#databasesecurity — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #databasesecurity, aggregated by home.social.
-
Security Flaws Exposed in Popular Database Projects' MCP Servers
Critical security flaws have been uncovered in MCP servers used by popular analytics databases, leaving them vulnerable to risks like SQL injection and full database takeover due to faulty validation and authentication processes. These defects, discovered by Akamai security analyst Tomer Peled, highlight a…
#VulnerabilityResearch #McpServers #DatabaseSecurity #AiApplications #ModelContextProtocol
-
US Agencies Deploy Biometric Glasses, Sparking Surveillance Fears
Imagine a pair of smart glasses that can scan faces and instantly match them to records in multiple federal databases, raising serious concerns about surveillance and personal privacy. This technology, powered by facial recognition and other biometric signals, has sparked fears about the potential for real-time…
#BiometricSurveillance #FacialRecognition #EmergingThreats #UsGovernment #DatabaseSecurity
-
Moltbook, a week-old social network for AI agents, exposed 6,000+ user emails and over a million API keys through an open database, according to Wiz researchers. The creator boasted about writing "zero code" for the platform. The breach highlights security risks when AI generates software without proper configuration oversight. Vulnerability now patched.
-
Fuzzing PostgreSQL at the front door 🔍
Adam Wołk Microsoft shows how fuzzing uncovers edge-case bugs in libpq and #PgBouncer. Learn how to build harnesses, mutate protocol inputs, and harden Postgres networking code against real-world failures. https://p2d2.cz/en/talks/knocking_at_the_door_fuzzing_libpq_and_pgbouncer/
#libpq #Fuzzing #DatabaseSecurity #PostgresDev#OpenSource #DBA #DeveloperTools
-
Fuzzing PostgreSQL at the front door 🔍
Adam Wołk Microsoft shows how fuzzing uncovers edge-case bugs in libpq and #PgBouncer. Learn how to build harnesses, mutate protocol inputs, and harden Postgres networking code against real-world failures. https://p2d2.cz/en/talks/knocking_at_the_door_fuzzing_libpq_and_pgbouncer/
#libpq #Fuzzing #DatabaseSecurity #PostgresDev#OpenSource #DBA #DeveloperTools
-
Fuzzing PostgreSQL at the front door 🔍
Adam Wołk Microsoft shows how fuzzing uncovers edge-case bugs in libpq and #PgBouncer. Learn how to build harnesses, mutate protocol inputs, and harden Postgres networking code against real-world failures. https://p2d2.cz/en/talks/knocking_at_the_door_fuzzing_libpq_and_pgbouncer/
#libpq #Fuzzing #DatabaseSecurity #PostgresDev#OpenSource #DBA #DeveloperTools
-
Fuzzing PostgreSQL at the front door 🔍
Adam Wołk Microsoft shows how fuzzing uncovers edge-case bugs in libpq and #PgBouncer. Learn how to build harnesses, mutate protocol inputs, and harden Postgres networking code against real-world failures. https://p2d2.cz/en/talks/knocking_at_the_door_fuzzing_libpq_and_pgbouncer/
#libpq #Fuzzing #DatabaseSecurity #PostgresDev#OpenSource #DBA #DeveloperTools
-
Fuzzing PostgreSQL at the front door 🔍
Adam Wołk Microsoft shows how fuzzing uncovers edge-case bugs in libpq and #PgBouncer. Learn how to build harnesses, mutate protocol inputs, and harden Postgres networking code against real-world failures. https://p2d2.cz/en/talks/knocking_at_the_door_fuzzing_libpq_and_pgbouncer/
#libpq #Fuzzing #DatabaseSecurity #PostgresDev#OpenSource #DBA #DeveloperTools
-
Automate safe database copies for devs. MaskDump anonymizes emails & phones in huge SQL dumps via pipelines. Compare tools, see configs. https://hackernoon.com/from-production-to-dev-safe-database-copies-with-maskdump #databasesecurity
-
MongoDB Server Security Update, December 2025
https://www.mongodb.com/company/blog/news/mongodb-server-security-update-december-2025
#HackerNews #MongoDB #Security #Update #December2025 #ServerUpdate #DatabaseSecurity
-
Tired of wrestling with TLS certs and CAs for your database? MariaDB 11.8's zero-configuration TLS requires no manual setup 🚀
Check out security management tips at
https://optimizedbyotto.com/post/zero-configuration-tls-mariadb-11.8/
#MariaDB #DatabaseSecurity #OpenSource -
pgAdmin CVE-2025-9636 vulnerability enables OAuth session hijacking, threatening PostgreSQL database security. Database administrators must prioritize pgAdmin 9.8 upgrade immediately. Essential reading for cybersecurity professionals.
