#amazon

A novel technique to stump artificial intelligence (AI) text-based systems increases the likelihood of a successful cyberattack by 60%.

AI tools will enable significant productivity and efficiency benefits for organizations in the coming year, but they also will exacerbate privacy, governance, and security risks.

This week on the Lock and Code podcast, we speak with Anna Brading and Mark Stockley about whether anywhere is safe from AI slop.

SUMMARY A recent report from the German news outlet Spiegel has revealed a significant security breach impacting hundreds…

KrebsOnSecurity.com turns 15 years old today! Maybe it's indelicate to celebrate the birthday of a cybercrime blog that mostly publishes bad news, but happily many of 2024's most engrossing security stories were about bad things happening to bad guys. It's also an occasion to note that despite my publishing fewer stories than ever this past year, we somehow managed to attract near record levels of readership (thank you!).

### Summary A SQL injection in the Amazon Redshift Python Connector in version 2.1.4 allows a user to gain escalated privileges via schema injection in the get_schemas, get_tables, or get_columns Metadata APIs. Users should upgrade to the driver version 2.1.5 or revert to driver version 2.1.3. ### Impact A SQL injection is possible in the Amazon Redshift Python Connector, version 2.1.4, when leveraging metadata APIs to retrieve information about database schemas, tables, or columns. **Impacted versions:** Amazon Redshift Python Connector version 2.1.4. ### Patches The issue described above has been addressed in the Amazon Redshift Python Connector, version 2.1.5. The patch implemented in this version ensures that every metadata command input is sent to the Redshift server as part of a parameterized query, using either QUOTE_IDENT(string) or QUOTE_LITERAL(string). After processing all the inputs into quoted identifiers or literals, the metadata command is composed using these input...

### Summary A SQL injection in the Amazon Redshift JDBC Driver in v2.1.0.31 allows a user to gain escalated privileges via schema injection in the getSchemas, getTables, or getColumns Metadata APIs. Users should upgrade to the driver version 2.1.0.32 or revert to driver version 2.1.0.30. ### Impact A SQL injection is possible in the Amazon Redshift JDBC Driver, version 2.1.0.31, when leveraging metadata APIs to retrieve information about database schemas, tables, or columns. **Impacted versions:** Amazon Redshift JDBC Driver version 2.1.0.31. ### Patches The issue described above has been addressed in the Amazon Redshift JDBC Driver, version 2.1.0.32. The patch implemented in this version ensures that every metadata command input is sent to the Redshift server as part of a parameterized query, using either QUOTE_IDENT(string) or QUOTE_LITERAL(string). After processing all the inputs into quoted identifiers or literals, the metadata command is composed using these inputs and then ex...

From zero-day exploits to 5G network vulnerabilities, these are the threats that are expected to persist over the next 12 months.

A US court ruled against NSO Group, an Israeli spyware maker, finding them liable for hacking WhatsApp users. The ruling has major implications for the surveillance technology industry."

Seemingly innocent "white pages," including an elaborate Star Wars-themed site, are bypassing Google's malvertising filters, showing up high in search results to lure users to second-stage phishing sites.