Search This Blog

Showing posts with label database. Show all posts

SQL Triggers Used by Hackers to Compromise User Database

 

Over the past year, a broader pattern of WordPress malware with SQL triggers has occurred within infected databases to mask intrusive SQL queries. Whenever the trigger condition is fulfilled, these queries insert an admin-level user into a contaminated database. Users can use a MySQL database to store essential data, including CMS settings and a common CMS is used on their website (such as WordPress). Something that might change the MySQL database is whether injecting harmful code or removing the content of your Website, could also do severe harm to the website. 

Potential for protection is one factor why the MySQL database has its own unique username and password, which will deter someone from checking the MySQL database manually without the required login details. Unfortunately, if attackers have unauthenticated access, they can also read a wp-config.php file to understand the website's database authentication credentials — which can then be used to connect to the database using code from the attacker and malicious adjustments. 

An intruder with unwanted access to a website, who would like to create a permanent loophole if the files of the Website are washed, is indeed an example from real life.

An intruder's approach is to set an admin user in the CMS database of the website. Usually, these can be conveniently found in the administrative dashboard or SQL client. The unauthorized admin account is a loophole outside of the website and in the directory of the webserver. This knowledge is critical since owners of a compromised website will also forget the index. However, the exclusion of suspected users from the database of the website does not entail the removal of any potential backdoors. 

A SQL trigger is an automatically stored process that runs when certain database modifications are introduced. While there have been several useful implementations, that bad actors use SQL triggers to retain unwanted access after a compromise. To achieve this, attackers are placing a SQL trigger in a compromised website database and malicious activity is performed if specific conditions have been reached or an incident happens.

If attackers breach a site, they will bet on any database passwords that are stored in wp-config or other CMS configuration files — and once the hacker has obtained the data at any post-infection period, it can be extremely hard to identify if the hacker has harvested any valuable information. Users must change passwords, including the databases if a breach occurs. Failure to pursue this post-hack phase will allow an attacker to enter and change the website even after the user has assumed the infection was removed.

Comcast Data Breach Compromised with 1.5 Billion Data Records

 

American cable and Internet giant Comcast was struck by a data breach few days back. An unprotected developer database with 1.5 billion data records and other internal information was available via the Internet to third parties during this data breach. 

Comcast Corporation is the largest cable operator network and, after the AT&T it is the second largest internet service provider as well as the third largest telephonic company in the US after the AT&T and Verizon Communications. 

Recently the research team of WebsitePlanet in collaboration with the security researcher, Jeremiah Fowler, identified a non-password-protected database with a total size of 478 GB of 1.5 billion records. The database of Comcast featured dashboard permissions, logging, client IPs, @comcast e-mail addresses and hashed passwords in publicly accessible domain. By this breach, a description of the internal functionality, logging and general network structure is established with the IP addresses contained in the database. The server also revealed the Comcast Development Team's email addresses and hashed passwords. Further the database also provided the error reports, warning and the task or job scheduling information, cluster names, device names, and internal rules marked by the tag “Privileged=True.” Middleware also was detected in error logs and can often be used for ransomware or other bugs as a secondary way. 

However the measures to control the access to the data were taken around in an hour, as the malicious actors could have easily accessed and retrieved the confidential information until the data was secured. The researchers relying on Comcast's data immediately submitted a notice of disclosure and affirmed their observations to their Security Defect Reporting team. 

Fowler also said that, this was among the fastest response times I have ever had. Comcast acted fast and professionally to restrict the data set that was accessible to anyone with an internet connection. 

A representative for Comcast stated that, “The database in question contained only simulated data, with no real employee, customer or company data, outside of four publicly available Comcast email addresses. The database was used for software development purposes and was inadvertently exposed to the Internet. It was quickly closed when the researcher alerted us of the issue. We value the work of independent security researchers in helping us to make our products and services safer and thank the researcher for his responsible disclosure in this matter.” 

Naturally, it is unavoidable to deal with errors which reveal data as long as people are engaged in configurations. However, Comcast's size does cause these mistakes to be very disruptive and can affect many subscribers and business customers. That's the reason why these firms would follow those security lists, double-check additional teams, and do whatever they can to reduce chance of publicity. Though in this incident the action was taken in time.

Bitcoin surges past $ 11,000

Bitcoin soared 9% on Monday, performing like a safe haven asset as it edged past $11,000 for the first time since around mid-July.

The price of the world’s largest cryptocurrency climbed as high as $11,860, according to CoinDesk data, hitting a more than 3-week high. Bitcoin’s value now accounts for nearly 70% of the global crypto market, according to CoinMarketCap.

Global stock markets on the other hand have been sliding lower on the back of renewed trade uncertainty, after President Donald Trump said last week that Washington would impose 10% tariffs on another $300 billion worth of Chinese goods.

The pan-European Stoxx 600 index slipped 1.6% on Monday while the MSCI’s broadest index of Asia-Pacific shares outside Japan plummeted 2.5%. Dow futures meanwhile were off by about 100 points.

Analysts have previously argued the case that bitcoin could be a safe haven asset, with investors having flocked to the digital asset in the past on the back of an escalation in U.S.-Sino tensions.

“Bitcoin has many use cases and one of the most important is as a form of digital gold,” Charles Hayter, CEO of digital currency comparison platform CryptoCompare, told CNBC by email on Monday. “We have seen bitcoin jump before on macro uncertainty as it becomes a conduit and flight-to-safety asset.”

Yuan depreciation

Bitcoin’s jump in value also comes as China allowed the yuan to break the seven-per-dollar level for the first time in 11 years, triggering fears of a potential currency war.

The yuan fell after China’s central bank, the People’s Bank of China, set the currency’s daily midpoint at 6.9225 per dollar, its weakest level since December last year.

Simon Peters, an analyst at trading platform eToro, said Chinese investors could be seeking to diversify as the yuan depreciates.

“Given that Chinese investors make up a large proportion of crypto investors, there’s a strong possibility some are backing bitcoin’s chances against the yuan,” Peters said in a note on Monday.

US Navy to create database of 350 billion social media posts







The United States navy is planning to create a repository of more than 350 billion social media posts from around the world, to research on how people behave online. 

The project team has not specified from which social media platform they are intend to collect the data. 

However, they will only collect the public posts in between 2014 and 2016, from more than 100 countries and in at least 60 different languages. 

The details of the project were revealed in a  tender document from the Naval Postgraduate School for a firm to provide the data.

The deadline of the applications have now closed.

Additional requirements included:
  • the posts must come from at least 200 million unique users
  • no more than 30% can come from a particular country
  • at least 50% must be in a language other than English
  • location information must be included in at least 20% of the records

The collected database must not include private messages and users personal information. 


"Social media data allows us for the first time, to measure how colloquial expressions and slang evolve over time, across a diverse array of human societies, so that we can begin to understand how and why communities come to be formed around certain forms of discourse rather than others," T Camber Warren, the project's lead researcher, told Bloomberg.