Cyber security news for all

More

    Attackers could attack Windows systems with PostgreSQL

    There are important security updates for the database system PostgreSQL under Windows. If the conditions are right, attackers could execute malicious code with admin rights.

    A warning message from the developer does not indicate that the vulnerability was posed. Attackers with access rights to certain folders could deposit malicious code there. The installer would then execute this due to an insufficient check. The problem is that the installer runs with admin rights. It can be assumed that a computer is completely compromised after a successful attack.

    The type of blind PostgreSQL injection includes attacks on web applications,which do not display the results of the injection visibly. Instead, they either show no obvious reaction or general error messages. In this case, the page does not provide any data, but it presents itself slightly differently depending on the results of a logical statement. With this method, the information is therefore not identified directly, but rather by means of a series of true or false queries and withdrawn from the database. This method is considered very time consuming. As soon as the weak point and the desired information are found, the attack can be automated using a number of tools.

    Second-order attacks are among the most underhanded, because they do not act immediately. Such harmful but inactive commands can be correctly coded by the application and saved as valid systems in the database. If another part of the application that is possibly not protected against Windows systems in a different context, the delayed attack starts.

    Assume that a company has built a web application in which customers can access their profile by entering their customer number. The front end of the app routes the number entered into the back end. The database executes the PostgreSQL call there and returns the result to the application, which displays it to the user. How to Download and Install PostgreSQL on Windows?

    Recent Articles

    Russian Cybercriminal Behind “Cardplanet” Site Sentenced

    According to the United States Department of Justice, a Russian cybercriminal, Aleksey Burkov, 30—who operated Cardplanet site: a site that trafficked stolen card details—has...

    Hackers Used Malicious Docker Images to Mine Monero

    Researchers found malicious images on Docker Hub used for crypto mining. Palo Alto Networks' Unit  42, unraveled a crypto mining scheme which uses malicious Docker...

    NSA outlines requirements for secure collaboration services for US government telework

    The new National Security Agency (NSA) guidelines are a window of security for users. Everyone has been trying to return to their lives since...

    Cybercriminals threaten to sell off “scandalous” files swiped from Mariah Carey, Nicki Minaj, Puff Daddy’s legal eagles

    There's no escaping these cybercriminals. In a recent case of "cyber-extortion," threat actors known as REvil, are threatening to expose celebrity "dirt." These threat actors...

    Twitter apologises for exposed customers data

    In what is described as a "data security incident," sensitive details of Twitter's customers were exposed. Unlike other cases of a breach which are...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox