- Critical flaws in MySQL give hackers root access to server (Exploit Released)
Two critical zero-day vulnerabilities in the world’s 2nd most popular database management software MySQL: MySQL Remote Root Code Execution (CVE-2016-6662) and Privilege Escalation (CVE-2016-6663). Both the vulnerabilities affect MySQL version 5.5.51 and earlier, MySQL version 5.6.32 and earlier, and MySQL version 5.7.14 and earlier, as well as MySQL forks — Percona Server and MariaDB. Race condition bug (CVE-2016-6663) once exploited, an attacker could successfully gain access to all databases within the affected database server. Another critical flaw in MySQL database is a root privilege escalation bug that could allow attackers with ‘MySQL system user’ privilege to further escalate their privileges to root user.
Cyber Security Tips: Administrators are strongly advised to apply patches to avoid exploitation.
- Ransomware Disguised as Windows Update Causing Havoc among Users
Ransomware that is currently creating havoc among Windows users is the Fantom ransomware, which is being distributed in the form of a Windows OS update. Once it has penetrated itself into a computer system, it functions are Generation of encryption key, Data encryption, Transferring the data to a command and control server and Asking for ransom money in exchange for the encryption key. Firstly, the malware searches for the file types that it could encrypt by scanning the machine and then uses the encryption key to encrypt these files. It must be noted that the Trojan can encrypt over 350 different types of file extensions including a variety of audio files, images, and document formats. While encrypting the files, the malware changes the extension of the files to .fantom.
Cyber Security Tips: Backup your data regularly, never click on spam mails, Use updated antivirus.