Tag: sql

Hackers Exploit MS-SQL Servers to Deploy Ammyy Admin for Remote Access

Apr 25, 2025 11:50 AM

Tags: access, cyber, cyberattack, cybersecurity, exploit, hacker, malicious, malware, microsoft, sql, threat, tool, unauthorized, vulnerability

A sophisticated cyberattack campaign has surfaced, targeting poorly managed Microsoft SQL (MS-SQL) servers to deploy malicious tools like Ammyy Admin and PetitPotato malware. Cybersecurity researchers have observed attackers exploiting vulnerabilities in these servers to gain unauthorized access, execute commands for reconnaissance, and install malware that facilitates remote access and privilege escalation. This emerging threat underscores…
Oracle April 2025 Critical Patch Update Addresses 171 CVEs

Apr 16, 2025 4:28 PM

Tags: advisory, attack, business, communications, cve, data, exploit, finance, insurance, network, oracle, risk, service, sql, update, vulnerability

Oracle addresses 171 CVEs in its second quarterly update of 2025 with 378 patches, including 40 critical updates. Background On April 15, Oracle released its Critical Patch Update (CPU) for April 2025, the second quarterly update of the year. This CPU contains fixes for 171 unique CVEs in 378 security updates across 32 Oracle product…
DSGVO-Meldepflichtige Sicherheitslücke in KaPlan Web

Apr 16, 2025 3:28 PM

Tags: bug, DSGVO, sql

Eine kurze (österliche) Meldung für Sicherheits- und Datenschutzverantwortliche in kirchlichen Einrichtungen, die KaPlan Web im Einsatz haben. Es wurde eine Sicherheitslücke gefunden, die eine Manipulation der SQL-Datenbank ermöglichte. Die Einstufung meinerseits ist, dass dies aus DSGVO meldepflichtig für die Betreiber … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/04/16/dsgvo-meldepflichtige-sicherheitsluecke-in-kaplan-web/
Erneuter Datenabfluss bei Melting Mind?

Apr 16, 2025 1:28 PM

Tags: cyberattack, data-breach, sql

Es gibt Hinweise auf ein neues Datenleck bei Melting Mind.Noch am Dienstag (15. April) berichtete der Norddeutsche Rundfunk NDR, dass Melting Mind bei dem Cyberangriff im vergangenen Jahr größeren Schaden abwenden konnte. Laut einem Bericht von heise online hat das Unternehmen jedoch weiterhin Sicherheitsprobleme.So habe eine Suchanfrage am selben Tag in der Schwachstellensuchmaschine Leakix eine…
China alleges US cyber espionage during the Asian Winter Games, names 3 NSA agents

Apr 15, 2025 3:28 PM

Tags: attack, breach, china, cloud, cyber, cyberattack, espionage, exploit, government, hacker, infrastructure, injection, intelligence, international, service, sql, vulnerability

A deliberate and coordinated campaign: The NCVERC report revealed that between January 26 and February 14, 2025, the Games’ information systems were struck by 270,167 attacks from abroad, with activity peaking on February 8, the day after the event’s formal opening. Of these, 170,864 attacks (63.24%) originated from US-based IP addresses.The cyber onslaught primarily targeted…
Top 16 OffSec, pen-testing, and ethical hacking certifications

Apr 10, 2025 1:05 PM

Tags: access, android, antivirus, application-security, attack, authentication, blockchain, bug-bounty, business, cisco, cloud, computing, credentials, crypto, cryptography, cyber, cybersecurity, data, defense, detection, encryption, exploit, guide, hacker, hacking, incident response, injection, iot, jobs, kali, linux, malware, microsoft, mitigation, mobile, network, penetration-testing, RedTeam, remote-code-execution, reverse-engineering, risk, risk-assessment, sap, skills, sql, technology, threat, tool, training, update, vulnerability, windows

Experiential learning Offensive security can’t be fully mastered through lectures alone. Candidates need hands-on training in lab environments to develop practical skills. Ideally, certification exams should include a practical assessment, such as developing an exploit to compromise a system.Because individuals learn OffSec techniques, such as penetration testing, in different ways, the most effective certifications offer…
The SQL Server Crypto Detour

Apr 8, 2025 10:43 PM

Tags: access, api, backup, credentials, crypto, cryptography, data, encryption, jobs, microsoft, password, service, sql, tool, update, vulnerability, windows

