Security News

BLACK HAT ASIA Researchers at US/Israeli infosec outfit SafeBreach last Friday discussed flaws in Microsoft and Kaspersky security products that can potentially allow the remote deletion of files. Speaking at the Black Hat Asia conference in Singapore, SafeBreach's VP of Security Research Tomer Bar and security researcher Shmuel Cohen explained that Microsoft Defender and Kaspersky's Endpoint Detection and Response can be made to detect false positive indicators of malicious files - and then to delete them.

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

"Catering for different use cases, adding flexibility and achieving cost savings are the driving factors behind the escalating pace of change toward a multi-platform database landscape," said David Gummer, Redgate CPO. "However, the sheer volume of platform choices, with respondents citing usage of 16 different database types, highlights why it's critical that IT teams are upskilled and have the right tools in place. It's clear that organizations are currently scrambling to keep up with increased complexity, the pressures of compliance and emerging technologies like AI and the cloud, and are seeking solutions to narrow the skills gap," added Gummer. Skill diversification is also cited as a top need by 31% when dealing with data management processes across multiple database types.

Malicious activity targeting a critical severity flaw in the 'Better Search Replace' WordPress plugin has been detected, with researchers observing thousands of attempts in the past 24 hours. Better Search Replace is a WordPress plugin with more than one million installations that helps with search and replace operations in databases when moving websites to new domains or servers.

Publicly exposed PostgreSQL and MySQL databases with weak passwords are being autonomously wiped out by a malicious extortion bot - one that marks who pays up and who is not getting their data back. Origin unknown, the bot is routinely breaching poorly protected databases within hours of exposure to the internet, according to security researchers at Border0.

VoIP communications company 3CX warned customers today to disable SQL Database integrations because of risks posed by what it describes as a potential vulnerability. Although the security advisory released today lacks any specific information regarding the issue, it advises customers to take preventive measures by disabling their MongoDB, MsSQL, MySQL, and PostgreSQL database integrations.

Close to a million records containing personally identifiable information belonging to donors that sent money to non-profits were found exposed in an online database. Infosec researcher Jeremiah Fowler found 948,029 records exposed online including donor names, addresses, phone numbers, emails, payment methods, and more.

While still a chief petty officer, Marquis Hooper accessed a database containing millions of records and over the course of five months sold details of more than 9,000 people online. Prosecutors said the total sum generated by Hooper and his wife, Natasha Chalk, co-defendant in the case and former Navy reservist, reached the equivalent of $160,000 in Bitcoin.

Stalkerware slinger LetMeSpy will shut down for good this month after a miscreant breached its servers and stole a heap of data in June. According to the surveillance-ware maker, its security was comprehensively smashed on June 21 by persons unknown, who downloaded the entire contents of its website database before deleting that information.

While consumers are usually the ones worried about their information being exposed in data breaches, it's now the hacker's turn, as the notorious Breached cybercrime forum's database is up for sale and member data shared with Have I Been Pwned. Yesterday, the Have I Been Pwned data breach notification service announced that visitors can check if their information was exposed in a data breach of the Breached cybercrime forum.