#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security Posture Management

CSRF vulnerability | Breaking Cybersecurity News | The Hacker News

Warning: Researcher Drops phpMyAdmin Zero-Day Affecting All Versions

Warning: Researcher Drops phpMyAdmin Zero-Day Affecting All Versions

Sep 18, 2019
A cybersecurity researcher recently published details and proof-of-concept for an unpatched zero-day vulnerability in phpMyAdmin—one of the most popular applications for managing the MySQL and MariaDB databases. phpMyAdmin is a free and open source administration tool for MySQL and MariaDB that's widely used to manage the database for websites created with WordPress, Joomla, and many other content management platforms. Discovered by security researcher and pentester Manuel Garcia Cardenas , the vulnerability claims to be a cross-site request forgery (CSRF) flaw, also known as XSRF, a well-known attack wherein attackers trick authenticated users into executing an unwanted action. Identified as CVE-2019-12922 , the flaw has been given a medium rating because of its limited scope that only allows an attacker to delete any server configured in the setup page of a phpMyAdmin panel on a victim's server. To be noted, it's not something you should not be much worried abo
Critical Flaw Reported In phpMyAdmin Lets Attackers Damage Databases

Critical Flaw Reported In phpMyAdmin Lets Attackers Damage Databases

Jan 02, 2018
A critical security vulnerability has been reported in phpMyAdmin—one of the most popular applications for managing the MySQL database—which could allow remote attackers to perform dangerous database operations just by tricking administrators into clicking a link. Discovered by an Indian security researcher, Ashutosh Barot , the vulnerability is a cross-site request forgery (CSRF) attack and affects phpMyAdmin versions 4.7.x ( prior to 4.7.7 ). Cross-site request forgery vulnerability, also known as XSRF, is an attack wherein an attacker tricks an authenticated user into executing an unwanted action. According to an advisory released by phpMyAdmin, " by deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables, etc. " phpMyAdmin is a free and open source administration tool for MySQL and MariaDB and is widely used to manage the database for websites created with WordPress,
cyber security

Cracking the Code to Vulnerability Management

websitewiz.ioVulnerability Management / Cloud Security
Vulnerability management in the cloud is no longer just about patches and fixes. In this latest report, the Wiz Security Research team put vulnerability management theory into practice using recently identified vulnerabilities as examples. Get the FREE report
Make a Fresh Start for 2024: Clean Out Your User Inventory to Reduce SaaS Risk

Make a Fresh Start for 2024: Clean Out Your User Inventory to Reduce SaaS Risk

Dec 04, 2023SaaS Security / Data Security
As work ebbs with the typical end-of-year slowdown, now is a good time to review user roles and privileges and remove anyone who shouldn't have access as well as trim unnecessary permissions. In addition to saving some unnecessary license fees, a clean user inventory significantly enhances the security of your SaaS applications. From reducing risk to protecting against data leakage, here is how you can start the new year with a clean user list.  How Offboarded Users  Still  Have Access to Your Apps When employees leave a company, they trigger a series of changes to backend systems in their wake. First, they are removed from the company's identity provider (IdP), which kicks off an automated workflow that deactivates their email and removes access to all internal systems. When enterprises use an SSO (single sign-on), these former employees lose access to any online properties – including SaaS applications – that require SSO for login.  However, that doesn't mean that former employee
Cybersecurity Resources