Security Alerts & News
by Tymoteusz A. Góral

History
#1449 Critical MySQL vulnerability disclosed
A researcher has published details and a limited proof-of-concept exploit for a critical vulnerability in MySQL that has been patched by some vendors, but not yet by Oracle.

The vulnerability allows an attacker to remotely or locally exploit a vulnerable MySQL database and execute arbitrary code, researcher Dawid Golunski of Legal Hackers wrote today in an advisory.

The flaw affects MySQL 5.7.15, 5.6.33 and 5.5.52. It has been patched in vendor deployments of MySQL in MariaDB and PerconaDB. Golunski said in his advisory that he reported the vulnerability to Oracle and other affected vendors on July 29. MariaDB and PerconaDB patched their versions of the database software before the end of August. Golunski said that since more than 40 days have passed and the two vendor fixes are public, he decided to disclose.
Read more
#1449 Critical MySQL vulnerability disclosed
#1448 Fire drill knocks ING bank's data centre offline
#1447 Cisco’s network bugs are front and center in bankruptcy fight
#1446 Now you can buy a USB stick that destroys anything in its path
#1445 Two critical bugs and more malicious apps make for a bad week for Android
#1444 Re-thinking security fundamentals: How to move beyond the FUD
#1443 Blue light has a dark side
#1442 Cryptocurrency mining malware discovered targeting Seagate NAS hard drives
#1441 MalwareMustDie spotted a new ELF trojan backdoor, which is now targeting IoT devices
#1440 Wordpress urges users to update now to fix critical security holes
#1439 Picture perfect: CryLocker ransomware uploads user information as PNG files
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12