As part of my role as Service Architect here at SpecterOps, one of the things I’m tasked with is exploring all kinds of technologies to help those on assessments with advancing their engagement. Not long after starting this new role, I was approached with an interesting problem. A SQL Server database backup for a ManageEngine’s…
Shopware Security Plugin Vulnerability Enables SQL Injection Attacks

Apr 8, 2025 8:42 PM

Tags: attack, cyber, injection, sql, vulnerability

A recently disclosed SQL injection vulnerability in older versions of the Shopware platform has raised concerns among online shop operators. Although Shopware has addressed the issue in its latest release (version 6.5.8.13), it has been revealed that the fix provided by the Shopware Security Plugin for older versions remains incomplete. This vulnerability (CVE-2025-27892) enables attackers…
Halo ITSM Vulnerability Lets Attackers Inject Malicious SQL Code

Apr 4, 2025 10:42 AM

Tags: cloud, credentials, cyber, data, flaw, malicious, software, sql, threat, vulnerability

A critical security flaw has been discovered inHalo ITSM, an IT support management software widely deployed across cloud and on-premise environments. The vulnerability, which allows attackers to inject malicious SQL code, poses a significant threat to organizations relying on the software to manage IT support tickets containing sensitive data such as credentials and internal documentation.…
Halo ITSM Vulnerability Exposed Organizations to Remote Hacking

Apr 3, 2025 6:42 PM

Tags: data-breach, exploit, hacking, injection, sql, vulnerability

An unauthenticated SQL injection vulnerability in Halo ITSM could have been exploited to read, modify, or insert data. The post Halo ITSM Vulnerability Exposed Organizations to Remote Hacking appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/halo-itsm-vulnerability-exposed-organizations-to-remote-hacking/
Thales Named Overall Leader in KuppingerCole’s Leadership Compass Data Security Platforms

Mar 25, 2025 2:13 PM

Tags: access, ai, attack, cloud, compliance, control, credentials, cybersecurity, data, detection, encryption, fedramp, framework, GDPR, governance, HIPAA, injection, intelligence, monitoring, PCI, privacy, ransomware, regulation, risk, risk-management, service, software, sql, strategy, threat, tool, unauthorized, vulnerability

Thales Named Overall Leader in KuppingerCole’s Leadership Compass Data Security Platforms madhav Tue, 03/25/2025 – 07:37 Thales has been named an Overall Leader in the 2025 KuppingerCole Leadership Compass in the Data Security Platforms category, earning this top ranking for its products, innovation, and market presence. We live in a time when organizations face many…
11 ways cybercriminals are making phishing more potent than ever

Mar 25, 2025 8:13 AM

Tags: 2fa, ai, attack, authentication, awareness, breach, business, ciso, conference, corporate, credentials, cyber, cyberattack, cybercrime, cybersecurity, dark-web, data, deep-fake, detection, dns, email, exploit, finance, hacker, infrastructure, intelligence, linkedin, login, malicious, malware, mfa, microsoft, mobile, office, phishing, powershell, qr, russia, service, social-engineering, software, sophos, spam, sql, switch, theft, threat, tool

They’re luring with voice and video: Bad actors are also exploiting AI’s ability to clone voices and likenesses from audio and video clips or images found online.Combined with tools that mimic caller ID, cybercriminals can fool targets by calling them and purporting to be a family member, friend, or work colleague seeking urgent assistance. Such…
WordPress Plugin Vulnerability Opens Door to SQL Injection Exploits

Mar 24, 2025 1:14 PM

Tags: cve, cvss, cyber, data-breach, exploit, injection, sql, vulnerability, wordpress

A critical vulnerability in the popular WordPress plugin GamiPress has been uncovered, leaving users exposed to unauthenticated SQL injection attacks. The issue, assigned the identifier CVE-2024-13496, carries a high CVSS 3.1 score of 7.5, indicating significant potential for exploitation. CVE-2024-13496 was discovered during a security assessment of GamiPress version 7.2.1. The vulnerability affects all versions…
Pre-authentication SQL Injection to RCE in GLPI (CVE-2025-24799 / CVE-2025-24801)

Mar 14, 2025 9:52 AM

Tags: authentication, cve, injection, open-source, rce, remote-code-execution, sql, vulnerability

Summary A significant vulnerability has been identified in GLPI, a popular open-source IT asset management tool. This vulnerability, tracked as CVE-2025-24799 and CVE-2025-24801, allows an First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2025/03/14/pre-authentication-sql-injection-to-rce-in-glpi-cve-2025-24799-cve-2025-24801/
Exim Mail Transfer Vulnerability Allows Attackers to Inject Malicious SQL

