#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

MariaDB | Breaking Cybersecurity News | The Hacker News

Category — MariaDB
Critical Flaws in MySQL Give Hackers Root Access to Server (Exploits Released)

Critical Flaws in MySQL Give Hackers Root Access to Server (Exploits Released)

Nov 03, 2016
Over a month ago we reported about two critical zero-day vulnerabilities in the world's 2nd most popular database management software MySQL: MySQL Remote Root Code Execution (CVE-2016-6662) Privilege Escalation (CVE-2016-6663) At that time, Polish security researcher Dawid Golunski of Legal Hackers who discovered these vulnerabilities published technical details and proof-of-concept exploit code for the first bug only and promised to release details of the second bug (CVE-2016-6663) later. On Tuesday, Golunski has released proof-of-concept (POC) exploits for two vulnerabilities: One is the previously promised critical privilege escalation vulnerability ( CVE-2016-6663 ), and another is a new root privilege escalation bug ( CVE-2016-6664 ) that could allow an attacker to take full control over the database. Both the vulnerabilities affect MySQL version 5.5.51 and earlier, MySQL version 5.6.32 and earlier, and MySQL version 5.7.14 and earlier, as well as MySQL forks
New MySQL Zero Days — Hacking Website Databases

New MySQL Zero Days — Hacking Website Databases

Sep 12, 2016
Two critical zero-day vulnerabilities have been discovered in the world's 2nd most popular database management software MySQL that could allow an attacker to take full control over the database. Polish security researcher Dawid Golunski has discovered two zero-days, CVE-2016-6662 and CVE-2016-6663, that affect all currently supported MySQL versions as well as its forked such as MariaDB and PerconaDB. Golunski further went on to publish details and a proof-of-concept exploit code for CVE-2016-6662 after informing Oracle of both issues, along with vendors of MariaDB and PerconaDB. Both MariaDB and PerconaDB had fixed the vulnerabilities, but Oracle had not. The vulnerability (CVE-2016-6662) can be exploited by hackers to inject malicious settings into MySQL configuration files or create their own malicious ones. Exploitation Vector The above flaw could be exploited either via SQL Injection or by hackers with authenticated access to MySQL database (via a network conne
Leveraging Wazuh for Zero Trust security

Leveraging Wazuh for Zero Trust security

Nov 05, 2024Network Security / Zero Trust
Zero Trust security changes how organizations handle security by doing away with implicit trust while continuously analyzing and validating access requests. Contrary to perimeter-based security, users within an environment are not automatically trusted upon gaining access. Zero Trust security encourages continuous monitoring of every device and user, which ensures sustained protection after successful user authentication. Why companies adopt Zero Trust security Companies adopt Zero Trust security to protect against complex and increasingly sophisticated cyber threats. This addresses the limitations of traditional, perimeter-based security models, which include no east-west traffic security, the implicit trust of insiders, and lack of adequate visibility.  Traditional vs. Zero Trust security Zero Trust security upgrades an organization's security posture by offering: Improved security posture : Organizations can improve their security posture by continuously gathering data on
Expert Insights / Articles Videos
Cybersecurity Resources