Security News

Researchers at browser identification company FingerprintJS recently found and disclosed a fascinating data leakage bug in Apple's web browser software. At first telling, the bug sounds both undramatic and unimportant: although it allows private data to leak between separate browser tabs that contain content from unrelated websites, the amount of data that leaks is minuscule.

Researchers have disclosed a security flaw affecting H2 database consoles that could result in remote code execution in a manner that echoes the Log4j "Log4Shell" vulnerability that came to light last month. The issue, tracked as CVE-2021-42392, is the " first critical issue published since Log4Shell, on a component other than Log4j, that exploits the same root cause of the Log4Shell vulnerability, namely JNDI remote class loading," JFrog researchers Andrey Polkovnychenko and Shachar Menashe said.

This time, the bug isn't in Apache's beleagured Log4j toolkit, but can be found in a popular Java SQL server called the H2 Database Engine. As a result, you can bundle the H2 SQL database code right into your own Java apps, and run your databases entirely in memory, with no need for separate server processes.

Researchers discovered a bug related to the Log4J logging library vulnerability, which in this case opens the door for an adversary to execute remote code on vulnerable systems. JFrog security discovered the flaw and rated critical in the context of the H2 Java database console, a popular open-source database, according to a Thursday blog post by researchers.

Now, with full transactional support for everyday business applications, the open source immudb tamper-proof database can serve as the main transactional database for enterprises. "There is no need to have immudb running next to a traditional database anymore, as immudb now has full ACID transactional integrity compliance," said Jerónimo Irázabal, co-founder of immudb and lead architect at Codenotary.

Datasparc, SAP SE, ScaleGrid, MICRO FOCUS, Thales, Oracle Corporation, IBM Corporation, McAfee, Fortinet, and Trustwave are among the key players operating in the database security market. Many technology leaders prioritize automation, which, in turn, has made a positive impact on the database security market.

Cossack Labs updated its flagship open-source product Acra database security suite to version 0.90.0 and made many of its core security features previously available only for enterprise customers free in Acra Community Edition. Acra's features enable the implementation of application-level encryption in modern cloud applications, saving development costs and allowing tighter grip on sensitive data lifecycle.

GoDaddy, the popular internet domain registrar and web hosting company, has suffered a data breach that affected over a million of their Managed WordPress customers. For active customers: sFTP and database usernames and passwords.

The Security Service of Ukraine has arrested a team of actors who illegally infiltrated the information system of the National Health Service of Ukraine and entered false vaccination entries for other people. The actors found clients in the Sumy region through a team of doctors who participated in the scheme and offered to create false COVID-19 vaccination certificates for anyone who paid them 3,000 hryvnias.

If you connect databases / servers to the internet and secure them poorly, you can count on them getting compromised quickly. He also created a few standard and non standard databases with tables to make the honeypots resemble a production environment.