Showing 34 results for: Database Security ×

Protecting Yourself from MongoDB Ransomware

In the realm of malware, ransomware has been king for the last few years, compromising unsecured hosts and kindly requesting payment from their rightful owners. Back in January 2017, an attacker extended the concept to MongoDB and was hitting unsecured...

Database Security Knowledgebase Update 5.12

This month's update for Database Security Knowledgebase is now available. Knowledgebase version 5.12 includes new and updated checks for Oracle and Sybase ASE. New Vulnerability and Configuration Check Highlights Oracle SQL Injection in CDBView package o Database Activity Monitoring -...

Database Security Knowledgebase Update 5.11

This month's update for Database Security Knowledgebase is now available. Knowledgebase version 5.11 includes new checks for MySQL, SQL Server and Oracle as well as updated checks for SQL Server and MySQL. New Vulnerability and Configuration Check Highlights MySQL Critical...

Raiding the Piggy Bank: Webshell Secrets Revealed

Introduction A recent investigation into credit card fraud that was enabled by a webshell revealed several interesting methods used by the attacker. These methods are the subject of this blog, as well as providing some suggestions on what E-commerce companies...

Database Security Knowledgebase Update 5.06

This month's update for Database Security Knowledgebase is now available. Knowledgebase version 5.06 includes new and updated checks for IBMDB2 LUW, Microsoft SQL Server and SAP (Sybase) ASE. New Vulnerability and Configuration Check Highlights IBMDB2 LUW Restrict Access to SYSCAT.AUDITPOLICIES...

Database Security Knowledgebase Update 5.05

This month's update for Database Security Knowledgebase is now available. Knowledgebase version 5.05 includes new and updated checks for MySQL. New Vulnerability and Configuration Check Highlights MySQL Locked Accounts Check for accounts that have been locked Risk: Informational Relevant CVEs:...

Database Security Knowledgebase Update 5.04

This month's update for Database Security Knowledgebase is now available. Knowledgebase version 5.04 includes new checks for SAP (Sybase) ASE, Microsoft SQL Server, MySQL and Oracle, and updated checks for Microsoft SQL Server. New Vulnerability and Configuration Check Highlights SAP...

SAP ASE file creation vulnerability (CVE-2016-6196)

Recently SAP released a patch for an Adaptive Server Enterprise vulnerability that allows legitimate database users to create files on disk where the server process can write to. This is useful when doing a chained database attack - first create...

Database Security Knowledgebase Update 5.03

This month's update for Database Security Knowledgebase is now available. Knowledgebase version 5.00 includes new checks for Microsoft SQL Server, MySQL, Oracle and Teradata and new CIS policies for MySQL v1.0.2 and Oracle 11gR2 v2.0.0. New Vulnerability and Configuration Check...

Database Security Knowledgebase Update 5.02

This month's update for Database Security Knowledgebase is now available. Knowledgebase version 5.02 includes new checks for Microsoft SQL Server and SAP (Sybase) ASE New Vulnerability and Configuration Check Highlights Microsoft SQL Server Orphaned users Examines for orphaned users. Risk:...

About SAP ASE DSAM SQL Injection (CVE-2016-4013)

SAP introduced a new feature in SP02 for Adaptive Server Enterprise 16.0 that provides support for Data Store Access Management (DSAM). This is perfect example of new functionality introducing new vulnerabilities. The new DSAM implementation suffers from an SQL injection...

Database Security Knowledgebase Update 5.01

This month's update for Database Security Knowledgebase is now available. Knowledgebase version 5.01 includes new checks for MySQL, Oracle and SAP (Sybase) ASE and updated checks for MySQL and SAP (Sybase) ASE. New Vulnerability and Configuration Check Highlights MySQL Critical...

Database Security Knowledgebase Update 5.00

This month's update for Database Security Knowledgebase is now available. Knowledgebase version 5.00 includes new checks for Microsoft SQL Server, MySQL, Oracle and Teradata and new CIS policies for MySQL v1.0.2 and Oracle 11gR2 v2.0.0. New Vulnerability and Configuration Check...

AppDetectivePRO and DbProtect Knowledgebase Update 4.54

This month's update for our AppDetectivePRO and DbProtect Knowledgebase is now available. Knowledgebase version 4.54 includes new support for SAP (Sybase) Adaptive Server Enterprise (ASE) version 16.0, a new check for Oracle Database encryption, updated checks for SAP (Sybase) ASE...