#SecurityLand #CyberWatch #Cybersecurity #PostgreSQL #DatabaseSecurity #CVE #OAuth #pgAdmin
-
Everything About SQL Injection 💉
What is SQL Injection?
SQL Injection is a web vulnerability that lets attackers manipulate database queries. This can lead to unauthorized access, data leaks, or even full control of the system.🔬Types of SQL Injection
1️⃣ Classic SQLi – Injecting raw SQL commands.
2️⃣ Blind SQLi – No errors, but the response changes.
3️⃣ Time-Based SQLi – Uses response delays to extract data.
4️⃣ Union-Based SQLi – Merges malicious queries with valid ones.
5️⃣ Out-of-Band SQLi – Exfiltrates data through DNS, HTTP, etc.♦️Potential Impact
▫️Access & dump sensitive data
▫️Bypass login systems
▫️Alter or delete database entries
▫️Full system compromise🔰Common Entry Points
▫️Login forms
▫️Search inputs
▫️Contact forms
▫️URL query parametersDefense Strategies 🛡
✅ Use parameterized queries
✅ Validate & sanitize inputs
✅ Apply least privilege to DB accounts
✅ Monitor logs for anomalies
✅ Perform regular security audits📀Image Description (for visual):
🔹A sleek cyber-themed layout with:
🔹A hacker icon injecting code
🔹A login form being exploited
🔹Database icons showing exposed data
🔹A shield labeled “Prepared Statements” blocking the attack🔖Tags
#SQLInjection #CyberSecurity #EthicalHacking #WebSecurity #BugBounty #InfoSec #Pentesting #OWASP #DatabaseSecurity #HackerTips⚠️Disclaimer
This content is for educational and ethical purposes only. Do not attempt to exploit vulnerabilities without proper authorization. Always follow legal and ethical guidelines when testing or learning about cybersecurity. -
T-SQL Tuesday 183 – Tracking Permissions http://dlvr.it/THw07p via PlanetPowerShell #SQLServer #TSQLTuesday #Permissions #DatabaseSecurity
-
phpMyAdmin Vulnerability Let Hackers Trigger XSS Attack With Malicious Tables https://cybersecuritynews.com/phpmyadmin-triggers-xss-attacks/ #ComputerSecurityNews #phpMyAdminSecurity #CyberSecurityNews #VulnerabilityNews #DatabaseSecurity #XSSVulnerability
-
phpMyAdmin Vulnerability Let Hackers Trigger XSS Attack With Malicious Tables https://cybersecuritynews.com/phpmyadmin-triggers-xss-attacks/ #ComputerSecurityNews #phpMyAdminSecurity #CyberSecurityNews #VulnerabilityNews #DatabaseSecurity #XSSVulnerability
-
phpMyAdmin Vulnerability Let Hackers Trigger XSS Attack With Malicious Tables https://cybersecuritynews.com/phpmyadmin-triggers-xss-attacks/ #ComputerSecurityNews #phpMyAdminSecurity #CyberSecurityNews #VulnerabilityNews #DatabaseSecurity #XSSVulnerability
-
phpMyAdmin Vulnerability Let Hackers Trigger XSS Attack With Malicious Tables https://cybersecuritynews.com/phpmyadmin-triggers-xss-attacks/ #ComputerSecurityNews #phpMyAdminSecurity #CyberSecurityNews #VulnerabilityNews #DatabaseSecurity #XSSVulnerability
-
MSSqlPwner: Open-source tool for pentesting MSSQL servers https://www.helpnetsecurity.com/2025/01/17/mssqlpwner-open-source-pentesting-mssql-servers/ #penetrationtesting #databasesecurity #opensource #Don'tmiss #software #GitHub #News
-
PostgreSQL Vulnerability Exposes Environment Variables to Hackers
A recent PostgreSQL vulnerability has been making waves in the cybersecurity world, exposing environment variables to potential hackers
#PostgreSQL #CyberSecurity #DataBreach #Vulnerability #Hackers #InformationSecurity #DatabaseSecurity #EnvironmentVariables #TechNews #SecurityAwareness #news
https://cloudhosting.evostrix.eu/postgresql-vulnerability-exposes-environment-variables-to-hackers/ -
New Video Alert: MySQL Server Attacks YOU!
