LevelBlue SpiderLabs has discovered a vulnerability in the Orkes Conductor platform (version 5.2.4 | v1.19.12) that allows authenticated attackers to perform time-based blind SQL injection attacks against the backend PostgreSQL database.
LevelBlue SpiderLabs has discovered a vulnerability in the Orkes Conductor platform (version 5.2.4 | v1.19.12) that allows authenticated attackers to perform time-based blind SQL injection attacks against the backend PostgreSQL database.
AWS DocumentDB by default is securely isolated within a VPC, unreachable from the public internet, what could be more secure? This security architecture can create unexpected challenges and complexity. The root cause? The very VPC isolation designed to protect DocumentDB can introduce a complex web of networking requirements, operational considerations, and architectural decisions that require careful management to maintain security.
On July 3, 2025, Qantas confirmed in an update statement that a cyber incident had compromised data from one of its contact centers, following the detection of suspicious activity on June 30. The breach didn’t strike at the heart of Qantas’ systems; it snuck in through a third-party provider.
Organizations often assume that restoring a backup to a patched environment eliminates threats. However, backups encapsulate both data and schema objects, including triggers. A compromised backup, often taken after an initial breach, may contain hidden triggers that reactivate the attacker’s access upon restore. This post explores how malicious triggers in compromised backups can serve as persistence mechanisms for attackers and how to mitigate this threat.
REDCap, developed by Vanderbilt University, is a secure platform designed for data collection in research studies and operations.
Entrar