Security News
Included in the usual tsunami of fixes Microsoft issued this week as part of Patch Tuesday was one that took care of a connectivity problem for applications using the Open Database Connectivity interface. The ODBC problem was one of several stemming from the November Patch Tuesday updates that Microsoft had to address.
More than 200 million Twitter users' information is now available for anyone to download for free.This latest data dump, which includes account names, handles, creation dates, follower counts, and email addresses, turns out to the be same - albeit cleaned up - leak reported last month that affected more than 400 million Twitter accounts, according to Privacy Affairs' security researchers, who verified the database that's now posted on a breach forum.
The developers behind the Brave open-source web browser have revealed a new privacy-preserving data querying and retrieval system called FrodoPIR. The idea, the company said, is to use the technology to build out a wide range of use cases such as safe browsing, checking passwords against breached databases, certificate revocation checks, and streaming, among others. The scheme is called FrodoPIR because "The client can perform hidden queries to the server, just as Frodo remained hidden from Sauron," a reference to the characters from oJ. R. R. Tolkien's The Lord of the Rings.
Brave Software developers have created a new privacy-centric database query system called FrodoPIR that retrieves data from servers without disclosing the content of user queries. [...]
Microsoft is working to address a new known issue affecting apps using ODBC database connections after installing the November 2022 Patch Tuesday Windows updates. According to Redmond, affected apps might fail to connect to databases via connections using the Microsoft ODBC SQL Server driver.
IBM has fixed a high-severity security vulnerability affecting its Cloud Databases for PostgreSQL product that could be potentially exploited to tamper with internal repositories and run unauthorized code. The privilege escalation flaw, dubbed "Hell's Keychain" by cloud security firm Wiz, has been described as a "First-of-its-kind supply-chain attack vector impacting a cloud provider's infrastructure."
IBM has fixed a high-severity security vulnerability affecting its Cloud Databases for PostgreSQL product that could be potentially exploited to tamper with internal repositories and run unauthorized code. The privilege escalation flaw, dubbed "Hell's Keychain" by cloud security firm Wiz, has been described as a "First-of-its-kind supply-chain attack vector impacting a cloud provider's infrastructure."
A high-severity vulnerability has been disclosed in the SQLite database library, which was introduced as part of a code change dating all the way back to October 2000 and could enable attackers to crash or control programs. Programmed in C, SQLite is the most widely used database engine, included by default in Android, iOS, Windows, and macOS, as well as popular web browsers such as Google Chrome, Mozilla Firefox, and Apple Safari.
The Plex media streaming platform is sending password reset notices to many of its users in response to discovering unauthorized access to one of its databases. "Even though all account passwords that could have been accessed were hashed and secured in accordance with best practices, out of an abundance of caution, we are requiring all Plex accounts to have their password reset," claims Plex's notice.
A threat actor has taken to a forum for news and discussion of data breaches with an offer to sell what they assert is a database containing records of over a billion Chinese civilians - allegedly stolen from the Shanghai Police. HackerDan released sample datasets: one containing delivery addresses and often instructions for drivers; another with police records; and the last with personal identification information like name, national ID number address, height, and gender.