SQL injection attacks launched by novel GambleForce gang

15 December 2023

SecurityWeek reports that two dozen organizations across different industries, most of which are in the Asia-Pacific, had their vulnerable content management systems targeted with SQL injection attacks by the novel GambleForce hacking operation since September. Numerous tools including the web path brute-forcer dirsearch, HTTP/HTTPS proxy daemon TinyProxy, automated SQL injection and database hijacking tool sqlmap, and an old Redis server exploit have been leveraged by GambleForce to exfiltrate login details and hashed credentials, as well as database table lists from three retail and travel organizations in Indonesia, a gambling firm in South Korea, a government entity in the Philippines, and a travel organization in Australia from September to December, according to a report from Group-IB.

Source: SC Magazine

Date:

15 December 2023

Categorie(s):

NEWS

Tag(s):

Databases, IT, News, SQL, Threat Intelligence

The CHIPS Act money: A timeline of grants to chipmakers8 May 2024
Increased complexity planned for Cyber Command’s training platform8 May 2024
Operational approach key to cyberattack mitigation, says Neuberger8 May 2024
10,000 Customers’ Data Exposed in UK Government Breaches8 May 2024
New Spectre-Style ‘Pathfinder’ Attack Targets Intel CPU, Leak Encryption Keys and Data8 May 2024