Millions of Adobe accounts exposed in privacy snafu
An Adobe database was left online without password protection, exposing about 7.5 million Creative Cloud accounts for about a week, security researcher Bob Diachenko found. No financial information was exposed, but data such as email addresses and member IDs could be used in phishing attacks.
Chinese malware creates 'magic password' for MSSQL servers
Chinese cyberspies have developed malware that alters Microsoft SQL Server (MSSQL) databases and creates a backdoor mechanism that can let hackers connect to any account by using a "magic password." The backdoor also hides user sessions inside the database's connection logs every time the "magic password" is used, helping hackers remain undetected even when administrators may suspect something is wrong. The malware, called skip-2.0, works with only versions 11 and 12.
False-flag hackers present a major security concern
A Russia-linked group’s use of stolen tools is having as worrying repercussions. In the sordid world of cyber war, there is no such thing as professional courtesy. That was the finding of a report this week, which said a Russian cyber espionage unit carried out attacks under the guise of being Iranian. The growing difficulty of finding the provenance of hacks is only matched by the rising damage which cyber attacks can achieve. The risks from misguided retaliation demand continued efforts to identify the origins of attacks.