Can a hacker execute code on your laptop by logging into a hacked MySQL server? Alexander Rubin reveals an attack vector where MySQL clients become the target of an attack chain.
#BSidesKnoxville2024 #CyberSecurity #MySQL #Hackers #DatabaseSecurity
https://youtu.be/3iQAQSVdKD0 -
Malware exploits weak passwords in PostgreSQL for cryptojacking - Up to 800,000 internet-connected databases could be vulnerable to crypto... - https://cointelegraph.com/news/pg-mem-malware-targets-postgresql-databases-crypto-mining #cloud-nativesecurity #postgresqldatabases #cryptominingmalware #databasesecurity #pg_memmalware #weakpasswords #cryptojacking #cybersecurity #aquasecurity #miningpool
-
Malware exploits weak passwords in PostgreSQL for cryptojacking - Up to 800,000 internet-connected databases could be vulnerable to crypto... - https://cointelegraph.com/news/pg-mem-malware-targets-postgresql-databases-crypto-mining #cloud-nativesecurity #postgresqldatabases #cryptominingmalware #databasesecurity #pg_memmalware #weakpasswords #cryptojacking #cybersecurity #aquasecurity #miningpool
-
Malware exploits weak passwords in PostgreSQL for cryptojacking - Up to 800,000 internet-connected databases could be vulnerable to crypto... - https://cointelegraph.com/news/pg-mem-malware-targets-postgresql-databases-crypto-mining #cloud-nativesecurity #postgresqldatabases #cryptominingmalware #databasesecurity #pg_memmalware #weakpasswords #cryptojacking #cybersecurity #aquasecurity #miningpool
-
Malware exploits weak passwords in PostgreSQL for cryptojacking - Up to 800,000 internet-connected databases could be vulnerable to crypto... - https://cointelegraph.com/news/pg-mem-malware-targets-postgresql-databases-crypto-mining #cloud-nativesecurity #postgresqldatabases #cryptominingmalware #databasesecurity #pg_memmalware #weakpasswords #cryptojacking #cybersecurity #aquasecurity #miningpool
-
Web-based database management tools like phpMyAdmin are widely used due to their ease of use and accessibility. However, there are significant security and performance reasons why you might want to avoid these tools in favor of desktop-based solutions like DBeaver.
https://linuxexpert.org/do-not-use-phpmyadmin/
#linux #windows #macos #DatabaseSecurity #DBeaver #phpMyAdmin #SecureConnections #SSH #VPN #DatabaseManagement #TechLesson #WebSecurity #RDBMS
-
Web-based database management tools like phpMyAdmin are widely used due to their ease of use and accessibility. However, there are significant security and performance reasons why you might want to avoid these tools in favor of desktop-based solutions like DBeaver.
