Security News

China's internet regulator has launched an investigation into the security regime protecting academic journal database China National Knowledge Infrastructure, citing national security concerns. CNKI is a privately-owned publishing company that maintains a monopoly on academic journal searches in China.

Secureworks reports a new cybercrime campaign in which a lot of unsecured internet-facing Elasticsearch instances are used to steal databases and replaced with a ransom note. It is yet not possible to determine the exact number of companies involved, since a vast majority of the databases were hosted on cloud providers networks and some databases probably belong to the same organization.

Hackers have targeted poorly secured Elasticsearch databases and replaced 450 indexes with ransom notes asking for $620 to restore contents, amounting to a total demand of $279,000. This campaign is not new, and we have seen similar opportunistic attacks numerous times before, and against other database management systems, too [1, 2, 3]. Restoring the database contents by paying the hackers is an unlikely scenario, as the practical and financial challenge for the attacker to store the data of so many databases is unfeasible.

Han Bing, a former database administrator for Lianjia, a Chinese real-estate brokerage giant, has been sentenced to 7 years in prison for logging into corporate systems and deleting the company's data. Bing allegedly performed the act in June 2018, when he used his administrative privileges and "Root" account to access the company's financial system and delete all stored data from two database servers and two application servers.

Microsoft on Thursday disclosed that it addressed a pair of issues with the Azure Database for PostgreSQL Flexible Server that could result in unauthorized cross-account database access in a region. "By exploiting an elevated permissions bug in the Flexible Server authentication process for a replication user, a malicious user could leverage an improperly anchored regular expression to bypass authentication to gain access to other customers' databases," Microsoft Security Response Center said.

During the research, the attack surface management team analyzed instances hosting internet-facing databases. The findings showed that in the second half of 2021, the number of public-facing databases increased by 16% to 165,600 with most of them stored on the servers in the US. The number of databases exposed to the open web has been growing every quarter to reach its peak of 91,200 in Q1 2022.

Microsoft has addressed a chain of critical vulnerabilities found in the Azure Database for PostgreSQL Flexible Server that could let malicious users escalate privileges and gain access to other customers' databases after bypassing authentication. "By exploiting an elevated permissions bug in the Flexible Server authentication process for a replication user, a malicious user could leverage an improperly anchored regular expression to bypass authentication to gain access to other customers' databases," the Microsoft Security Response Center team explained today.

Security researchers have noticed an increase in the number of databases publicly exposed to the Internet, with 308,000 identified in 2021. In the first quarter of 2022, the amount of exposed databases peaked to 91,200 instances, researchers at threat intelligence and research company Group-IB say in a report shared with BleepingComputer.

Security researchers have noticed an increase in the number of exposed databases, with 308,000 identified in 2021. In the first quarter of 2022, the amount of exposed databases peaked to 91,200 instances, researchers at threat intelligence and research company Group-IB say in a report shared with BleepingComputer.

A local file read vulnerability in Amazon's Relational Database Service could be exploited to allow an attacker to gain access to internal AWS credentials, the cloud behemoth has confirmed. While no in-the-wild attacks exploited the bug, AWS confirmed it gave researchers access "To internal credentials that were specific to their Aurora cluster."