'Earth Lamia' Exploits Known SQL, RCE Bugs Across Asia
A "highly active" Chinese threat group is taking proverbial candy from babies, exploiting known bugs in exposed servers to steal data from organizations in sensitive sectors.
SQL is the language used to query databases, making injection flaws, insecure permissions, and exposed data important security risks.
Search across headline titles and summaries.
Background for this topic.
SQL is the language commonly used to query and modify relational databases, which store structured application data such as accounts, transactions, and records. In information security, SQL matters both as a core data-access technology and through vulnerabilities in the applications, database engines, and administration interfaces that use it.
SQL injection occurs when an application combines untrusted input with SQL commands, allowing an attacker—depending on the flaw and database permissions—to read, alter, or delete data or bypass application controls. Developers should use parameterized queries or prepared statements, avoid building commands through string concatenation, and apply least-privilege database accounts. Security teams should also track database and driver vulnerabilities, restrict administrative access, protect credentials, and monitor query and authentication logs. Input validation can supplement these controls but is not a reliable substitute for separating data from executable SQL.
A "highly active" Chinese threat group is taking proverbial candy from babies, exploiting known bugs in exposed servers to steal data from organizations in sensitive sectors.
The China-linked threat actor behind the recent in-the-wild exploitation of a critical security flaw in SAP NetWeaver has been attributed to a broader set of attacks targeting organizations in Brazil, India, and Southeast Asia since 2023