Collecting Cyber-News from over 60 sources

Tag: sql

Microsoft Patch Tuesday security updates for November 2024 fix two actively exploited zero-days

Nov 13, 2024 7:53 AM

Tags: exploit, microsoft, office, sql, update, vulnerability, windows, zero-day

Microsoft Patch Tuesday security updates for November 2024 addressed 89 vulnerabilities, including two actively exploited zero-day flaws. Microsoft Patch Tuesday security updates for November 2024 fixed 89 vulnerabilities in Windows and Windows Components; Office and Office Components; Azure; .NET and Visual Studio; LightGBM; Exchange Server; SQL Server; TorchGeo; Hyper-V; and Windows VMSwitch. Four of these…
Microsoft’s November 2024 Patch Tuesday Addresses 87 CVEs (CVE-2024-43451, CVE-2024-49039)

Nov 13, 2024 7:53 AM

Tags: access, advisory, attack, authentication, best-practice, computing, control, cve, dns, email, exploit, flaw, google, guide, malicious, microsoft, mitigation, ntlm, office, phishing, rce, remote-code-execution, service, sql, threat, tool, unauthorized, update, vulnerability, windows, zero-day

4Critical 82Important 1Moderate 0Low Microsoft addresses 87 CVEs and one advisory (ADV240001) in its November 2024 Patch Tuesday release, with four critical vulnerabilities and four zero-day vulnerabilities, including two that were exploited in the wild. Microsoft patched 87 CVEs in its November 2024 Patch Tuesday release, with four rated critical, 82 rated important and one…
DEF CON 32 SQL Injection Isn’t Dead Smuggling Queries at the Protocol Level

Nov 11, 2024 5:04 AM

Tags: conference, injection, sql

Authors/Presenters: Paul Gerste Our sincere appreciation to DEF CON, and the Presenters/Authors for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/11/def-con-32-sql-injection-isnt-dead-smuggling-queries-at-the-protocol-level/
Anfällig für SQL Broadcom veröffentlicht Update für Schwachstelle in VMware HCX

Nov 8, 2024 5:04 PM

Tags: injection, sql, update, vmware, vulnerability

First seen on security-insider.de Jump to article: www.security-insider.de/vmware-hcx-kritische-sicherheitsluecke-geschlossen-a-32a3f54cc433dc29ce2975a9203fe1e2/
A Massive Hacking Toolkit From >>You Dun<< Threat Group Developed To Lauch Massive Cyber Attack

Nov 5, 2024 10:56 AM

Tags: attack, cyber, exploit, group, hacking, injection, software, sql, threat, tool, vulnerability

The >>You Dun
ChatGPT Jailbreak: Researchers Bypass AI Safeguards Using Hexadecimal Encoding and Emojis

Oct 30, 2024 9:55 AM

Tags: ai, chatgpt, exploit, injection, malicious, sql

New jailbreak technique tricked ChatGPT into generating Python exploits and a malicious SQL injection tool. The post ChatGPT Jailbreak: Researchers By… First seen on securityweek.com Jump to article: www.securityweek.com/first-chatgpt-jailbreak-disclosed-via-mozillas-new-ai-bug-bounty-program/
IcePeony Hackers Exploiting Public Web Servers To Inject Webshells

Oct 23, 2024 9:25 PM

Tags: apt, china, exploit, group, hacker, india, injection, sql, vulnerability

IcePeony, a China-nexus APT group, has been active since 2023, targeting India, Mauritius, and Vietnam by exploiting SQL injection vulnerabilities to … First seen on gbhackers.com Jump to article: gbhackers.com/icepeony-hackers-webshells/
VMware HCX: Codeschmuggel durch SQLLücke möglich

Oct 23, 2024 12:27 PM

Tags: injection, sql, vmware

First seen on heise.de Jump to article: www.heise.de/news/VMware-HCX-Codeschmuggel-durch-SQL-Injection-Luecke-moeglich-9983875.html
VMware HCX Platform Vulnerable to SQL Injection Attacks

Oct 22, 2024 10:02 AM

Tags: advisory, attack, cve, injection, sql, vmware, vulnerability

VMware released an advisory (VMSA-2024-0021) addressing a critical vulnerability in its HCX platform. The vulnerability, CVE-2024-38814, is an authent… First seen on gbhackers.com Jump to article: gbhackers.com/vmware-hcx-platform-vulnerable/
VMware fixes high-severity SQL injection flaw CVE-2024-38814 in HCX

