SaaS Archives

Tech Optimizer

February 21, 2025

Self-managed multi-tenant vector search with Amazon Aurora PostgreSQL

Organizations are using generative AI and machine learning tools to extract value from unstructured data, employing specialized machine learning models to convert data into vectors for efficient searching and retrieval. Amazon Aurora PostgreSQL-Compatible Edition, with the pgvector extension, allows developers to create a vector store for generative AI applications. Multi-tenant architectures in software-as-a-service (SaaS) applications ensure tenant data isolation to maintain security and privacy. In a multi-tenant scenario, home survey requests are processed, and survey reports are stored in Amazon S3. Embedding models convert these documents into vector embeddings, which are stored in a vector store. There are two approaches to building a vector-based application: a self-managed approach, where developers handle data processing and queries, and a fully-managed option using Amazon Bedrock Knowledge Bases. The self-managed approach involves coding to process data, generate vector embeddings, and store them in Aurora. The architecture includes data ingestion via AWS Lambda, embedding conversion, SQL queries for data retrieval, and response enhancement using a large language model (LLM). Key terminologies include vector embeddings, embedding models, chunking, pgvector, HNSW index, and IVFFlat index. The process of creating a vector store involves configuring the Aurora PostgreSQL database, enabling the pgvector extension, and establishing a schema for the vector store. The vector table includes fields for UUID, vector embeddings, text chunks, metadata, and tenant identification. Data ingestion requires coding to convert data into embeddings and insert them into the database. Retrieval of vector data is crucial for enhancing prompts sent to LLMs, with various distance functions supported for identifying similar vectors. Multi-tenancy is enforced using row-level security in PostgreSQL, ensuring tenant data isolation. The process includes updating query functions to support tenant isolation and setting the current tenant ID for queries.

Tech Optimizer

February 21, 2025

Multi-tenant vector search with Amazon Aurora PostgreSQL and Amazon Bedrock Knowledge Bases

The article discusses the implementation of a multi-tenant vector store using Amazon Aurora PostgreSQL-Compatible Edition and Amazon Bedrock Knowledge Bases. It outlines a scenario where users request home surveys, and surveyors update findings stored in an Amazon S3 bucket. The process involves converting documents into vector embeddings for enhanced natural language queries through the Retrieval Augmented Generation (RAG) technique. Key steps include: 1. Ingesting data from S3 into Amazon Bedrock Knowledge Bases. 2. Using an embeddings model to convert documents into vector embeddings. 3. Storing vector embeddings, data chunks, and metadata in Aurora with pgvector. 4. Submitting natural language queries that are transformed into embeddings for retrieval from the vector store. 5. Forwarding relevant documents to a large language model for response generation. To set up the vector store, prerequisites include access to an Amazon Aurora PostgreSQL-compatible database, Amazon S3 for document storage, and Amazon Bedrock for managing knowledge bases. The article provides SQL commands for creating the necessary schema, vector table, and index in Aurora, as well as instructions for ingesting data and ensuring multi-tenant data isolation through metadata filtering. Best practices for deploying a multi-tenant vector store include optimizing chunk size, evaluating embedding models, and monitoring query performance. The article emphasizes the benefits of fully managed solutions to reduce operational complexity.

Tech Optimizer

February 21, 2025

Serious PostgreSQL flaw exploited in US Treasury zero-day attack

Security researchers have identified a zero-day vulnerability in PostgreSQL, labeled CVE-2025-1094, which is believed to have contributed to the cyber breach of the US Treasury in December. The breach was initially attributed to the command injection vulnerability CVE-2024-12356 in the BeyondTrust Remote Support platform. Successful exploitation of CVE-2024-12356 required prior exploitation of CVE-2025-1094. Although BeyondTrust issued a patch for CVE-2024-12356 in December 2024, it did not resolve the underlying issue of CVE-2025-1094, leaving it a zero-day vulnerability until reported to PostgreSQL. Chinese hackers reportedly gained remote access to multiple workstations within the US Treasury, potentially compromising unclassified documents. The details of the accessed documents and the number of workstations involved are not disclosed. This incident is part of a broader pattern of cyber attacks linked to Chinese state-sponsored actors.

Tech Optimizer

February 20, 2025

PostgreSQL flaw exploited as zero-day in BeyondTrust breach

Rapid7's vulnerability research team reported that a security flaw in PostgreSQL was exploited as a zero-day vulnerability to infiltrate BeyondTrust's network in December, involving two zero-day vulnerabilities, CVE-2024-12356 and CVE-2024-12686, along with a stolen API key, leading to unauthorized access to 17 Remote Support SaaS instances. In early January, the U.S. Treasury Department disclosed a compromise of its network, with attackers using the stolen API key to access its BeyondTrust instance, linked to the Silk Typhoon cyber-espionage group. The attackers targeted critical offices within the Treasury, including CFIUS and OFAC, and accessed the Office of Financial Research systems. CISA added CVE-2024-12356 to its Known Exploited Vulnerabilities catalog on December 19, mandating federal agencies to secure their networks. On January 27, Rapid7 uncovered another zero-day vulnerability in PostgreSQL, CVE-2025-1094, which allows SQL injection attacks due to mishandling of invalid UTF-8 characters. Rapid7 found that exploiting CVE-2024-12356 for remote code execution requires CVE-2025-1094, and while BeyondTrust classified CVE-2024-12356 as command injection, Rapid7 suggests it is an argument injection vulnerability. They identified a method to exploit CVE-2025-1094 for remote code execution in BeyondTrust systems independently of CVE-2024-12356, noting that BeyondTrust's patch for CVE-2024-12356 does not resolve the root cause of CVE-2025-1094 but prevents exploitation of both vulnerabilities.