https://linuxexpert.org/do-not-use-phpmyadmin/
#linux #windows #macos #DatabaseSecurity #DBeaver #phpMyAdmin #SecureConnections #SSH #VPN #DatabaseManagement #TechLesson #WebSecurity #RDBMS
-
Web-based database management tools like phpMyAdmin are widely used due to their ease of use and accessibility. However, there are significant security and performance reasons why you might want to avoid these tools in favor of desktop-based solutions like DBeaver.
https://linuxexpert.org/do-not-use-phpmyadmin/
#linux #windows #macos #DatabaseSecurity #DBeaver #phpMyAdmin #SecureConnections #SSH #VPN #DatabaseManagement #TechLesson #WebSecurity #RDBMS
-
Web-based database management tools like phpMyAdmin are widely used due to their ease of use and accessibility. However, there are significant security and performance reasons why you might want to avoid these tools in favor of desktop-based solutions like DBeaver.
https://linuxexpert.org/do-not-use-phpmyadmin/
#linux #windows #macos #DatabaseSecurity #DBeaver #phpMyAdmin #SecureConnections #SSH #VPN #DatabaseManagement #TechLesson #WebSecurity #RDBMS
-
Web-based database management tools like phpMyAdmin are widely used due to their ease of use and accessibility. However, there are significant security and performance reasons why you might want to avoid these tools in favor of desktop-based solutions like DBeaver.
https://linuxexpert.org/do-not-use-phpmyadmin/
#linux #windows #macos #DatabaseSecurity #DBeaver #phpMyAdmin #SecureConnections #SSH #VPN #DatabaseManagement #TechLesson #WebSecurity #RDBMS
-
Unlock the secrets of PostgreSQL security with Henrietta Dombrovskaya at #SCaLE21x. Learn how to safeguard your data with automation and standardization. Join us March 14-17, 2024, in Pasadena, CA. 🔐🐘 #PostgreSQL #DatabaseSecurity https://www.socallinuxexpo.org/scale/21x/presentations/securing-your-postgresql-data-comprehensive-guide-protecting-your-database
-
MongoDB Confirms Hack, Says Customer Data Stolen – Source: www.securityweek.com https://ciso2ciso.com/mongodb-confirms-hack-says-customer-data-stolen-source-www-securityweek-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #DatabaseSecurity #IncidentResponse #securityweekcom #DataBreaches #MongoDBAtlas #securityweek #ransomware #MongoDB
-
MongoDB Confirms Hack, Says Customer Data Stolen – Source: www.securityweek.com https://ciso2ciso.com/mongodb-confirms-hack-says-customer-data-stolen-source-www-securityweek-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #DatabaseSecurity #IncidentResponse #securityweekcom #DataBreaches #MongoDBAtlas #securityweek #ransomware #MongoDB
-
MongoDB Confirms Hack, Says Customer Data Stolen https://www.securityweek.com/mongodb-confirms-hack-says-customer-data-stolen/ #IncidentResponse #DatabaseSecurity #DataBreaches #MongoDBAtlas #ransomware #MongoDB
-
MongoDB Confirms Hack, Says Customer Data Stolen https://www.securityweek.com/mongodb-confirms-hack-says-customer-data-stolen/ #IncidentResponse #DatabaseSecurity #DataBreaches #MongoDBAtlas #ransomware #MongoDB
-
MongoDB Confirms Hack, Says Customer Data Stolen https://www.securityweek.com/mongodb-confirms-hack-says-customer-data-stolen/ #IncidentResponse #DatabaseSecurity #DataBreaches #MongoDBAtlas #ransomware #MongoDB
-
MongoDB Confirms Hack, Says Customer Data Stolen https://www.securityweek.com/mongodb-confirms-hack-says-customer-data-stolen/ #IncidentResponse #DatabaseSecurity #DataBreaches #MongoDBAtlas #ransomware #MongoDB
-
🔒 Dive into the world of relational database security! Our latest post unravels the secrets of user authentication and access control in SQL Server, Oracle, MariaDB/MySQL, and PostgreSQL. Perfect for DBAs and devs! #DatabaseSecurity #TechInsights #SQLServer #Oracle #MariaDB #PostgreSQL 🛡️💻