Oct 20, 2024 1:59 PM

Tags: cve, flaw, injection, sql, vmware

VMware fixes a high-severity SQL injection flaw in HCX allowing non-admin users to remotely execute code on the HCX manager. VMWare warns to address a… First seen on securityaffairs.com Jump to article: securityaffairs.com/169904/security/vmware-sql-injection-flaw-cve-2024-38814.html
VMware Patches High-Severity SQL Injection Flaw in HCX Platform

Oct 18, 2024 9:58 AM

Tags: cve, flaw, injection, sql, vmware

VMware patches CVE-2024-38814 and warns that attackers with non-administrator privileges can execute remote code on the HCX manager. The post VMware P… First seen on securityweek.com Jump to article: www.securityweek.com/vmware-patches-high-severity-sql-injection-flaw-in-hcx-platform/
Four zero-days fixed for September Patch Tuesday

Oct 11, 2024 6:54 PM

Tags: sql, update, windows, zero-day

Most corrections this month focus on the Windows OS, but enterprises that rely on SQL Server or SharePoint should prioritize deploying the security up… First seen on techtarget.com Jump to article: www.techtarget.com/searchwindowsserver/news/366610256/Four-zero-days-fixed-for-September-Patch-Tuesday
Understanding Your SQL Database: A Comprehensive Guide

Oct 9, 2024 8:06 PM

Tags: data, guide, sql

SQL has become the standard language for interacting with relational databases. An SQL database uses tables to store and manage structured data with a… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/10/understanding-your-sql-database-a-comprehensive-guide/
Critical Ivanti Endpoint Manager flaw exploited (CVE-2024-29824)

Oct 7, 2024 7:00 AM

Tags: cve, endpoint, exploit, flaw, injection, ivanti, sql, vulnerability

CVE-2024-29824, an unauthenticated SQL Injection vulnerability in Ivanti Endpoint Manager (EPM) appliances, is being exploited by attackers, the Cyber… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/10/03/cve-2024-29824/
Ivanti Confirms Exploitation of an Old Critical Vuln

Oct 4, 2024 11:36 PM

Tags: exploit, hacker, injection, ivanti, remote-code-execution, sql, vulnerability

Remote Code Execution Bug Exploited in Limited Attacks. Ivanti confirmed that hackers are exploiting an SQL injection vulnerability in its Ivanti Endp… First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/ivanti-confirms-exploitation-old-critical-vuln-a-26452
Contractor Software Targeted via Microsoft SQL Server Loophole

Sep 26, 2024 6:01 PM

Tags: microsoft, software, sql

First seen on darkreading.com Jump to article: www.darkreading.com/application-security/contractor-software-targeted-mssql-loophole
U.S. CISA adds Microsoft Windows, Apache HugeGraph-Server, Oracle JDeveloper, Oracle WebLogic Server, and Microsoft SQL Server bugs to its Known Exploited Vulnerabilities catalog

Sep 21, 2024 6:29 PM

Tags: apache, cisa, cybersecurity, exploit, infrastructure, kev, microsoft, oracle, sql, vulnerability, windows

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Windows, Apache HugeGraph-Server, Oracle JDeveloper, Oracle WebLogic Serve… First seen on securityaffairs.com Jump to article: securityaffairs.com/168592/security/u-s-cisa-windows-apache-hugegraph-oracle-jdeveloper-oracle-weblogic-sql-server-bugs-to-its-known-exploited-vulnerabilities-catalog.html
Flugverkehr: Sicherheitskontrollen per SQL-Injection umgangen

Sep 13, 2024 11:27 AM

Tags: bug, injection, sql

Ein Forscherduo hat eine Sicherheitslücke mit potenziell gravierenden Auswirkungen auf die Flugsicherheit entdeckt. Angeblich ließen sich sogar unbefu… First seen on golem.de Jump to article: www.golem.de/news/flugverkehr-sicherheitskontrollen-per-sql-injection-umgangen-2408-188552.html
Ubuntu Fixes a High-Severity PostgreSQL Vulnerability

