A WordPress plugin installed on over one million sites has just fixed a severe SQL injection vulnerability that can allow attackers to steal data from a website's database.
After the ransacking of MongoDB, ElasticSearch, Hadoop, and CouchDB servers, attackers are now hijacking hundreds of MySQL databases, deleting their content, and leaving a ransom note behind asking for a 0.2 Bitcoin ($235) payment.
Dutch malware experts have found a new malware strain that targets online shops running on the Magento platform, which can self-heal using code hidden in the website's database.
Link bookmarking service Instapaper came back online today following a critical database issue that forced it offline for 31 hours over the past two days.
For a week in November and December 2016, someone tried to resurrect the 14-year-old SQL Slammer worm, according to security firm Check Point, who reported today that they've "detected a massive increase in the number of attack attempts."
GitLab.com, a web service for hosting and syncing source code, similar to GitHub, has gone down last night at around 18:00 ET, January 31, and after 11 hours, at the time of publishing, the website is still down.
An unknown hacker is accessing public and unsecured Apache Cassandra databases and adding an extra table through which it warns server owners that their DB was left exposed to online attacks.
Almost nine days after attacks on MongoDB servers have ramped up, the number of ransacked databases has reached 32,380 hosts, and the number of groups involved in these attacks has grown to 21, after initially just one group had been involved.
The number of hijacked MongoDB servers held for ransom has skyrocketed in the past two days from 10,500 to over 28,200, thanks in large part to the involvement of a professional ransomware group known as Kraken.
What started as isolated incidents on Monday has transformed into an all out destruction of thousands of MongoDB servers by the end of the week.