#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

MSSQL hacking | Breaking Cybersecurity News | The Hacker News

Category — MSSQL hacking
WARNING: Hackers Install Secret Backdoor on Thousands of Microsoft SQL Servers

WARNING: Hackers Install Secret Backdoor on Thousands of Microsoft SQL Servers

Apr 01, 2020
Cybersecurity researchers today uncovered a sustained malicious campaign dating back to May 2018 that targets Windows machines running MS-SQL servers to deploy backdoors and other kinds of malware, including multi-functional remote access tools (RATs) and cryptominers. Named " Vollgar " after the Vollar cryptocurrency it mines and its offensive "vulgar" modus operandi, researchers at Guardicore Labs said the attack employs password brute-force to breach Microsoft SQL servers with weak credentials exposed to the Internet. Researchers claim the attackers managed to successfully infect nearly 2,000-3,000 database servers daily over the past few weeks, with potential victims belonging to healthcare, aviation, IT & telecommunications, and higher education sectors across China, India, the US, South Korea, and Turkey. Thankfully for those concerned, researchers have also released a script to let sysadmins detect if any of their Windows MS-SQL servers have been
Stealthy Microsoft SQL Server Backdoor Malware Spotted in the Wild

Stealthy Microsoft SQL Server Backdoor Malware Spotted in the Wild

Oct 22, 2019
Cybersecurity researchers claim to have discovered a previously undocumented backdoor specifically designed for Microsoft SQL servers that could allow a remote attacker to control an already compromised system stealthily. Dubbed Skip-2.0 , the backdoor malware is a post-exploitation tool that runs in the memory and lets remote attackers connect to any account on the server running MSSQL version 11 and version 12 by using a "magic password." What's more? The malware manages to remain undetected on the victim's MSSQL Server by disabling the compromised machine's logging functions, event publishing, and audit mechanisms every time the "magic password" is used. With these capabilities, an attacker can stealthily copy, modify, or delete the content stored in a database, the impact of which varies from application to application integrated with targeted servers. "This could be used, for example, to manipulate in-game currencies for financial gai
The New Effective Way to Prevent Account Takeovers

The New Effective Way to Prevent Account Takeovers

Sep 04, 2024SaaS Security / Browser Security
Account takeover attacks have emerged as one of the most persistent and damaging threats to cloud-based SaaS environments. Yet despite significant investments in traditional security measures, many organizations continue to struggle with preventing these attacks. A new report, " Why Account Takeover Attacks Still Succeed, and Why the Browser is Your Secret Weapon in Stopping Them " argues that the browser is the primary battleground where account takeover attacks unfold and, thus, where they should be neutralized. The report also provides effective guidance for mitigating the account takeover risk.  Below are some of the key points raised in the report: The Role of the Browser in Account Takeovers According to the report, the SaaS kill chain takes advantage of the fundamental components that are contained within the browser. For account takeover, these include: Executed Web Pages - Attackers can create phishing login pages or use MiTM over legitimate web pages to harve
Hackers Targeting Servers Running Database Services for Mining Cryptocurrency

Hackers Targeting Servers Running Database Services for Mining Cryptocurrency

Dec 21, 2017
Security researchers have discovered multiple attack campaigns conducted by an established Chinese criminal group that operates worldwide, targeting database servers for mining cryptocurrencies, exfiltrating sensitive data and building a DDoS botnet. The researchers from security firm GuardiCore Labs have analyzed thousands of attacks launched in recent months and identified at least three attack variants— Hex, Hanako, and Taylor —targeting different MS SQL and MySQL servers for both Windows and Linux. The goals of all the three variants are different—Hex installs cryptocurrency miners and remote access trojans (RATs) on infected machines, Taylor installs a keylogger and a backdoor, and Hanako uses infected devices to build a DDoS botnet. So far, researchers have recorded hundreds of Hex and Hanako attacks and tens of thousands of Taylor attacks each month and found that most compromised machines are based in China, and some in Thailand, the United States, Japan and others.
cyber security

Secure Your Network: 40% Face Full Takeover Risk

websitePicus SecurityEndpoint Security / Attack Surface
Understand and address the critical risks in your network to prevent takeovers.
Unofficial Pakistan Intelligence website hacked

Unofficial Pakistan Intelligence website hacked

Mar 05, 2013
While the rest of the world engaged in cyber security conferences and Anonymous operations, an Indian patriotic hacker used the time to attack Unofficial Pakistan Intelligence agency ISI. Hacker going by name " Godzilla " today claimed to hack into one of the server belongs to ISI website ( https://isi.org.pk ) and claimed steal possible information from website database. According to the information shared by hacker with ' The Hacker News ', he claims to have access to Remote Desktop Protocol (RDP) of the server located at 173.193.110.72. He disclose that System installed with Windows 2008 server standard edition and having three derives i.e C,D,E with operating system in C and Hostname ' AHCORP ' He also claimed to hack into MSSQL server containing 3 databases, with 9 users and located at https://mssql.isi.org.pk, as shown in screenshot taken by him. Some partial tables of the database ' msdb ' as listed below: bakupfile bakup
Expert Insights / Articles Videos
Cybersecurity Resources