Securing Cloud Databases: Best Practices with ClickHouse and Wiz

How to protect sensitive data in cloud-hosted databases with built-in security controls, best practices, and continuous risk monitoring...

The vulnerability of the Azure Data Studio software for data development and management, which involves connecting to cloud and local databases, stems from lack of access control mechanisms. This allows attackers to exploit their privileges.

The vulnerability of the Azure Data Studio software for data development and management, which connects to cloud and local databases, is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges...

Melee - Tool To Detect Infections In MySQL Instances

MELEE: A Tool to Detect Ransomware Infections in MySQL Instances Attackers are abusing MySQL instances for conducting nefarious operations on the Internet. The cybercriminals are targeting exposed MySQL instances and triggering infections at scale to exfiltrate data, destruct data, and extort mon...

Researchers Disclose Supply-Chain Flaw Affecting IBM Cloud Databases for PostgreSQL

IBM has fixed a high-severity security vulnerability affecting its Cloud Databases ICD for PostgreSQL product that could be potentially exploited to tamper with internal repositories and run unauthorized code. The privilege escalation flaw CVSS score: 8.8, dubbed "Hell's Keychain" by cloud securi...

Wegmans Exposes Customer Data in Misconfigured Databases

Wegmans Food Markets, the U.S. supermarket chain, has notified customers that some of their data was exposed because two of its cloud-based databases were misconfigured, making them publicly accessible online. In a publicly posted breach notification letter, Wegmans said that the issue was first...

Strafer - A Tool To Detect Potential Infections In Elasticsearch Instances

Elasticsearch infections are rising exponentially. The adversaries are exploiting open and exposed Elasticsearch interfaces to trigger infections in the cloud and non-cloud deployments. During this talk, we will release a tool named "STRAFER" to detect potential infections in the Elasticsearch...

Microsoft Leaves 250M Customer Service Records Open to the Web

UPDATE Misconfigured Microsoft cloud databases containing 14 years of customer support logs exposed 250 million records to the open internet for 25 days. The account info dates back as far as 2005 and is as recent as December 2019 — and exposes Microsoft customers to phishing and tech scams...

7M Adobe Creative Cloud Users Exposed to Hackers

Nearly 7.5 million Adobe Creative Cloud users are left open to phishing campaigns after their records were left exposed to the internet. Adobe Creative Cloud, which has an estimated 15 million subscribers, is a monthly service that gives users access to a suite of popular Adobe products such as...

Religious Website Data Exposed for Months

Religious website service Clover Sites exposed customer data for at least six to seven months, with the dataset found twice in two separate, insecure cloud databases. Clover offers a content management system for building and managing faith-based websites, with a “Clover Donations” module for...

2.3B Files Exposed in a Year: A New Record for Misconfigs

The last 12 months has seen the exposure of a record 2.3 billion files across cloud databases and online shares, according to an analysis released on Thursday. A report from Digital Shadows’ Photon Research Team, Too Much Information: The Sequel, assessed the scale of inadvertent global data...

NEW: Vulnerability and Assessment Scanning for Your AWS Cloud Databases

Scuba is a free and easy-to-use tool that uncovers hidden security risks. Scuba is frequently updated with content from Imperva’s Defense Center researchers. With Scuba you can: Scan enterprise databases for vulnerabilities and misconfigurations Identify risks to your databases Get recommendation...