MySQL Archives - Security Affairs

Pierluigi Paganini January 21, 2019

A flaw in MySQL could allow rogue servers to steal files from clients

A rogue MySQL server could be used to steal files from clients due to a design flaw in the popular an open source relational database management system (RDBMS). The flaw resides in the file transfer process between a client host and a MySQL server, it could be exploited by an attacker running a rogue MySQL server to access […]

Pierluigi Paganini December 21, 2017

Chinese crime group targets database servers for mining cryptocurrency

Security researchers discovered multiple hacking campaigns conducted by a Chinese criminal gang targeting database servers. The researchers from the security firm GuardiCore Labs Security have discovered multiple hacking campaigns conducted by a Chinese criminal gang targeting database servers. The attackers targeted systems worldwide for mining cryptocurrencies, exfiltrating sensitive data and building a DDoS botnet. The experts […]

Pierluigi Paganini July 06, 2017

Perl devs fix an important flaw in DBD—MySQL that affects encryption between client and server

Perl development team solved a flaw in DBD—MySQL in some configurations that wasn’t enforcing encryption allowing an attacker to power MiTM attacks. The security researcher Pali Rohár reported an important flaw in DBD—MySQL, tracked as CVE-2017-10789, that affects only encryption between client and server. According to the expert, the issue in some configurations wasn’t enforcing encryption allowing an attacker to […]

Pierluigi Paganini April 15, 2017

Watch out, the Riddle vulnerability affects some Oracle MySQL versions. Update them now

A bug dubbed Riddle vulnerability affecting MySQL 5.5 and 5.6 clients exposed user credentials to MiTM attacks. Update to version 5.7. A coding error dubbed The Riddle has been uncovered in the popular DBMS Oracle MySQL, the issue can be potentially exploited by attacker powering a man-in-the-middle attack to steal usernames and passwords. “The Riddle is a […]

Pierluigi Paganini January 31, 2017

An IndyCar archive left unprotected online, details on 200k racing fans exposed

A notorious security expert has discovered online an open Rsync server hosting the personal details for at least 200,000 IndyCar racing fans. The notorious expert Chris Vickery has discovered an open Rsync server hosting the personal details for at least 200,000 racing fans. Further analysis revealed that data belongs to the archive of a defunct racing […]

Pierluigi Paganini December 29, 2016

Researcher found a severe flaw in the MONyog monitoring tool

A security expert discovered a vulnerability in the MONyog tool that could be exploited by a normal user to elevate his privilege access. The security researcher and penetration tester Mutail Mohamed (@muleyl) discovered a vulnerability in the MONyog, the most secure and scalable MySQL monitoring tool of the server monitoring tool. The application URL is https://www.webyog.com/product/monyog and the affected version is MONyog […]

Pierluigi Paganini November 03, 2016

Critical MySQL flaws can allow attackers to hack into your server

The security expert Dawid Golunski disclosed critical vulnerabilities in MySQL, MariaDB and PerconaDB can lead fully compromise of servers. Critical vulnerabilities affecting the MySQL, MariaDB and PerconaDB can lead fully compromise of servers. The flaws could be exploited by attackers to arbitrary code execution, root privilege escalation and, of course, server compromise. Dawid Golunski (@dawid_golunski) from Legal […]

MySQL

A flaw in MySQL could allow rogue servers to steal files from clients

Chinese crime group targets database servers for mining cryptocurrency

Perl devs fix an important flaw in DBD—MySQL that affects encryption between client and server

Watch out, the Riddle vulnerability affects some Oracle MySQL versions. Update them now

An IndyCar archive left unprotected online, details on 200k racing fans exposed

Researcher found a severe flaw in the MONyog monitoring tool

Critical MySQL flaws can allow attackers to hack into your server

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

DOJ takes action against 22-year-old running RapperBot Botnet

Google fixed Chrome flaw found by Big Sleep AI

Pharmaceutical firm Inotiv discloses ransomware attack. Qilin group claims responsibility for the hack

A hacker tied to Yemen Cyber Army gets 20 months in prison

Exploit weaponizes SAP NetWeaver bugs for full system compromise

QUICK LINKS

MySQL

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!