#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Insider Risk Management

database server | Breaking Cybersecurity News | The Hacker News

New SkidMap Linux Malware Variant Targeting Vulnerable Redis Servers

New SkidMap Linux Malware Variant Targeting Vulnerable Redis Servers

Aug 07, 2023 Data Security / Linux
Vulnerable  Redis services  have been targeted by a "new, improved, dangerous" variant of a malware called SkidMap that's engineered to target a wide range of Linux distributions. "The malicious nature of this malware is to adapt to the system on which it is executed," Trustwave security researcher Radoslaw Zdonczyk  said  in an analysis published last week. Some of the Linux distribution SkidMap sets its eyes on include Alibaba, Anolis, openEuler, EulerOS, Stream, CentOS, RedHat, and Rocky. SkidMap was  first disclosed  by Trend Micro in September 2019 as a cryptocurrency mining botnet with capabilities to load malicious kernel modules that can obfuscate its activities as well as monitor the miner process. The operators of the malware have also been found camouflaging their backup command-and-control (C2) IP address on the Bitcoin blockchain, evocative of another botnet malware known as  Glupteba . "The technique of fetching real-time data from a de
Hackers Backdoor Unpatched Microsoft SQL Database Servers with Cobalt Strike

Hackers Backdoor Unpatched Microsoft SQL Database Servers with Cobalt Strike

Feb 22, 2022
Vulnerable internet-facing Microsoft SQL (MS SQL) Servers are being targeted by threat actors as part of a new campaign to deploy the Cobalt Strike adversary simulation tool on compromised hosts. "Attacks that target MS SQL servers include attacks to the environment where its vulnerability has not been patched, brute forcing, and  dictionary attack  against poorly managed servers," South Korean cybersecurity company AhnLab Security Emergency Response Center (ASEC)  said  in a report published Monday. Cobalt Strike is a commercial, full-featured  penetration testing framework  that allows an attacker to deploy an agent named "Beacon" on the victim machine, granting the operator remote access to the system. Although billed as a red team threat simulation platform,  cracked versions  of the software have been  actively used  by a wide range of threat actors. Intrusions observed by ASEC involve the unidentified actor scanning port 1433 to check for exposed MS SQL s
Newly Patched SAP ASE Flaws Could Let Attackers Hack Database Servers

Newly Patched SAP ASE Flaws Could Let Attackers Hack Database Servers

Jun 03, 2020
A new set of critical vulnerabilities uncovered in SAP's Sybase database software can grant unprivileged attackers complete control over a targeted database and even the underlying operating system in certain scenarios. The six flaws, disclosed by cybersecurity firm Trustwave today, reside in Sybase Adaptive Server Enterprise ( ASE ), a relational database management software geared towards transaction-based applications. The cybersecurity company said the issues — both specific to the operating system and the platform as a whole — were discovered during a security testing of the product, one of which has a CVSS rating of 9.1. Identified as CVE-2020-6248 , the most severe vulnerability allows arbitrary code execution when making database backups, thus allowing an attacker to trigger the execution of malicious commands. "During database backup operations, there are no security checks for overwriting critical configuration files," Trustwave researchers said  in a
cyber security

Protecting Your Organization From Insider Threats - All You Need to Know

websiteWing SecuritySaaS Security
Get practical insights and strategies to manage inadequate offboarding and insider risks effectively.
What's the Right EDR for You?

What's the Right EDR for You?

May 10, 2024Endpoint Security / Threat Detection
A guide to finding the right endpoint detection and response (EDR) solution for your business' unique needs. Cybersecurity has become an ongoing battle between hackers and small- and mid-sized businesses. Though perimeter security measures like antivirus and firewalls have traditionally served as the frontlines of defense, the battleground has shifted to endpoints. This is why endpoint detection and response (EDR) solutions now serve as critical weapons in the fight, empowering you and your organization to detect known and unknown threats, respond to them quickly, and extend the cybersecurity fight across all phases of an attack.  With the growing need to defend your devices from today's cyber threats, however, choosing the right EDR solution can be a daunting task. There are so many options and features to choose from, and not all EDR solutions are made with everyday businesses and IT teams in mind. So how do you pick the best solution for your needs? Why EDR Is a Must Because of
Core Elastic Stack Security Features Now Available For Free Users As Well

