Security News
Thousands of mobile apps - some of which have been downloaded tens of millions of times - are exposing sensitive data from open cloud-based databases due to misconfigured cloud implementations, new research from Check Point has found. Check Point Research found that in three months' time, 2,113 mobile apps using the Firebase cloud-based database exposed data, "Leaving victims unprotected and easily accessible for threat actors to exploit," according to a blog post published this week.
Researchers have disclosed seven new security vulnerabilities in an open-source database management system solution called ClickHouse that could be weaponized to crash the servers, leak memory contents, and even lead to the execution of arbitrary code. CVE-2021-43304 and CVE-2021-43305 - Heap buffer overflow flaws in the LZ4 compression codec that could lead to remote code execution.
Vulnerable internet-facing Microsoft SQL Servers are being targeted by threat actors as part of a new campaign to deploy the Cobalt Strike adversary simulation tool on compromised hosts. "Attacks that target MS SQL servers include attacks to the environment where its vulnerability has not been patched, brute forcing, and dictionary attack against poorly managed servers," South Korean cybersecurity company AhnLab Security Emergency Response Center said in a report published Monday.
MariaDB announced key findings from its survey that shows no one's staying behind as businesses move forward with database migration to the cloud. Those surveyed included IT Heads, DBAs and software developers, all of whom had some responsibility for the selection and management of databases-and all said their business' cloud database migration was in place, in progress or planned.
Researchers have shared details about a now-patched, high-severity security bug in the Apache Cassandra open-source NoSQL distributed database that's easy to exploit and, if left unpatched, could enable attackers to gain remote code execution. In a Tuesday writeup, JFrog security researcher Omer Kaspi said that on the upside, the only Cassandra systems that are vulnerable to the flaw are those with a particular, non-standard and, specifically, not recommended configuration.
Researchers have revealed details of a now-patched high-severity security vulnerability in Apache Cassandra that, if left unaddressed, could be abused to gain remote code execution on affected installations. "This Apache security vulnerability is easy to exploit and has the potential to wreak havoc on systems, but luckily only manifests in non-default configurations of Cassandra," Omer Kaspi, security researcher at DevOps firm JFrog, said in a technical write-up published Tuesday.
Most security schemes facilitate the coercive processes of an attacker because they disclose metadata about the secret data, such as the name and size of encrypted files. Precursor is a device we designed to keep secrets, such as passwords, wallets, authentication tokens, contacts and text messages.
The database security market is expected to reach $16,273. Database security solutions incorporate advanced security products such as internet traffic monitoring with a wide range of additional features.
That's why databases are at the top of the hit list for ransomware gangs, and why organisations need to consider their data operation as very much in the front line when it comes to defending against disaster. Given that it's not a question of if but when you'll be hit with ransomware and other threats, it stands to reason that protecting the database AND ensuring rapid recovery in the event of a disaster is essential to your organisation's survival.
The outage started at 2:49 PM EST and was initially caused by an issue with the application programming interface outage, preventing various services from communicating with each other. After resolving the API issue, Discord discovered a secondary issue with a database cluster, causing further problems.