Keeping SQL Servers secure is essential, especially in highly regulated industries like finance, healthcare, and government. The Center for Internet Security (CIS) offers a valuable resource for SQL Server administrators: a set of security benchmarks that provide actionable, best-practice guidance to secure SQL Server instances effectively. Implementing these standards helps reduce vulnerabilities, achieve compliance, and…
Read more
Unfortunately malware attacks attempting to exploit vulnerable SQL Servers are often successful. Last spring, Guardicore announced that the Vollgar attack that was making its way around the internet. Just last month, it was MrbMiner in the news. And there have been countless other attacks targeting SQL Server over the year. So, how can your protect…
Read more
SQL Server hardware can be powerful. Lots of CPU cores and memory. Just what a crypto miner may need in their quest to generate cryptocurrency. In the case of the MrbMiner exploit, numerous SQL Servers have been exploited with brute-force attacks. These attacks are scanning for servers exposed directly to the internet and are using…
Read more
Last week, Guardicore released information about a newly discovered attack that uses SQL Servers to compromise servers and networks. Here’s a link; I’d really encourage you to read it. The attack known as Vollgar uses a simple brute force attack to gain access to SQL Servers exposed to the internet. It then uses the elevated…
Read more
Many companies have lean IT organizations and find themselves with five, ten, or even twenty production SQL Servers and no dedicated Database Administrator to care for them. Instead, they rely on other IT Professionals to ensure the database servers are performant. We’ve worked with many companies where SysAdmins, Application Developers, and Network Administrators have been…
Read more
As of July 9, 2019, SQL Server 2008 and SQL Server 2008 R2 have officially passed from Extended Support to No Longer Supported. What does that mean? It means that Microsoft will no longer release any updates for any version of SQL Server 2008. That includes security patches and data integrity fixes. If a hacker…
Read more
Just when we thought that most cybersecurity attacks came via social engineering, we see this. Attacks on IIS, Microsoft’s web server, increased from 2,000 in Q1 2018 to over 1.7 million in Q2 2018. That’s a mind-boggling 782x increase! This is according to an esentire Security Advisory released last week. Hackers go-to tool of choice? PowerShell was the most commonly…
Read more
Recent Comments