Core Elastic Stack Security Features Now Available For Free Users As Well

May 21, 2019
Elastic, the company behind the most widely used enterprise search engine ElasticSearch and the Elastic Stack, today announced that it has decided to make core security features of the Elastic Stack free and accessible to all users. ELK Stack or Elastic Stack is a collection of three powerful open source projects—Elasticsearch, Logstash, and Kibana—that many large and small companies are using to format, search, analyze, and visualize a large amount of data in real time. In recent months, we have seen how thousands of instances of insecure, poorly configured Elasticsearch and Kibana servers had left millions of users sensitive data exposed on the Internet. Since the free version of Elastic Stack by default does not have any authentication or authorization mechanism, many developers and administrators fail to properly implement important security features manually. The core security features—like encrypted communication, role-based access control, authentication realms—in p
Over 202 Million Chinese Job Seekers' Details Exposed On the Internet

Over 202 Million Chinese Job Seekers' Details Exposed On the Internet

Jan 10, 2019
Cybersecurity researcher has discovered online a massive database containing records of more than 202 million Chinese citizens that remained accessible to anyone on the Internet without authentication until last week. The unprotected 854.8 gigabytes of the database was stored in an instance of MongoDB, a NoSQL high performance and cross-platform document-oriented database, hosted by an American server hosting company. In total, the database contained 202,730,434 records about job candidates from China, including candidates' personal information such as their full name, date of birth, phone number, email address, marriage status, and driver's license information, along with their professional experience and job expectations. Bob Diachenko, director of cyber risk research at Hacken.io and bug bounty platform HackenProof, discovered the existence of database two weeks ago, which had been secured shortly after his notification on Twitter. However, it is worth noting that &
Insecure Hadoop Clusters Expose Over 5,000 Terabytes of Data

Insecure Hadoop Clusters Expose Over 5,000 Terabytes of Data

Jun 03, 2017
Until last year, cyber criminals were only targeting computers of individuals and organisations with ransomware and holding them for ransom, but then they started targeting unprotected online databases and servers around the globe for ransom as well. Earlier this year, we saw notorious incidents where tens of thousands of unprotected MongoDB and Elasticsearch databases were hacked and held for ransom in exchange of the data the hackers had stolen and deleted from the poorly configured systems. Now, cyber crooks have started targeting unprotected Hadoop Clusters and CouchDB servers as well, making the ransomware game nastier if your servers are not securely configured. Nearly 4,500 servers with the Hadoop Distributed File System (HDFS) — the primary distributed storage used by Hadoop applications — were found exposing more than 5,000 Terabytes (5.12 Petabytes) of data, according to an analysis conducted using Shodan search engine. This exposure is due to the same issue — H
Someone Hijacking Unsecured MongoDB Databases for Ransom

Someone Hijacking Unsecured MongoDB Databases for Ransom

Jan 04, 2017
Nearly two years back, we warned users about publicly accessible MongoDB instances – almost 600 Terabytes (TB) – over the Internet which require no authentication, potentially leaving websites and servers at risk of hacking. These MongoDB instances weren't exposed due to any flaw in its software, but due to a misconfiguration (bad security practice) that let any remote attacker access MongoDB databases without using any special hacking tool. MongoDB later resolved the issue in the next version of its software by setting unrestricted remote access by default in the configuration, thousands of site administrators have not updated their servers yet. But trust me, they'll now regret this! A Hacker is now hijacking and wiping out unsecured MongoDB databases , but keeping a copy of those databases for asking administrators a ransom of 0.2 Bitcoins (nearly US$211) to return the lost data. So, admins without backups are left in a bind. In fact, the rising price of Bitcoin
Cybersecurity
Expert Insights
Cybersecurity Resources