Sep 9, 2024 7:36 PM

Tags: open-source, software, sql, vulnerability

PostgreSQL is an open-source, widely used object relational SQL database. However, like any other software, it is not immune to vulnerabilities. A new… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/09/ubuntu-fixes-a-high-severity-postgresql-vulnerability/
Shocking SQL Injection in TSA App, Bitcoin ATM Scams Targeting Seniors

Sep 9, 2024 6:36 PM

Tags: injection, scam, sql, vulnerability

This week, we discuss a critical SQL injection vulnerability discovered in an app used by the TSA, raising ethical questions about responsible disclos… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/09/shocking-sql-injection-in-tsa-app-bitcoin-atm-scams-targeting-seniors/
Tired Of Airport Security Queues? SQL Inject Yourself Into The Cockpit, Claims Reseachers

Sep 6, 2024 5:07 PM

Tags: sql

First seen on packetstormsecurity.com Jump to article: packetstormsecurity.com/news/view/36279/Tired-Of-Airport-Security-Queues-SQL-Inject-Yourself-Into-The-Cockpit-Claims-Reseachers.html
Flughafen-Sicherheitskontrollen in den USA über SQL-Injection umgangen

Sep 4, 2024 12:35 AM

Tags: injection, sql, usa

First seen on heise.de Jump to article: www.heise.de/news/TSA-Airport-Sicherheitskontrollen-per-SQL-Injection-ausgehebelt-9853305.html
Researchers find SQL injection to bypass airport TSA security checks

Sep 3, 2024 6:34 PM

Tags: injection, sql, unauthorized, vulnerability

Security researchers have found a vulnerability in a key air transport security system that allowed unauthorized individuals to potentially bypass air… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/researchers-find-sql-injection-to-bypass-airport-tsa-security-checks/
SQL Injection Attack on Airport Security

Sep 3, 2024 11:34 AM

Tags: attack, injection, sql, vulnerability

Interesting vulnerability: …a special lane at airport security called Known Crewmember (KCM). KCM is a TSA program that allows pilots an… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/09/sql-injection-attack-on-airport-security/
TSA-Airport-Sicherheitskontrollen per SQL-Injection ausgehebelt

Aug 31, 2024 12:35 PM

Tags: injection, sql

First seen on heise.de Jump to article: www.heise.de/news/TSA-Airport-Sicherheitskontrollen-per-SQL-Injection-ausgehebelt-9853305.html
Tired of airport security queues? SQL inject yourself into the cockpit, claim researchers

Aug 30, 2024 4:33 PM

Tags: sql

First seen on theregister.com Jump to article: www.theregister.com/2024/08/30/sql_injection_known_crewmember/
Progress WhatsUp Gold Vulnerabilities Let Attackers Inject SQL Commands

Aug 27, 2024 1:44 PM

Tags: software, sql, vulnerability

The Progress WhatsUp Gold team confirmed the existence of critical vulnerabilities in all versions of their software released before 2024.0.0. If expl… First seen on gbhackers.com Jump to article: gbhackers.com/progress-whatsup-gold-vulnerabilities/
PostgreSQL Vulnerability Allows Hackers To Execute Arbitrary SQL Functions

Aug 14, 2024 1:37 PM

Tags: cve, hacker, sql, vulnerability

A critical vulnerability identified as CVE-2024-7348 has been discovered in PostgreSQL, enabling attackers to execute arbitrary SQL functions. This vu… First seen on gbhackers.com Jump to article: gbhackers.com/postgresql-vulnerability-hackers-execute-arbitrary-sql-functions/
STAC6451 Hacker Hijacking Microsoft SQL Servers to Compromise Organizations

Aug 9, 2024 1:36 PM

Tags: hacker, microsoft, sophos, sql, threat

A sophisticated threat activity cluster, STAC6451, has been identified targeting Microsoft SQL servers. This cluster, primarily observed by Sophos Man… First seen on gbhackers.com Jump to article: gbhackers.com/stac6451-hijacking-microsoft-sql-servers/
USENIX Security ’23 SQIRL: Grey-Box Detection of SQL Injection Vulnerabilities Using Reinforcement Learning

Jul 29, 2024 9:36 AM

Tags: detection, injection, sql, vulnerability

Authors/Presenters:Salim Al Wahaibi, Myles Foley, Sergio Maffeis Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/usenix-security-23-sqirl-grey-box-detection-of-sql-injection-vulnerabilities-using-reinforcement-learning/