Security News > 2021 > September > Thousands of internet-connected databases contain high or critical CVEs, says report by cloud security biz
After spending five years poring over port scan results, infosec firm Imperva reckons there's about 12,000 vulnerability-containing databases accessible through the internet.
The news might prompt responsible database owners to double-check their updates and patching status, given the increasing attractiveness of databases and their contents to criminals and hostile foreign states alike.
Imperva's chief innovation officer Elad Erez said in a statement: "Too often, organizations overlook database security because they're relying on native security offerings or outdated processes. Although we continue to see a major shift to cloud databases, the concerning reality is that most organizations rely on on-premises databases to store their most sensitive data."
Brazil was the country that came out best in the study, with just 19 per cent of databases containing one or more vulns and an average of 14 per database scanned.
The US sat just below the average, with 37 per cent of databases containing a vulnerability and 25 holes per database on average.
Unauthorised access to databases by malicious people can have consequences that reverberate for aeons, relatively speaking: the 2015 hack of Slack was behind a wave of forced password resets four years later.
News URL
https://go.theregister.com/feed/www.theregister.com/2021/09/14/imperva_12k_database_vuln_report/
Related news
- How AI Is Changing the Cloud Security and Risk Equation (source)
- Strategies for CISOs navigating hybrid and multi-cloud security (source)
- AWS unveils cloud security IR service for a mere $7K a month (source)
- Are Long-Lived Credentials the New Achilles’ Heel for Cloud Security? (source)
- Best CSPM Tools 2025: Top Cloud Security Solutions Compared (source)
- CrowdStrike vs Wiz: Which Offers Better Cloud Security and Value? (source)
- CISA Mandates Cloud Security for Federal Agencies by 2025 Under Binding Directive 25-01 (source)
- Report: Voice of Practitioners 2024 – The True State of Secrets Security (source)
- HPE Issues Critical Security Patches for Aruba Access Point Vulnerabilities (source)
- NIST report on hardware security risks reveals 98 failure scenarios (source)