Security News

Researchers have disclosed a security flaw affecting H2 database consoles that could result in remote code execution in a manner that echoes the Log4j "Log4Shell" vulnerability that came to light last month. The issue, tracked as CVE-2021-42392, is the " first critical issue published since Log4Shell, on a component other than Log4j, that exploits the same root cause of the Log4Shell vulnerability, namely JNDI remote class loading," JFrog researchers Andrey Polkovnychenko and Shachar Menashe said.

This time, the bug isn't in Apache's beleagured Log4j toolkit, but can be found in a popular Java SQL server called the H2 Database Engine. As a result, you can bundle the H2 SQL database code right into your own Java apps, and run your databases entirely in memory, with no need for separate server processes.

Researchers discovered a bug related to the Log4J logging library vulnerability, which in this case opens the door for an adversary to execute remote code on vulnerable systems. JFrog security discovered the flaw and rated critical in the context of the H2 Java database console, a popular open-source database, according to a Thursday blog post by researchers.

Now, with full transactional support for everyday business applications, the open source immudb tamper-proof database can serve as the main transactional database for enterprises. "There is no need to have immudb running next to a traditional database anymore, as immudb now has full ACID transactional integrity compliance," said Jerónimo Irázabal, co-founder of immudb and lead architect at Codenotary.

Datasparc, SAP SE, ScaleGrid, MICRO FOCUS, Thales, Oracle Corporation, IBM Corporation, McAfee, Fortinet, and Trustwave are among the key players operating in the database security market. Many technology leaders prioritize automation, which, in turn, has made a positive impact on the database security market.

Cossack Labs updated its flagship open-source product Acra database security suite to version 0.90.0 and made many of its core security features previously available only for enterprise customers free in Acra Community Edition. Acra's features enable the implementation of application-level encryption in modern cloud applications, saving development costs and allowing tighter grip on sensitive data lifecycle.

GoDaddy, the popular internet domain registrar and web hosting company, has suffered a data breach that affected over a million of their Managed WordPress customers. For active customers: sFTP and database usernames and passwords.

The Security Service of Ukraine has arrested a team of actors who illegally infiltrated the information system of the National Health Service of Ukraine and entered false vaccination entries for other people. The actors found clients in the Sumy region through a team of doctors who participated in the scheme and offered to create false COVID-19 vaccination certificates for anyone who paid them 3,000 hryvnias.

If you connect databases / servers to the internet and secure them poorly, you can count on them getting compromised quickly. He also created a few standard and non standard databases with tables to make the honeypots resemble a production environment.

In this article, we'll outline why database patching matters, explain what the problem is with patching databases, and point to a novel solution that takes the pain out of database patching. There's a second reason why database patching gets neglected - patching a database can be incredibly hard, with conflicting and ambiguous instructions.