Feb 24, 2025 7:22 AM

Tags: cyber, cybersecurity, email, flaw, injection, mail, malicious, sql, vulnerability

A newly disclosed vulnerability in the Exim mail transfer agent (CVE-2025-26794) has sent shockwaves through the cybersecurity community, revealing a critical SQL injection flaw that enables attackers to compromise email systems and manipulate underlying databases. The vulnerability, confirmed in Exim Version 4.98 installations using SQLite for hints databases, represents one of the most severe email…
China-Linked Threat Group Targets Japanese Orgs’ Servers

Feb 18, 2025 11:47 PM

Tags: china, encryption, group, malware, sql, threat, vulnerability

Winnti once used a variety of malware but is now focused on SQL vulnerabilities and obfuscation, updated encryption, and new evasion methods to gain access. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-group-japanese-orgs-servers
Sicherheitslücke: Attacken auf PostgreSQL-Clients möglich

Feb 16, 2025 12:46 PM

Tags: access, bug, exploit, sql, update

Ein Patch schließt eine Schadcode-Lücke, die unter bestimmten Voraussetzungen für Clients mit Zugriff auf Postgre-SQL-Datenbanken gefährlich werden kann. First seen on heise.de Jump to article: www.heise.de/news/Sicherheitsluecke-Angreifer-koennen-PostgreSQL-Datenbanken-attackieren-10282360.html
Experts discovered PostgreSQL flaw chained with BeyondTrust zeroday in targeted attacks

Feb 14, 2025 11:48 AM

Tags: attack, cve, cybersecurity, exploit, flaw, injection, sql, threat, vulnerability, zero-day

Threat actors are exploiting a zero-day SQL injection vulnerability in PostgreSQL, according to researchers from cybersecurity firm Rapid7. Rapid7 researchers discovered a high-severity SQL injection flaw, tracked as CVE-2025-1094, in PostgreSQL’s psql tool. The experts discovered the flaw while investigating the exploitation of the vulnerability CVE-2024-12356 for remote code execution. BeyondTrust patched CVE-2024-12356 in December…
Apache Fineract SQL Injection Vulnerability Allows Malicious Data Injection

Feb 14, 2025 8:48 AM

Tags: apache, api, cyber, data, endpoint, finance, flaw, injection, malicious, risk, software, sql, vulnerability

The Apache Software Foundation has disclosed a critical SQL injection vulnerability in its widely utilized financial platform, Apache Fineract. The flaw, tracked as CVE-2024-32838, affects multiple API endpoints and poses a significant risk to applications built on this platform. This vulnerability allows authenticated attackers to inject malicious SQL data, potentially compromising sensitive information and the overall…
What is anomaly detection? Behavior-based analysis for cyber threats

Feb 14, 2025 7:48 AM

Tags: ai, attack, awareness, business, ceo, ciso, computer, control, credentials, cyber, cybersecurity, data, detection, edr, endpoint, firewall, framework, fraud, ibm, infrastructure, injection, jobs, malware, network, nist, ransomware, siem, soc, sql, strategy, threat, tool, waf

a priori the bad thing that you’re looking for,” Bruce Potter, CEO and founder of Turngate, tells CSO. “It’ll just show up because it doesn’t look like anything else or doesn’t look like it’s supposed to. People have been tilting at that windmill for a long time, since the 1980s, trying to figure out what…
PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks

Feb 14, 2025 6:48 AM

Tags: access, attack, cve, exploit, flaw, injection, sql, threat, tool, vulnerability, zero-day

Threat actors who were behind the exploitation of a zero-day vulnerability in BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products in December 2024 likely also exploited a previously unknown SQL injection flaw in PostgreSQL, according to findings from Rapid7.The vulnerability, tracked as CVE-2025-1094 (CVSS score: 8.1), affects the PostgreSQL interactive tool psql.”An First…
Die besten DAST- & SAST-Tools

Feb 11, 2025 5:55 AM

Tags: access, ai, api, application-security, authentication, awareness, cloud, cyberattack, cybersecurity, docker, framework, HIPAA, injection, PCI, rat, risk, risk-management, service, software, sql, supply-chain, tool, vulnerability, vulnerability-management

Tools für Dynamic und Static Application Security Testing helfen Entwicklern, ihren Quellcode zu härten. Wir zeigen Ihnen die besten Tools zu diesem Zweck.Die Softwarelieferkette respektive ihre Schwachstellen haben in den vergangenen Jahren für viel Wirbel gesorgt. Ein besonders schlagzeilenträchtiges Beispiel ist der Angriff auf den IT-Dienstleister SolarWinds, bei dem mehr als 18.000 Kundenunternehmen betroffen waren.…
Security Researchers Warn of New Risks in DeepSeek AI App

