MySQL

Pierluigi Paganini January 21, 2019
A flaw in MySQL could allow rogue servers to steal files from clients

A rogue MySQL server could be used to steal files from clients due to a design flaw in the popular an open source relational database management system (RDBMS). The flaw resides in the file transfer process between a client host and a MySQL server, it could be exploited by an attacker running a rogue MySQL server to access […]

Pierluigi Paganini December 21, 2017
Chinese crime group targets database servers for mining cryptocurrency

  Security researchers discovered multiple hacking campaigns conducted by a Chinese criminal gang targeting database servers. The researchers from the security firm GuardiCore Labs Security have discovered multiple hacking campaigns conducted by a Chinese criminal gang targeting database servers. The attackers targeted systems worldwide for mining cryptocurrencies, exfiltrating sensitive data and building a DDoS botnet. The experts […]

Pierluigi Paganini July 06, 2017
Perl devs fix an important flaw in DBD—MySQL that affects encryption between client and server

Perl development team solved a flaw in DBD—MySQL in some configurations that wasn’t enforcing encryption allowing an attacker to power MiTM attacks. The security researcher Pali RohĂĄr reported an important flaw in DBD—MySQL, tracked as CVE-2017-10789, that affects only encryption between client and server. According to the expert, the issue in some configurations wasn’t enforcing encryption allowing an attacker to […]

Pierluigi Paganini April 15, 2017
Watch out, the Riddle vulnerability affects some Oracle MySQL versions. Update them now

A bug dubbed Riddle vulnerability affecting MySQL 5.5 and 5.6 clients exposed user credentials to MiTM attacks. Update to version 5.7. A coding error dubbed The Riddle has been uncovered in the popular DBMS Oracle MySQL, the issue can be potentially exploited by attacker powering a man-in-the-middle attack to steal usernames and passwords. “The Riddle is a […]

Pierluigi Paganini January 31, 2017
An IndyCar archive left unprotected online, details on 200k racing fans exposed

A notorious security expert has discovered online an open Rsync server hosting the personal details for at least 200,000 IndyCar racing fans. The notorious expert Chris Vickery has discovered an open Rsync server hosting the personal details for at least 200,000 racing fans. Further analysis revealed that data belongs to the archive of a defunct racing […]

Pierluigi Paganini December 29, 2016
Researcher found a severe flaw in the MONyog monitoring tool

A security expert discovered a vulnerability in the MONyog tool that could be exploited by a normal user to elevate his privilege access. The security researcher and penetration tester Mutail Mohamed (@muleyl) discovered a vulnerability in the MONyog, the most secure and scalable MySQL monitoring tool of the server monitoring tool. The application URL is https://www.webyog.com/product/monyog and the affected version is MONyog […]

Pierluigi Paganini November 03, 2016
Critical MySQL flaws can allow attackers to hack into your server

The security expert Dawid Golunski disclosed critical vulnerabilities in MySQL, MariaDB and PerconaDB can lead fully compromise of servers. Critical vulnerabilities affecting the MySQL, MariaDB and PerconaDB can lead fully compromise of servers. The flaws could be exploited by attackers to arbitrary code execution, root privilege escalation and, of course, server compromise. Dawid Golunski (@dawid_golunski) from Legal […]