Security News
Progress Software, the company behind the MOVEit Transfer application, has released patches to address brand new SQL injection vulnerabilities affecting the file transfer solution that could enable the theft of sensitive information. "Multiple SQL injection vulnerabilities have been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to the MOVEit Transfer database," the company said in an advisory released on June 9, 2023.
A new security flaw has been disclosed in the Google Cloud Platform's Cloud SQL service that could be potentially exploited to obtain access to confidential data. "The vulnerability could have enabled a malicious actor to escalate from a basic Cloud SQL user to a full-fledged sysadmin on a container, gaining access to internal GCP data like secrets, sensitive files, passwords, in addition to customer data," Israeli cloud security firm Dig said.
Poorly managed Microsoft SQL servers are the target of a new campaign that's designed to propagate a category of malware called CLR SqlShell that ultimately facilitates the deployment of cryptocurrency miners and ransomware. "Similar to web shell, which can be installed on web servers, SqlShell is a malware strain that supports various features after being installed on an MS SQL server, such as executing commands from threat actors and carrying out all sorts of malicious behavior," AhnLab Security Emergency response Center said in a report published last week.
Attackers are hacking into poorly secured and Interned-exposed Microsoft SQL servers to deploy Trigona ransomware payloads and encrypt all files. Exe service, which they use to launch the Trigona ransomware as svchost.
A group of academics has demonstrated novel attacks that leverage Text-to-SQL models to produce malicious code that could enable adversaries to glean sensitive information and stage denial-of-service attacks. The findings, which were validated against two commercial solutions BAIDU-UNIT and AI2sql, mark the first empirical instance where natural language processing models have been exploited as an attack vector in the wild.
Security researchers have found a new piece of malware targeting Microsoft SQL servers. Named Maggie, the backdoor has already infected hundreds of machines all over the world.
Cybercriminals wielding the FARGO ransomware are targeting Microsoft SQL servers, AhnLab's ASEC analysis team has warned. They haven't pinpointed how the attackers are getting access to the targeted servers, but noted that typical attacks targeting database servers include brute force and dictionary attacks aimed at ferreting out the passwords of existing, poorly secured accounts.
Organizations are being warned about a wave of attacks targeting Microsoft SQL Server with ransomware known as Fargo, which encrypts files and threatens victims that their data may be published online if they do not pay up. The warning comes in a blog posting from analysts at the AhnLab Security Emergency Response Center, which says that Fargo is one of the most prominent ransomware strains targeting vulnerable SQL Server instances, and was previously also known as Mallox because it used the file extension.
Vulnerable Microsoft SQL servers are being targeted in a new wave of attacks with FARGO ransomware, security researchers are warning. BleepingComputer has reported similar attacks in February, dropping Cobalt Strike beacons, and in July when threat actors hijacked vulnerable MS-SQL servers to steal bandwidth for proxy services.
Threat actors are generating revenue by using adware bundles, malware, or even hacking into Microsoft SQL servers, to convert devices into proxies rented through online proxy services. To steal a device's bandwidth, the threat actors install software called 'proxyware' that allocates a device's available internet bandwidth as a proxy server that remote users can use for various tasks, like testing, intelligence collection, content distribution, or market research.