Collaborate Disseminate
Cybersecurity researchers today uncovered a sustained malicious campaign dating back to May 2018 that targets Windows machines running MS-SQL servers to deploy backdoors and other kinds of malware, including multi-functional remote access tools (RATs) … Continue reading WARNING: Hackers Install Secret Backdoor on Thousands of Microsoft SQL Servers
A team of security researchers has claims to have found a publicly-accessible database that exposes information on more than 80 million U.S. households—nearly 65 percent of the total number of American households.
Discovered by VPNMentor’s research te… Continue reading Unprotected Database Exposes Personal Info of 80 Million American Households
The world’s biggest hotel chain Marriott International today disclosed that unknown hackers compromised guest reservation database its subsidiary Starwood hotels and walked away with personal details of about 500 million guests.
Starwood Hotels and Re… Continue reading 500 Million Marriott Guest Records Stolen in Starwood Data Breach
The real identity of Tessa88—the notorious hacker tied to several high-profile cyber attacks including the LinkedIn, DropBox and MySpace mega breaches—has been revealed as Maksim Vladimirovich Donakov (Максим Владимирович Донаков), a resident of Penza,… Continue reading Real Identity of Hacker Who Sold LinkedIn, Dropbox Databases Revealed
Security researchers have discovered multiple attack campaigns conducted by an established Chinese criminal group that operates worldwide, targeting database servers for mining cryptocurrencies, exfiltrating sensitive data and building a DDoS botnet.
… Continue reading Hackers Targeting Servers Running Database Services for Mining Cryptocurrency
In the digital age, one of the most popular sayings is—if you’re not paying, then you’re not the customer, you’re the product.
While downloading apps on their smartphones, most users may not realize how much data they collect on you.
Believe me; it’s… Continue reading Massive Breach Exposes Keyboard App that Collects Personal Data On Its 31 Million Users
BSQLinjector is an easy to use Blind SQL Injection tool in Ruby, that uses blind methods to retrieve data from SQL databases. The download is below.
The author recommends using the “–test” switch to clearly see how configured payload looks like before sending it to an application.
What is Blind SQL Injection?
Blind SQL Injection is a type of SQL Injection (SQLi) attack that asks the database true or false questions and determines the answer based on the application’s response.
Continue reading BSQLinjector – Blind SQL Injection Tool Download in Ruby
NoSQLMap is an open source Python-based automated NoSQL exploitation tool designed to audit for as well as automate injection attacks and exploit default configuration weaknesses in NoSQL databases. It is also intended to attack web applications using NoSQL in order to disclose data from the database. Presently the tool’s exploits are focused…
Read the full post at darknet.org.uk
Continue reading NoSQLMap – Automated NoSQL Exploitation Tool
jSQL is an automatic SQL Injection tool written in Java, it’s lightweight and supports 23 kinds of database. It is free, open source and cross-platform (Windows, Linux, Mac OS X) and is easily available in Kali, Pentest Box, Parrot Security OS, ArchStrike or BlackArch Linux. Features Automatic injection of 23 kinds of databases: Access CockroachDB…
Read the full post at darknet.org.uk
Continue reading jSQL – Automatic SQL Injection Tool In Java
Nothing in this world is fully secure, from our borders to cyberspace. I know vulnerabilities are bad, but the worst part comes in when people just don’t care to apply patches on time.
Late last year, Cisco’s Talos intelligence and research group disc… Continue reading Over 70,000 Memcached Servers Still Vulnerable to Remote Hacking