Just like other user accounts, database users can get certain roles granted. Those roles define what they can do and what they can see. Best practice from a security perspective is the “Principle of Least Privilege” (also known as PoLP), granting only specific privileges the...
Once again it appears that good security is not an unnecessary luxury. A worldwide alarm has just been spread about malware that uses weak passwords in SQL Server. Using a brute force attack, one tries to guess the password of the sysadmin (sa) and then...
The need to protect data from being read by unauthorized people has always been there. In the last years, this need has even increased. One of the first things that come to mind is e.g. GPDR but there are many other cases why you need...
Again 4 new execution side-channel vulnerabilities were disclosed by Intel on May 14th. Each of them has its own name but collectively they are referred to as Microarchitectural Data Sampling (mds): CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM): part of RIDL CVE-2018-12126: Microarchitectural Store Buffer...
Last updated: October 12th 2020. IMPORTANT: information provided is purely informative and has no legal value Update September 2nd 2019: inform your JAVA users they should not just install the latest update, which can easily be done by pressing “Install” or “Next” after the following window appears: It...
Within Microsoft SQL Server databases, some fixed server-level roles are defined, providing a certain level of access and functionality. The role with the highest access and functionality is the SYSADMIN role. Only privileged users or administrators within the company are granted this role. Eddy Van Heghe,...
After the Spectre & Meltdown vulnerabilities (see https://monin-it.be/2018/01/17/meltdown-spectre-solution-linux-windows/) at the beginning of 2018, Intel now tackled 3 applications of another big vulnerability in their microcode: the L1 Terminal Fault (L1TF) vulnerabilities. All three applications of L1TF are speculative execution side-channel cache timing vulnerabilities: CVE-2018-3615: Affecting Intel Software...
Oracle just released a security alert and is urging users to patch their oracle database installations to plug a critical security issue (this one even got CVSS score 9.9/10, which is really high and shows the importance to patch). The vulnerability can result in a complete...
On October 19th 2016, a serious Linux kernel vulnerability named Dirty COW (CVE-2016-5195) was announced. This bug makes it possible for an unprivileged user to get write access to read-only memory mappings which lets them increase their privileges on the system.Checking the impact of this...