SQL Server | Breaking Cybersecurity News | The Hacker News

The China-linked threat actor behind the recent in-the-wild exploitation of a critical security flaw in SAP NetWeaver has been attributed to a broader set of attacks targeting organizations in Brazil, India, and Southeast Asia since 2023. "The threat actor mainly targets the SQL injection vulnerabilities discovered on web applications to access the SQL servers of targeted organizations," Trend Micro security researcher Joseph C Chen said in an analysis published this week. "The actor also takes advantage of various known vulnerabilities to exploit public-facing servers." Some of the other prominent targets of the adversarial collective include Indonesia, Malaysia, the Philippines, Thailand, and Vietnam. The cybersecurity company is tracking the intrusion set under the moniker Earth Lamia , stating the activity shares some degree of overlap with threat clusters documented by Elastic Security Labs as REF0657 , Sophos as STAC6451 , and Palo Alto Networks Unit 42 a...

Threat actors have been observed targeting the construction sector by infiltrating the FOUNDATION Accounting Software , according to new findings from Huntress. "Attackers have been observed brute-forcing the software at scale, and gaining access simply by using the product's default credentials," the cybersecurity company said . Targets of the emerging threat include plumbing, HVAC (heating, ventilation, and air conditioning), concrete, and other related sub-industries. The FOUNDATION software comes with a Microsoft SQL (MS SQL) Server to handle database operations, and, in some cases, has the TCP port 4243 open to directly access the database via a mobile app. Huntress said the server includes two high-privileged accounts, including "sa," a default system administrator account, and "dba," an account created by FOUNDATION, that are often left with unchanged default credentials. A consequence of this action is that threat actors could brute-force th...

Cybersecurity researchers have discovered a case of "forced authentication" that could be exploited to leak a Windows user's NT LAN Manager (NTLM) tokens by tricking a victim into opening a specially crafted Microsoft Access file. The attack takes advantage of a legitimate feature in the database management system solution that allows users to  link to external data sources , such as a remote SQL Server table. "This feature can be abused by attackers to automatically leak the Windows user's NTLM tokens to any attacker-controlled server, via any TCP port, such as port 80," Check Point security researcher Haifei Li  said . "The attack can be launched as long as the victim opens an .accdb or .mdb file. In fact, any more-common Office file type (such as a .rtf ) can work as well." NTLM, an authentication protocol introduced by Microsoft in 1993, is a challenge-response protocol that's used to authenticate users during sign-in. Over the years, ...

SaaS Adoption is Skyrocketing, Resilience Hasn't Kept Pace SaaS platforms have revolutionized how businesses operate. They simplify collaboration, accelerate deployment, and reduce the overhead of managing infrastructure. But with their rise comes a subtle, dangerous assumption: that the convenience of SaaS extends to resilience. It doesn't. These platforms weren't built with full-scale data protection in mind . Most follow a shared responsibility model — wherein the provider ensures uptime and application security, but the data inside is your responsibility. In a world of hybrid architectures, global teams, and relentless cyber threats, that responsibility is harder than ever to manage. Modern organizations are being stretched across: Hybrid and multi-cloud environments with decentralized data sprawl Complex integration layers between IaaS, SaaS, and legacy systems Expanding regulatory pressure with steeper penalties for noncompliance Escalating ransomware threats and inside...

Microsoft on Tuesday warned that it recently spotted a malicious campaign targeting SQL Servers that leverages a built-in PowerShell binary to achieve persistence on compromised systems. The intrusions, which leverage brute-force attacks as an initial compromise vector, stand out for their use of the utility " sqlps.exe ," the tech giant  said  in a series of tweets. The ultimate goals of the campaign are unknown, as is the identity of the threat actor staging it. Microsoft is tracking the malware under the name " SuspSQLUsage ." The sqlps.exe utility, which comes by default with all versions of SQL Servers, enables an SQL Agent — a Windows service to run scheduled tasks — to run jobs using the PowerShell subsystem. "The attackers achieve fileless persistence by spawning the sqlps.exe utility, a PowerShell wrapper for running SQL-built cmdlets, to run recon commands and change the start mode of the SQL service to LocalSystem," Microsoft noted. Addi...