Security News

Datadog Database Monitoring extends database visibility to boost query performance
2021-08-19 02:00

With insights into query performance and explain plans, as well as automatic correlation of query metrics with application and infrastructure metrics, Database Monitoring provides engineers and database administrators the visibility they need to quickly find and fix application performance issues that arise from slow running database queries. Datadog Database Monitoring builds on the existing ability to monitor the general health and availability of the database and underlying infrastructure by allowing users to pinpoint the exact queries that impact application performance and user experience.

92% of pharmaceutical companies have at least one exposed database
2021-08-03 05:00

Reposify released its Pharmaceutical Industry Attack Surface Exposures Report examining the security posture of the world’s leading pharmaceutical companies. The report analyzed eighteen leading...

Estonia arrests hacker who stole 286K ID scans from govt database
2021-07-29 21:13

A Tallinn man was arrested a week ago in Estonia under suspicion that he has exploited a government photo transfer service vulnerability to download ID scans of 286,438 Estonians from the Identity Documents Database. "During the searches, investigators found the downloaded photos from a database in the person's possession, along with the names and personal identification codes of the people," Oskar Gross, head of the police's cybercrime unit, said.

The Life Cycle of a Breached Database
2021-07-29 16:20

Every time there is another data breach, we are asked to change our password at the breached entity. A decent crypto-mining rig can quickly crack a majority of password hashes generated with MD5. "You hand that over to a person who used to mine Ethereum or Bitcoin, and if they have a large enough dictionary then you can essentially break 60-70 percent of the hashed passwords in a day or two," said Fabian Wosar, chief technology officer at security firm Emsisoft.

Hole blasted in Guntrader: UK firearms sales website's CRM database breached, 111,000 users' info spilled online
2021-07-23 11:29

Criminals have hacked into a Gumtree-style website used for buying and selling firearms, making off with a 111,000-entry database containing partial information from a CRM product used by gun shops across the UK. The Guntrader breach earlier this week saw the theft of a SQL database powering both the Guntrader. Uk buy-and-sell website and its electronic gun shop register product, comprising about 111,000 users and dating between 2016 and 17 July this year.

Zero-Day Attacks on Critical WooCommerce Bug Threaten Databases
2021-07-15 20:50

A critical SQL-injection security vulnerability in the WooCommerce e-commerce platform and a related plugin has been under attack as a zero-day bug, researchers have disclosed. The exploitation prompted WooCommerce to release an emergency patch for the issue late on Wednesday.

So nice of China to put all of its network zero-day vulns in one giant database no one will think to break into
2021-07-15 01:07

Chinese makers of network software and hardware must alert Beijing within two days of learning of a security vulnerability in their products under rules coming into force in China this year. Though the rules are a little ambiguous in places, judging from the spirit of them, they throw a spanner in the works for Chinese researchers who work with, or hope to work with, zero-day vulnerability brokers.

NewsBlur Restores Service After Hacker Wipes Database
2021-06-28 08:44

Personal news reader NewsBlur was down for several hours last week after a hacker managed to wipe the service's database. The hacker was able to gain access to the database while the RSS reader was being transitioned to Docker, which circumvented some firewall rules and opened the NewsBlur MongoDB database to the public.

Week in review: Preventing ransomware attacks, SOC burnout, and customizing your ATT&CK database
2021-06-27 08:00

SOC burnout is real: 3 preventative steps every CISO must takeFor those that spend every day as a security professional and for anyone who truly appreciates the demands applied to these essential security team members, burnout is a harsh reality. Cloud security skills in high demandCloud security is critically important for organizations across the globe as adoption of cloud infrastructure continues to grow at a rapid clip.

Google Expands Open Source Vulnerabilities Database
2021-06-24 13:52

Google today announced the expansion of the Open Source Vulnerabilities database to include information on bugs identified in Go, Rust, Python, and DWF open source projects. Launched in February 2021 with details on thousands of vulnerabilities from Google's OSS-Fuzz project, the OSV database is meant to provide automated, improved vulnerability triage for both developers and users of open source software.