MySQL database hacked | Breaking Cybersecurity News | The Hacker News

Two critical zero-day vulnerabilities have been discovered in the world's 2nd most popular database management software MySQL that could allow an attacker to take full control over the database. Polish security researcher Dawid Golunski has discovered two zero-days, CVE-2016-6662 and CVE-2016-6663, that affect all currently supported MySQL versions as well as its forked such as MariaDB and PerconaDB. Golunski further went on to publish details and a proof-of-concept exploit code for CVE-2016-6662 after informing Oracle of both issues, along with vendors of MariaDB and PerconaDB. Both MariaDB and PerconaDB had fixed the vulnerabilities, but Oracle had not. The vulnerability (CVE-2016-6662) can be exploited by hackers to inject malicious settings into MySQL configuration files or create their own malicious ones. Exploitation Vector The above flaw could be exploited either via SQL Injection or by hackers with authenticated access to MySQL database (via a network conne

A suspect hacker ' Shih ' was arrested by Taiwan Criminal Investigation Bureau (CIB)  last week for hacking into a popular local classic music website. The police raided the apartment of the suspect and seized his computer. The investigation was launched by the bureau after it received a report from the website's operator who said its site was hacked in March. During initial investigations, Shih confessed to the police that he hacked into the website's customer database and made unauthorized changes to customer data. Shih also confessed that he has used a hacking technique called SQL injection to attack the website's database . SQL injection is a technique used to take advantage of non-validated input vulnerabilities to pass SQL commands through a Web application for execution by a backend database. The result is that the attacker can execute arbitrary SQL queries and/or commands on the backend database server through the Web application. The  Criminal Investi

As a vCISO, you are responsible for your client's cybersecurity strategy and risk governance. This incorporates multiple disciplines, from research to execution to reporting. Recently, we published a comprehensive playbook for vCISOs, "Your First 100 Days as a vCISO – 5 Steps to Success" , which covers all the phases entailed in launching a successful vCISO engagement, along with recommended actions to take, and step-by-step examples.  Following the success of the playbook and the requests that have come in from the MSP/MSSP community, we decided to drill down into specific parts of vCISO reporting and provide more color and examples. In this article, we focus on how to create compelling narratives within a report, which has a significant impact on the overall MSP/MSSP value proposition.  This article brings the highlights of a recent guided workshop we held, covering what makes a successful report and how it can be used to enhance engagement with your cyber security clients.

Researcher discovered Multiple Zero-day vulnerabilities in MySQL database software including Stack based buffer overrun, Heap Based Overrun, Privilege Elevation, Denial of Service and  Remote Preauth User Enumeration. Common Vulnerabilities and Exposures (CVE) assigned as : CVE-2012-5611 — MySQL (Linux) Stack based buffer overrun PoC Zeroday CVE-2012-5612 — MySQL (Linux) Heap Based Overrun PoC Zeroday CVE-2012-5613 — MySQL (Linux) Database Privilege Elevation Zeroday Exploit CVE-2012-5614 — MySQL Denial of Service Zeroday PoC CVE-2012-5615 — MySQL Remote Preauth User Enumeration Zeroday Currently, all reported bugs are under review and most of the researchers believed that some of these can be duplicate of an existing bugs. CVE-2012-5612 and CVE-2012-5614 could cause the SQL instance to crash, according to researchers. Where as another interesting bug CVE-2012-5615 allow attacker to find out that either any username exist on the Mysql server or not by repl