Security News

Commentary: Cyral has been on a roll with two open source projects designed to make security a natural part of the development workflow. By open sourcing Approzium, Cyral makes it easier for developers to trust the project precisely because they don't really have to trust it-they can see the code.

Industrial cybersecurity firm Claroty this week announced the availability of AccessDB Parser, an open source tool that allows researchers to analyze Microsoft Access database files associated with SCADA applications. AccessDB Parser was initially developed to improve the scanning capabilities of Claroty Continuous Threat Detection's Application DB, which is designed to provide a non-intrusive way to identify and manage assets in OT networks by parsing configuration files and other artifacts associated with industrial control systems.

A data breach has impacted Maine State Police's information sharing database for federal, state and local law enforcement officials, the agency confirmed late Friday. State police say they were notified on June 20 by Netsential that a data breach may have included information from the Maine Information and Analysis Center, or MIAC. The agency has contracted the Houston, Texas-based company, which provides web hosting services to hundreds of law enforcement and government agencies across the country, since 2017.

PingCAP, the team behind TiDB, announced the launch of TiDB Cloud, a fully-managed database as a service offering that allows customers to launch TiDB clusters with just a few clicks. TiDB Cloud is immediately available on Amazon Web Service and Google Cloud Platform, with more platform support in the works.

UK-based infosec outfit Keepnet Labs left an 867GB database of previously compromised website login details accessible to world+dog earlier this year - then sent lawyers' letters to bloggers in a bid to erase their reports of its blunder. As reported by news website Verdict, Keepnet was stung by Diachenko's initial post about the gaffe, which Keepnet interpreted as the blogger blaming the business for leaking its own customers' data - none of its own clients' data was exposed, but rather info from previous publicly known database exposures.

Databases - usually in Elasticsearch or AWS S3 buckets, and often containing sensitive data - are frequently left in public Cloud storage without access controls. The problem is so great that in January 2020, the NSA warned, "Misconfiguration of cloud resources remains the most prevalent cloud vulnerability." Such databases can be accessed, downloaded, or manipulated by anyone who finds them.

jSonar, a company that provides database security solutions, on Tuesday announced that it raised $50 million from Goldman Sachs. jSonar provides a comprehensive platform designed to help organizations secure their database systems and ensure compliance across cloud and on-premises environments.

A Purdue University data science and machine learning innovator wants to help organizations and users get the most for their money when it comes to cloud-based databases. The system is designed to help achieve cost and performance efficiency for cloud-hosted databases, rightsizing resources to benefit both the cloud vendors who do not have to aggressively over-provision their cloud-hosted servers for fail-safe operations and to the clients because the data center savings can be passed on them.

Attackers were spotted targeting over one million WordPress websites in a campaign over the weekend. The campaign unsuccessfully attempted to exploit old cross-site scripting vulnerabilities in WordPress plugins and themes, with the goal of harvesting database credentials.

ASE is used by more than 30,000 organizations globally - including 90 percent of the top banks and security firms worldwide, according to SAP. Researchers disclosed six vulnerabilities that they discovered while conducting security tests for the latest version of the software, ASE 16. While SAP has released patches for both ASE 15.7 and 16.0 in its May 2020 update, researchers disclosed technical details of the flaws on Wednesday, saying "There is no question" that the patches should be applied immediately if they haven't been already.