MrbMiner ! Havocing SQL databases

Thousands of Microsoft SQL Servers (MSSQL) have been found to be infected by a new malware gang, named this new malware gang which is hacking into the servers and installing a crypto-miner, MrbMiner.

The cybercriminal group is so named after one of the domains used by it to host their malware.

The hackers blasted in through the weak password of the SQL Servers and then released the crypto-miner on target systems,


“MrbMiner mining Trojan will carefully hide itself to avoid being discovered by the administrator,” the company said in a blog post earlier this month.

“The Trojan will monitor the task manager process. When the user starts the ‘task manager’ process to view the system, the mining process will immediately exit and delete related files,” .

Researchers discovered the Linux system and ARM system-based mining Trojan files on the FTP File Transfer Protocol) server of the MrbMiner mining Trojan, speculating that MrbMiner has cross-platform attack capabilities.

Vulnerability Assessment & Penetration Testing

VAPT Tools are playing the most important part in penetration testing,

At first, if you hear Vulnerability Assessment and Penetration Testing (VAPT), then it may sound like a new word to you.

But, the fact is that it’s just a mixture of two common important application security activities. Thus, VAPT combines vulnerability evaluation testing with penetration testing.

What Is VAPT (Vulnerability Assessment and Penetration Testing)?

A vulnerability assessment is the analysis of your application utilizing various types of tools and methods to reveal potential vulnerabilities, hence, if you want then this could be achieved through application security testing tools. Well, in this, the threats are identified, analyzed, and prioritized as part of the method.

As we can say that various tools are better at identifying various types of vulnerabilities, so it is crucial not to depend solely on one tool for vulnerability assessment.

Therefore, Vulnerability assessment tools are excellent at pointing threats that may disclose your application to strike, and not only that even they also identify the technical vulnerabilities as well.

But here the question arises that how can you identify that these threats are exploitable? In the actual world, can an attacker gain entrance to your application via these vulnerabilities? This is where penetration testing becomes vital.

Well, Penetration testing is the standard method of actively attacking your application to conclude if potential vulnerabilities can be misused. Therefore, we have shortlisted the top 10 VAPT tools. So, it will be helpful for every user to decide which one to choose among all.

Why Do We Need VAPT Tools?

As we said earlier that VAPT is a process of defending computer systems from attackers by imposing them to find holes and security vulnerabilities.

There are some VAPT tools to evaluate a whole IT system or network, while some bring out an assessment for a particular recess.

Not only this, but there are also VAPT tools for wi-fi network testing as well as web application testing. Tools that administer this method are termed as VAPT tools.

But now the question arises that why do we need VAPT tool? Well, as we said earlier that it is used to determine the loopholes of a website or in simple language, we can say that it is used for defending your website from various attackers.

There is another reason to use VAPT tools; As we grow more reliant on IT systems, the safety hazards are also increasing both in terms of size and range.

Hence, it has become necessary to proactively defend critical IT systems so that there are no security loopholes.

Thus, penetration testing is the most beneficial technique approved by different companies to protect their IT foundations.

So now without wasting much time let’s get started and discuss all top 10 VAPT tools one by one with a proper description along with their features.

10 Best VAPT Tools

Metasploit
Wireshark
NMAP
Burp Suite
Nessus
Indusface
Acunetix
Canvas
Social-Engineer Toolkit
SQLMap

Database security with SQL Server ! PAM

As such, organisations can now securely manage, monitor, record and audit database administrators’ access to SQL Server environments. This gives greater control over appropriate privileged user activity and enables users to more quickly and effectively identify suspicious behaviour.

One Identity is the first privileged access management (PAM) vendor to audit SQL Server and Azure SQL Database connections by native client support.

According to the company, database security, and securing privileged access in SQL server environments is more important than ever.

Cyber criminals are looking for access to privileged or administrative accounts because once inside they can gain access to an organisation’s most sensitive data and systems.

One Identity states, thousands of organisations worldwide rely on SQL Server databases to store highly sensitive information, from core business software to customer and employee information, making administrative access protections critical.

The company states that if a database administrators’ credentials and access is not properly managed and monitored, sensitive data within the database, as well as within other systems, could be exposed.

“Key to protecting these assets is ensuring that database administrator access and activity is fully monitored and managed in order to quickly identify suspicious commands and potential security threats.

One identity launched native support for recording SQL Server and Azure SQL Database sessions in Safeguard to help organisations increase database security to protect their most sensitive and valuable information.

As for securing privileged access, One Identity states its Safeguard solution makes administrative access to SQL Server and Azure SQL Database fully managed, controlled and audited.

The integrated solution includes a secured and hardened password vault, a real-time session monitoring and recording and privileged behavior analytics.

These features are designed to mitigate threats while providing database administrators with the access they need to complete their job functions, the company states.

Security of SQL Server environments can be further improved with two-factor authentication solutions, an integration with third party authentication and authorization systems with plugins or storing SQL passwords in the vault, according to One Identity.

Safeguard also features integrations with backend user management systems, such as Microsoft Active Directory or LDAP, with policy-based access enforcement and credential management.

Session monitoring and recording gives organisations real-time and historic visibility into the data and systems that database administrators access.

Audited sessions are encrypted, timestamped and stored in a trail file for tamper-proof evidence of actions taken throughout each session. Organisations can also execute commands, such as initiating security alerts, in near real-time when a risky command is observed.

Additionally, Safeguard serves as a proxy, inspecting application-level protocol traffic and can reject any traffic in violation of that protocol.

This ensures organisations can leverage their existing database tools and processes to access SQL environments, eliminating the need to increase security or changing the way users gain access to SQL environments.

Microsoft Azure Marketing senior director Wisam Hirzalla says, “Due to the critical data stored in SQL environments both on-premises and in the cloud, ensuring only authorised users get access is critical to data protection.

“One Identity Safeguards monitoring capabilities work natively with both SQL Server on-premises and Azure SQL Database to ensure only authorised users gain access.”