Security News

Malicious activity targeting a critical severity flaw in the 'Better Search Replace' WordPress plugin has been detected, with researchers observing thousands of attempts in the past 24 hours. Better Search Replace is a WordPress plugin with more than one million installations that helps with search and replace operations in databases when moving websites to new domains or servers.

Publicly exposed PostgreSQL and MySQL databases with weak passwords are being autonomously wiped out by a malicious extortion bot - one that marks who pays up and who is not getting their data back. Origin unknown, the bot is routinely breaching poorly protected databases within hours of exposure to the internet, according to security researchers at Border0.

VoIP communications company 3CX warned customers today to disable SQL Database integrations because of risks posed by what it describes as a potential vulnerability. Although the security advisory released today lacks any specific information regarding the issue, it advises customers to take preventive measures by disabling their MongoDB, MsSQL, MySQL, and PostgreSQL database integrations.

Close to a million records containing personally identifiable information belonging to donors that sent money to non-profits were found exposed in an online database. Infosec researcher Jeremiah Fowler found 948,029 records exposed online including donor names, addresses, phone numbers, emails, payment methods, and more.

While still a chief petty officer, Marquis Hooper accessed a database containing millions of records and over the course of five months sold details of more than 9,000 people online. Prosecutors said the total sum generated by Hooper and his wife, Natasha Chalk, co-defendant in the case and former Navy reservist, reached the equivalent of $160,000 in Bitcoin.

Stalkerware slinger LetMeSpy will shut down for good this month after a miscreant breached its servers and stole a heap of data in June. According to the surveillance-ware maker, its security was comprehensively smashed on June 21 by persons unknown, who downloaded the entire contents of its website database before deleting that information.

While consumers are usually the ones worried about their information being exposed in data breaches, it's now the hacker's turn, as the notorious Breached cybercrime forum's database is up for sale and member data shared with Have I Been Pwned. Yesterday, the Have I Been Pwned data breach notification service announced that visitors can check if their information was exposed in a data breach of the Breached cybercrime forum.

Though Exchange recovery is possible with the native tools, Exchange Administrators would face long hours of downtime. To come out of such sticky situations, you can bank on specialized third-party software, like Stellar Toolkit for Exchange, that can help in repairing and recovering corrupt databases after Exchange failure or any other issue.

Amazon Inspector is designed to manage vulnerabilities by continuously scanning your AWS workloads for software vulnerabilities and unintended network exposure across your entire organization. Upon activation, Amazon Inspector automatically detects all your Amazon Elastic Compute Cloud instances, container images in Amazon Elastic Container Registry, and AWS Lambda functions on a large scale.

The open-source e-commerce platform PrestaShop has released a new version that addresses a critical-severity vulnerability allowing any back-office user to write, update, or delete SQL databases regardless of their permissions. The permissions of each user are set so that they're only allowed to access the information and features necessary for their role, which is a crucial security feature of PrestaShop.