Security News > 2021 > September > Thousands of internet-connected databases contain high or critical CVEs, says report by cloud security biz

After spending five years poring over port scan results, infosec firm Imperva reckons there's about 12,000 vulnerability-containing databases accessible through the internet.

The news might prompt responsible database owners to double-check their updates and patching status, given the increasing attractiveness of databases and their contents to criminals and hostile foreign states alike.

Imperva's chief innovation officer Elad Erez said in a statement: "Too often, organizations overlook database security because they're relying on native security offerings or outdated processes. Although we continue to see a major shift to cloud databases, the concerning reality is that most organizations rely on on-premises databases to store their most sensitive data."

Brazil was the country that came out best in the study, with just 19 per cent of databases containing one or more vulns and an average of 14 per database scanned.

The US sat just below the average, with 37 per cent of databases containing a vulnerability and 25 holes per database on average.

Unauthorised access to databases by malicious people can have consequences that reverberate for aeons, relatively speaking: the 2015 hack of Slack was behind a wave of forced password resets four years later.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/09/14/imperva_12k_database_vuln_report/