November 15, 2024 at 02:46AM A high-severity vulnerability (CVE-2024-10979) in PostgreSQL allows unprivileged users to modify environment variables, potentially enabling arbitrary code execution and information disclosure. With a CVSS score of 8.8, it has been patched in recent PostgreSQL versions. Users are advised to implement strict permissions on extensions and functions. ### Meeting Takeaways – … Read more
November 14, 2024 at 05:07PM A vulnerability in the PL/Perl extension of PostgreSQL (CVE-2024-10979) allows users to set arbitrary environment variables, scoring a CVSS 8.8. It can lead to severe security issues such as arbitrary code execution. Affected versions require updates to mitigate risks and should prompt users to review function creation logs. ### Meeting … Read more
August 22, 2024 at 12:48AM Cybersecurity researchers have discovered a new malware, PG_MEM, targeting PostgreSQL databases. The malware mines cryptocurrency by brute-forcing its way into the databases and exploiting weak passwords. It subsequently deploys malicious activities and a cryptocurrency miner. The attack underscores the risks of misconfigured and weakly protected internet-facing databases. Key Takeaways from … Read more