Tech Optimizer

February 20, 2025

PostgreSQL vulnerability exploited in US Treasury attack

In December 2024, suspected state-sponsored Chinese hackers executed a sophisticated cyber attack on U.S. Treasury employees' workstations, utilizing a dual vulnerability strategy involving CVE-2024-12356 and CVE-2025-1094. CVE-2024-12356 is an unauthenticated command injection flaw in BeyondTrust Remote Support SaaS, while CVE-2025-1094 is a PostgreSQL zero-day vulnerability that allows SQL injection attacks through the psql tool. The PostgreSQL team released a fix for CVE-2025-1094 on February 13, 2025, and BeyondTrust issued patches in December 2024 to mitigate the vulnerabilities. PostgreSQL users are advised to upgrade to fixed versions: 17.3, 16.7, 15.11, 14.16, or 13.19, and BeyondTrust users should implement the December 2024 fix. Rapid7 has provided advisories and indicators of compromise related to these vulnerabilities.

Tech Optimizer

February 17, 2025

A PostgreSQL zero-day was also exploited in US Treasury hack (CVE-2025-1094)

The US Treasury workstations were breached by suspected state-sponsored Chinese hackers using two zero-day vulnerabilities. The first vulnerability, CVE-2024-12356, is an unauthenticated command injection flaw in BeyondTrust's Remote Support SaaS, which requires prior exploitation of CVE-2025-1094. CVE-2025-1094 is related to the PostgreSQL interactive tool, psql, and allows SQL injection attacks due to improper handling of invalid byte sequences. This vulnerability can lead to arbitrary code execution through the execution of meta-commands. Fixes for CVE-2025-1094 were issued by the PostgreSQL team on February 13, 2025, and BeyondTrust released patches in December 2024 that also mitigate risks associated with this vulnerability. PostgreSQL users are advised to upgrade to specific fixed versions, and BeyondTrust users should implement the December 2024 fix. Rapid7 has provided technical details and indicators of compromise for the vulnerabilities.

Tech Optimizer

February 14, 2025

Experts discovered PostgreSQL flaw chained with BeyondTrust zeroday in targeted attacks

Researchers from Rapid7 have identified a significant SQL injection vulnerability in PostgreSQL, designated as CVE-2025-1094. This flaw was discovered during an investigation into another vulnerability, CVE-2024-12356, which was patched by BeyondTrust in December 2024. The patch for CVE-2024-12356 did not resolve the underlying issue of CVE-2025-1094, allowing it to remain a zero-day vulnerability until reported by Rapid7. CVE-2025-1094 has a CVSS score of 8.1 and is caused by improper handling of quoting syntax in PostgreSQL’s libpq functions. Versions of PostgreSQL prior to 17.3, 16.7, 15.11, 14.16, and 13.19 are vulnerable. The exploitation of CVE-2025-1094 allows attackers to inject malicious SQL commands and execute arbitrary code through psql meta-commands. PostgreSQL has released updates to address this vulnerability in the aforementioned versions. The discovery was made by Stephen Fewer, a principal Security Researcher at Rapid7.

Tech Optimizer

December 18, 2024

Mattermost and pgEdge partner to deliver ultra-high availability, multi-master PostgreSQL for always-on, always-available collaboration

Mattermost has entered a strategic partnership with pgEdge to integrate pgEdge Distributed PostgreSQL as a supported database for its collaboration platform. This collaboration aims to enhance Mattermost's platform with an ultra-high availability database solution, allowing organizations to achieve four nines or five nines of uptime. The integration supports deployment in on-premises environments or cloud accounts, including secure computing settings. The partnership has already led to collaboration with a U.S. Government agency requiring a consistently available collaboration platform. Mattermost is recognized for its secure collaboration tools for defense, security, and intelligence teams, while pgEdge is known for its fully distributed, open-source PostgreSQL database with multi-master replication technology.

Winsage

December 17, 2024

I Don’t See a Reason to Switch to Windows from Linux Anymore in 2025

Users are increasingly favoring Linux over Windows in dual boot setups, often using Windows as a backup. The rise of web-based tools and Software as a Service (SaaS) has diminished the importance of the operating system choice, as essential services can be accessed through web browsers. Linux offers a variety of distributions tailored to different user needs, providing customization options that Windows does not. Gaming on Linux has improved with a growing library available through Steam and the introduction of handheld consoles like the Steam Deck. Many software developers are beginning to support Linux, with notable applications like DaVinci Resolve and Surfshark VPN now available. Electron-based applications have increased the availability of productivity tools for Linux users. Linux is free from intrusive advertisements, unlike Windows 11, which can overwhelm users with promotional content. For containerization and self-hosting, Linux is considered superior due to its built-in tools and extensive documentation, offering more control and flexibility than Windows.

Tech Optimizer

December 10, 2024

How Firmex used AWS SCT and AWS DMS to move 65,000 on-premises Microsoft SQL Server databases to an Amazon Aurora PostgreSQL cluster

Firmex is a provider of Virtual Data Rooms, opening over 20,000 new rooms annually and focusing on security and availability for clients during due diligence processes. The company previously managed around 65,000 databases across four Microsoft SQL Servers but faced challenges related to database limits, backups, and licensing terms. In 2020, engineers recognized they were nearing the maximum database limit and shifted from a database-based isolation model to a schema-based isolation approach using PostgreSQL. This transition involved collaboration with AWS to utilize Aurora PostgreSQL-Compatible Edition, which offered better performance and cost-effectiveness. The migration process required extensive work, including converting stored procedures and addressing data migration challenges such as endpoint and task limits with AWS DMS. Firmex's engineers developed custom tooling to manage the migration effectively, ensuring minimal downtime for customers. Post-migration, they have seen improved performance and reduced operating costs, with ongoing efforts to optimize their PostgreSQL utilization further.