Security Alerts & News
by Tymoteusz A. Góral

#1663 Critical MySQL vulnerabilities can lead to server compromise
Critical vulnerabilities in MySQL and vendor deployments by database servers MariaDB and PerconaDB have been identified that can lead to arbitrary code execution, root privilege escalation and server compromise.

Dawid Golunski of Legal Hackers published details around two proof-of-concept exploits for the vulnerabilities on Tuesday.

Both vulnerabilities affect MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier, along with MySQL database forks such as Percona Server and MariaDB.

The first vulnerability, a privilege escalation/race condition bug (CVE-2016-6663) is the more severe of the two. It can allow a local system user that has access to a database to escalate their privileges and execute arbitrary code as the database system user, Golunski said in an advisory. From there, an attacker could successfully access all of the databases on the affected database server.
Read more
#1666 10 gadgets every white hat hacker needs in their toolkit
#1665 NSS Labs tests leading web browsers for secure end user experience
#1664 LastPass brings free password management to all your devices
#1663 Critical MySQL vulnerabilities can lead to server compromise
#1662 Three ways hackers can invade your home (VIDEO)
#1661 Another internet outage takes down services in US and UK
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12