Security News

The Asia Pacific Network Information Centre, the internet registry for the region, has admitted it left at least a portion of its Whois SQL database, which contains sensitive information, facing the public internet for three months. During that maintenance effort, a dump from APNIC's Whois SQL database was copied to a Google Cloud storage bucket that Sanjaya said "Was believed to be private".

Wegmans Food Markets, the U.S. supermarket chain, has notified customers that some of their data was exposed because two of its cloud-based databases were misconfigured, making them publicly accessible online. The databases contained customer information including names, addresses, phone numbers, birth dates, Shoppers Club numbers, as well as e-mail addresses and passwords for access to Wegmans.com accounts.

Researchers have discovered an unprotected, exposed online database with over a billion records belonging to American healthcare company CVS Health. The discovery, made by researcher Jeremiah Fowler and the WebsitePlanet research team, happened in March 2021 and the database was secured the next day, after CVS Health was notified and they contacted the third-party vendor in charge of securing the database.

Technology research company Comparitech on Monday said its researchers discovered that a cybersecurity firm had exposed a database containing more than 5 billion user records. An investigation revealed that the database stored information that had been compromised in data breaches suffered by various companies over the past years.

The Swedish Public Health Agency is currently investigating several attempts to hack into SmiNet, a database that stores reports of infectious diseases, including COVID-19 cases. SmiNet was shut down on Thursday, after the agency identified several attempts to gain unauthorized access to the database, but it was restored by Friday night.

MariaDB announced major new updates to MariaDB SkySQL cloud database, including expanded support for Amazon Web Services. Xpand is now GA in SkySQL and is at least a third less expensive than other distributed SQL options in AWS or Google Cloud Platform.

Manga scanlation site MangaDex disclosed a data breach last week after learning that the site's user database was privately circulating among threat actors. In March, MangaDex was hacked, and a threat actor claimed to have stolen the site's source code and its database, which they said had not been published anywhere.

The maintainers of the PHP programming language have issued an update regarding the security incident that came to light late last month, stating that the actors may have gotten hold of a user database containing their passwords to make unauthorized changes to the repository. "We no longer believe the git.php.net server has been compromised. However, it is possible that the master.php.net user database leaked," Nikita Popov said in a message posted on its mailing list on April 6.

PHP maintainer Nikita Popov has posted an update concerning how the source code was compromised and malicious code inserted - blaming a user database leak rather than a problem with the server itself. The PHP code repository was compromised late last month with the insertion of code that, if left in place, would have enabled a backdoor into any web server running it.

Stellar launched the latest version of its flagship mailbox database repair software for Microsoft Exchange Server. Stellar Repair for Exchange v10 is now available globally and introduces a slew of new & enhanced features to expedite mailbox recovery from corrupted and dismounted Exchange databases in vast scenarios.