Threat actors have launched a novel SQL server hacking campaign leveraging the built-in utility "sqlps.exe" to facilitate brute-force attacks and SuspSQLUsage malware deployment, The Hacker News reports.
Microsoft researchers discovered that the usage of the sqlps.exe utility, which is found across all SQL server versions, for executing recon commands and modifying the SQL service start mode has enabled fileless persistence.
Attackers have also been able to takeover SQL servers by utilizing sqplps.exe for sysadmin account creation, according to the report. Through fileless attacks that reduce the likelihood of antivirus system detections, threat actors have been able to better conceal malicious activity with typical network activity and administrative tasks, researchers said. Microsoft also noted that the new attacks indicate continued legitimate binary weaponization.
"The use of this uncommon living-off-the-land binary (LOLBin) highlights the importance of gaining full visibility into the runtime behavior of scripts in order to expose malicious code," said Microsoft in a tweet.
Qualcomm on Tuesday disclosed nearly two dozen security vulnerabilities in its chipsets, including the company’s flagship suite of SnapDragon processor chips and affecting products that range from cars to powerline communications.
Open source software utilization has been scaled back by nearly 40% of industry professionals due to security concerns, with more than 50% reducing open source usage following the emergence of the widespread Log4j vulnerability, The Register reports.
New security vulnerabilities have been added by Keksec threat group, also known as Kek Security, FreakOut, and Necro, to its Enemybot Linux-based botnet to attack web servers, content management systems, and Android devices, reports The Hacker News.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news