Security News

A recently uncovered attack campaign that stayed under the radar since May 2018 has targeted Microsoft SQL servers with backdoors and crypto-miners, Guardicore Labs reveals. Attacks begin with MS-SQL brute force login attempts and continue with a series of configuration changes to allow command execution.

"The Vollgar attack chain also demonstrates the competitive nature of the attacker, who diligently and thoroughly kills other threat actors' processes," the firm said in a statement. Lead researcher Ophir Harpaz said in a research report: "Overall, Vollgar attacks originated in more than 120 IP addresses, the vast majority of which are in China. These are most likely compromised machines, repurposed to scan and infect new victims."

Named "Vollgar" after the Vollar cryptocurrency it mines and its offensive "Vulgar" modus operandi, researchers at Guardicore Labs said the attack employs password brute-force to breach Microsoft SQL servers with weak credentials exposed to the Internet. Researchers claim the attackers managed to successfully infect nearly 2,000-3,000 database servers daily over the past few weeks, with potential victims belonging to healthcare, aviation, IT & telecommunications, and higher education sectors across China, India, the US, South Korea, and Turkey.

IDERA, a provider of powerful database productivity tools, announced an expanded portfolio of cloud-based database and workload management solutions for SQL Server. SQL Inventory Manager to automatically discover, track, and manage SQL Server inventory and perform health checks, including SQL Server in the cloud.

SentryOne announces new editions of SQL Sentry, the company's top-rated database performance monitoring product, to help companies select the monitoring solution that best fits their needs. "With the new SQL Sentry editions, we offer best-in-class monitoring for any situation, whether it's an IT manager looking for no-fuss monitoring for a few databases, DBAs looking for a solution that can accommodate hybrid or cloud monitoring, or an enterprise data team that needs highly scalable monitoring to support high-volume compute environments."

An SQL injection vulnerability in the Government of Gibraltar's website paved the way for any old Joe to rewrite official web versions of the British Overseas Territory's laws. Security researcher Ax Sharma spotted the vuln while poring over the Gibraltar government's visa rules, which he accessed from the Gibraltar Borders and Coastguard Agency website.

A recently identified backdoor used by the China-linked Winnti hackers and which targets Microsoft SQL (MSSQL) is very stealthy, ESET’s security researchers say. read more

Cybersecurity researchers claim to have discovered a previously undocumented backdoor specifically designed for Microsoft SQL servers that could allow a remote attacker to control an already...

Admin rights needed to fire up the malware and – hey presto! Security researchers at ESET have published details of a backdoor into Microsoft's SQL Server via hooks and the splendidly named "magic...

Microsoft Office macros that collectively act as a stage downloader are utilizing Microsoft SQL queries to fetch malicious payloads, Proofpoint’s security researchers report. read more