Security News

In this article, we'll outline why database patching matters, explain what the problem is with patching databases, and point to a novel solution that takes the pain out of database patching. There's a second reason why database patching gets neglected - patching a database can be incredibly hard, with conflicting and ambiguous instructions.

An email marketing company claiming to hold details on a million UK teachers and school admin personnel was potentially exposing those to the public internet thanks to a misconfigured error page on its website. Not only that, but the Schools Marketing Company seemingly dismissed the findings of the infosec company which spotted the flaw when the infoseccers tried to draw its attention to the problem.

79% of database professionals are now using either paid-for or in-house monitoring tools, a survey from Redgate Software has shown. This is an increase of 10 percentage points from the same survey last year and, at the same time, the 86% satisfaction rate with paid-for monitoring tools is also an all-time high, up 18 percentage points on the previous year.

'The Telegraph', one of the UK's largest newspapers and online media outlets, has leaked 10 TB of data after failing to properly secure one of its databases. The exposed information includes internal logs, full subscriber names, email addresses, device info, URL requests, IP addresses, authentication tokens, and unique reader identifiers.

A database containing personal information on 106 million international travelers to Thailand was exposed to the public internet this year, a Brit biz claimed this week. According to data from The World Bank, Thailand racked up almost 40 million international arrivals in 2019, a number that was on the rise every year pre-pandemic except for 2014, the year the country experienced a military coup.

One of the symptoms of this rampant and global technological epidemic are the vulnerabilities that exist in internal databases globally - those that often store an organization's most sensitive data. Despite the increasing adoption of cloud infrastructure and database environments, it's estimated that 50% of data is stored on-premises.

A report released Tuesday by cybersecurity firm Imperva Research Labs examines why databases are vulnerable and offers advice on how to better protect your data from falling into the wrong hands. Based on analysis covering 27,000 on-premises databases around the world, Imperva found that one out of every two databases contains as least one vulnerability.

46% of all on-prem databases globally are vulnerable to attack, according to a research by Imperva. A five-year longitudinal study comprising nearly 27,000 scanned databases discovered that the average database contains 26 existing vulnerabilities.

Imperva's Elad Erez discusses findings that 46 percent of on-prem databases are sitting ducks, unpatched and vulnerable to attack, each with an average of 26 flaws. A five-year longitudinal study found that nearly one out of every two on-premises databases globally - 46 percent - is vulnerable to attack, given that it has at least one unpatched vulnerability.

After spending five years poring over port scan results, infosec firm Imperva reckons there's about 12,000 vulnerability-containing databases accessible through the internet. The news might prompt responsible database owners to double-check their updates and patching status, given the increasing attractiveness of databases and their contents to criminals and hostile foreign states alike.