The popular NextGEN Gallery WordPress plugin was recently patched to address a “severe” SQL injection vulnerability that put website databases at risk.
Tag Archives: Database Security
Breach Database Site 'LeakedSource' Goes Offline After Alleged Police Raid
The biggest mistake companies make with data security is leaving all their secrets unprotected at one place, which if attacked, they are all gone in one shot.
An unnamed law enforcement agency has reportedly accessed billions of compromised usernames, email IDs, and their passwords, collected by LeakedSource, a popular breach notification service.
LeakedSource, launched in late 2015, that
Over 27,000 MongoDB Databases Held For Ransom Within A Week
The ransomware attacks on poorly secured MongoDB installations have doubled in just a day.
A hacker going by the handle Harak1r1 is accessing, copying and deleting unpatched or badly-configured MongoDB databases and then threatening administrators to ransom in exchange of the lost data.
It all started on Monday when security researcher Victor Gevers identified nearly 200 instances of a
Critical MySQL Vulnerability Disclosed
A researcher has disclosed some details and a limited proof-of-concept for a critical MySQL vulnerability. The flaw has been patched in MariaDB and PerconaDB.
191 Million US Voters' Personal Info Exposed by Misconfigured Database
BREAKING: A misconfigured database has resulted in the exposure of around 191 Million voter records including voters’ full names, their home addresses, unique voter IDs, date of births and phone numbers.
The database was discovered on December 20th by Chris Vickery, a white hat hacker, who was able to access over 191 Million Americans’ personal identifying information (PII) that are just
Static Encryption Key Found in SAP HANA Database
Researchers from ERPScan said SAP’s HANA in-memory database contains a default static encryption key.
MySQL Bug Can Strip SSL Protection From Connections
Researchers have identified a serious vulnerability in some versions of Oracle’s MySQL database product that allows an attacker to strip SSL/TLS connections of their security wrapping transparently. The vulnerability is the result of the way that an option in MySQL handles requests for secure connections. Researchers at Duo Security discovered the bug after noticing some […]
MongoDB Patches Remote Denial-of-Service Vulnerability
Popular NoSQL database MongoDB has released an update that patches a critical denial-of-service vulnerability.
Slack Discloses Breach of Its User Profile Database, Implements 2FA
Collaboration providers Slack disclosed that a database storing its user profile information has been breached. The break-in has been stopped, and Slack announced that it has implemented two-factor authentication going forward.
Nasty Oracle Vulnerability Leaves Researcher ‘Gobsmacked’
Oracle on Tuesday will release a huge number of security fixes as part of its quarterly critical patch update, and one of them is a patch for a vulnerability that a well-known security researcher said looks a lot like a back door but was likely just a terrible mistake. The flaw is found in Oracle’s […]