https://compositecode.blog/2023/12/07/security-and-authentication-in-relational-databases/
-
🔐¡Atención a todos los profesionales de #Oracle! El 19 de octubre se liberó una Actualización Crítica esencial que aborda 387 nuevas vulnerabilidades de seguridad en varios productos Oracle, incluyendo Oracle Database Server. 🛡️La aplicación oportuna de estos parches es crucial para prevenir la explotación maliciosa y mantener nuestros sistemas seguros. Oracle recomienda aplicar estos parches sin demora. ¡Mantente actualizado y protegido!🔄🔒 #CyberSecurity #DatabaseSecurity
https://www.oracle.com/security-alerts/cpuoct2023.html -
CW: research papers
K. Coby Wang and M. Reiter, "Bernoulli honeywords"¹
Decoy passwords, or ``honeywords,'' planted in a credential database can alert a site to its breach if ever submitted in a login attempt. To be effective, some honeywords must appear at least as likely to be user-chosen passwords as the real ones, and honeywords must be very difficult to guess without having breached the database, to prevent false breach alarms. These goals have proved elusive, however, for heuristic honeyword generation algorithms. In this paper we explore an alternative strategy in which the defender treats honeyword selection as a Bernoulli process in which each possible password (except the user-chosen one) is selected as a honeyword independently with some fixed probability. We show how Bernoulli honeywords can be integrated into two existing system designs for leveraging honeywords: one based on a honeychecker that stores the secret index of the user-chosen password in the list of account passwords, and another that does not leverage secret state at all. We show that Bernoulli honeywords enable analytic derivation of false breach-detection probabilities irrespective of what information the attacker gathers about the sites' users; that their true and false breach-detection probabilities demonstrate compelling efficacy; and that Bernoulli honeywords can even enable performance improvements in modern honeyword system designs.
#arXiv #ResearchPapers #Honeywords #BernoulliHoneywords #DatabaseSecurity
-
Big news! Andreas Wolter shared.. The #AzureSQL Database #STIG was released today.
Download from the DISA website: https://public.cyber.mil/stigs/downloads/ #DatabaseSecurity #DoD
-
#ActuLibre WARNING: Hackers Install Secret Backdoor on Thousands of Microsoft SQL Servers -> http://feedproxy.google.com/~r/TheHackersNews/~3/AaO1rKvJ0qM/backdoor-.html #databasesecurity #databasehacking #cryptocurrency #windowsmalware #Malwareattack #MSSQLhacking #CyberAttack #hackingnews #MySQL
-
#ActuLibre Marriott Suffers Second Breach Exposing Data of 5.2 Million Hotel Guests -> http://feedproxy.google.com/~r/TheHackersNews/~3/BP_YFFOvoao/marriott-data-breach.html #MarriottInternational #hotelreservations #databasesecurity #cybersecurity #CyberAttack #databreach #Privacy
-
#ActuLibre User Survey 2020 Report Shows Rapid Growth In Apache Pulsar Adoption -> http://feedproxy.google.com/~r/TheHackersNews/~3/doKQeE_qUDI/apache-pulsar-application.html #cybersecuritysurvey #databasesecurity #ApachePulsar
-
#ActuLibre Virgin Media Data Leak Exposes Details of 900,000 Customers -> http://feedproxy.google.com/~r/TheHackersNews/~3/pqpAodpRJTI/virgin-media-data-breach.html #databasesecurity #Telecomcompany #Telecomhacking #VirginMobile #hackingnews #VirginMedia #databreach #dataleaked
-
#ActuLibre A Massive U.S. Property and Demographic Database Exposes 200 Million Records -> http://feedproxy.google.com/~r/TheHackersNews/~3/uGOBCP6HvY8/us-property-records-database.html #databasebreached #databasesecurity #cybersecurity #databreach #dataleaked