

April 17, 2024 at 02:38PM Ivanti has released 27 fixes for vulnerabilities in its 2024 first-quarter release. None are actively exploited. Users are advised to download the Avalanche installer and update to version 6.4.3 to apply the fixes. The vulnerabilities have CVSS scores ranging from 4.3 to 9.8. Ivanti recommends users keep their MSSQL database … Read more

Hackers target Microsoft SQL servers in Mimic ransomware attacks

by

January 9, 2024 at 01:57PM Financially motivated Turkish hackers are targeting Microsoft SQL servers worldwide, encrypting victims’ files using Mimic ransomware. Tracked as RE#TURGENCE, the attacks have hit targets in the EU, US, and Latin America. The hackers compromise insecure MSSQL servers using brute force attacks, then deploy ransomware payloads and execute other malicious activities. … Read more