"Hackers Keep Winning by Gambling on SQL Injection Exploits"

Group-IB warns that a hacking group dubbed GambleForce has been targeting businesses and government agencies in attacks involving exploiting SQL injection flaws. In September, the company discovered and gained access to a command-and-control (C2) server used by the group, which regularly targets gambling companies and other types of organizations. According to a new Group-IB report, the attackers appear to use various free tools, including the open source penetration testing tool slqmap to inject malicious SQL code into a public-facing web page, allowing them to bypass default authentication and access sensitive data. In six of the 24 attacks recorded by the tools hosted on the attackers' C2 server, they were able to obtain user databases containing logins and hashed passwords, along with lists of main tables from accessible databases. This article continues to discuss findings regarding the GambleForce hacking group. 

DataBreachToday reports "Hackers Keep Winning by Gambling on SQL Injection Exploits"

Submitted by grigby1