Feb 10, 2025 10:55 PM

Tags: ai, china, data, encryption, flaw, injection, korea, risk, sql

Weak Encryption, Data Transfers to China, Hidden ByteDance Links Found. Security researchers found DeepSeek AI has weak encryption, SQL injection flaws and sends user data to Chinese state-linked entities. Its AI model failed jailbreak tests, making it prone to manipulation. Regulators in Europe, South Korea, and Australia are investigating, with bans and warnings issued over…
Zimbra Releases Security Updates for SQL Injection, Stored XSS, and SSRF Vulnerabilities

Feb 10, 2025 11:37 AM

Tags: cve, cvss, endpoint, exploit, flaw, injection, service, software, sql, update, vulnerability, xss

Zimbra has released software updates to address critical security flaws in its Collaboration software that, if successfully exploited, could result in information disclosure under certain conditions.The vulnerability, tracked as CVE-2025-25064, carries a CVSS score of 9.8 out of a maximum of 10.0. It has been described as an SQL injection bug in the ZimbraSync Service…
What Is SQL Injection? Examples Prevention Tips

Feb 6, 2025 7:06 PM

Tags: data, injection, sql, vulnerability

Learn how SQL Injection works and how this dangerous vulnerability lets attackers manipulate databases, steal data, and cause major security breaches. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/what-is-sql-injection-and-how-can-it-hurt-you/
Hochriskante SQLLücke gefährdet Avi Load Balancer

Jan 29, 2025 12:36 PM

Tags: injection, sql, vmware

Broadcom warnt vor einer SQL-Injection-Lücke in VMware Avi Load Balancer. Angreifer können unbefugt auf die Datenbank zugreifen. First seen on heise.de Jump to article: www.heise.de/news/VMware-Hochriskante-SQL-Injection-Luecke-gefaehrdet-Avi-Load-Balancer-10260568.html
Broadcom Warns of High-Severity SQL Injection Flaw in VMware Avi Load Balancer

Jan 29, 2025 7:44 AM

Tags: access, cve, flaw, injection, malicious, network, sql, vmware, vulnerability

Broadcom has alerted of a high-severity security flaw in VMware Avi Load Balancer that could be weaponized by malicious actors to gain entrenched database access.The vulnerability, tracked as CVE-2025-22217 (CVSS score: 8.6), has been described as an unauthenticated blind SQL injection.”A malicious user with network access may be able to use specially crafted SQL queries…
VMware fixed a flaw in Avi Load Balancer

Jan 29, 2025 1:36 AM

Tags: access, cve, exploit, flaw, injection, network, risk, sql, vmware, vulnerability

VMware fixed a high-risk blind SQL injection vulnerability in Avi Load Balancer, allowing attackers to exploit databases via crafted queries. VMware warns of a high-risk blind SQL injection vulnerability, tracked as CVE-2025-22217 (CVSS score of 8.6), in Avi Load Balancer, allowing attackers with network access to exploit databases via crafted queries. >>VMware AVI Load Balancer…
VMware Warns of High-Risk Blind SQL Injection Bug in Avi Load Balancer

Jan 28, 2025 10:37 PM

Tags: access, injection, malicious, network, risk, sql, vmware

VMware warns that a malicious user with network access may be able to use specially crafted SQL queries to gain database access. The post VMware Warns of High-Risk Blind SQL Injection Bug in Avi Load Balancer appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/vmware-warns-of-high-risk-blind-sql-injection-bug-in-avi-load-balancer/
Treasury Department Breach: A Crucial Reminder for API Security in the Public Sector

Jan 23, 2025 6:22 PM

Tags: access, ai, api, application-security, attack, authentication, breach, china, cve, cyber, data, detection, exploit, finance, flaw, framework, governance, government, hacker, healthcare, infrastructure, injection, malicious, monitoring, network, programming, risk, siem, software, sql, strategy, supply-chain, threat, tool, unauthorized, vpn, vulnerability, zero-day, zero-trust

The recent cyber breach at the U.S. Treasury Department, linked to state-sponsored Chinese hackers, has set off alarm bells in the public sector. As the investigation continues, this incident reveals a pressing issue that all government agencies must confront: securing their APIs (Application Programming Interfaces). APIs are essential connections within our digital infrastructure, facilitating communication…