postgresql – WindowsTechs.com

8.8 Rated PostgreSQL Vulnerability Puts Databases at Risk

Posted on November 15, 2024 by Deeba Ahmed

Cybersecurity researchers at Varonis have identified a serious security vulnerability in PostgreSQL that could lead to data breaches… Continue reading 8.8 Rated PostgreSQL Vulnerability Puts Databases at Risk→

Is using `crypt` in PostgreSQL for password comparison secure against timing attacks?

Posted on October 10, 2024 by cstff

I’m currently using PostgreSQL with the pgcrypto extension to store and verify user passwords. When a user logs in, I compare the entered password with the stored hash using the following query:
SELECT id FROM users
WHERE email = ‘example… Continue reading Is using `crypt` in PostgreSQL for password comparison secure against timing attacks?→

New PG_MEM Malware Targets PostgreSQL Databases to Mine Cryptocurrency

Posted on August 21, 2024 by Deeba Ahmed

The new PG_MEM malware targets PostgreSQL databases, exploiting weak passwords to deliver payloads and mine cryptocurrency. Researchers warn… Continue reading New PG_MEM Malware Targets PostgreSQL Databases to Mine Cryptocurrency→

PostgreSQL databases under attack

Posted on August 21, 2024 by Zeljka Zorz

Poorly protected PostgreSQL databases running on Linux machines are being compromised by cryptojacking attackers. The attack – observed by Aqua Security researchers on a honeypot system – starts with the threat actors brute-forcing access c… Continue reading PostgreSQL databases under attack→

Poorly secured PostgreSQL, MySQL servers targeted by ransomware bot

Posted on January 18, 2024 by Zeljka Zorz

Users exposing poorly secured PostgreSQL and MySQL servers online are in danger of getting their databases wiped by a ransomware bot, Border0 researchers are warning. The attackers asks for a small sum to return / not publish the data, but those who pa… Continue reading Poorly secured PostgreSQL, MySQL servers targeted by ransomware bot→

PostgreSQL 16: Where enhanced security meets high performance

Posted on September 18, 2023 by Help Net Security

PostgreSQL is an open-source object-relational database platform with a track record of over 25 years of ongoing development. Its reputation is solid for its reliability, extensive features, and high performance. PostgreSQL 16 enhances its performance … Continue reading PostgreSQL 16: Where enhanced security meets high performance→

Google Cloud Next ’23: New Generative AI-Powered Services

Posted on August 29, 2023 by Megan Crouse

A partnership with NVIDIA on supercomputing and an enterprise-grade version of Google Kubernetes Engine top the array of cloud and AI reveals. Continue reading Google Cloud Next ’23: New Generative AI-Powered Services→

How to do character escaping in PostgreSQL to prevent a SQL injection attack?

Posted on May 30, 2023 by Jan

I want to prevent SQL injection attacks in a rather abstract application. Therefore I want to escape all user provided input as described here. The other options provided on this page don’t fit in my scenario.
I couldn’t find the right pla… Continue reading How to do character escaping in PostgreSQL to prevent a SQL injection attack?→

postgres database information passing in request can we exploit further? [closed]

Posted on May 1, 2023 by infosec_learner

Application login request is shown below.
The postgres information is passed via the cabinetName parameter. Is it a vulnerability? is it useful? can we exploit it?
or any other ways to exploit below request?
POST /<REDACTED>/LoginSer… Continue reading postgres database information passing in request can we exploit further? [closed]→

AWS RDS Database access from Github Actions

Posted on April 14, 2023 by Jöcker

I have a Postgres database hosted in AWS RDS. The rest of my application is also hosted on AWS.
The database migrations, like adding a new column, are done by Prisma, a node package. The pipeline is on GitHub Actions.
There I run npx prism… Continue reading AWS RDS Database access from Github Actions→