Database Security Digest - March 2018

Database Security Digest - March 2018
We present you a quick digest of security news in March 2018.

Orbitz Hack May Have Left 880,000 Credit Card Information Exposed

Expedia Orbitz is one of the largest online travel companies in the world. Recently it has declared that information on almost 880,000 credit card numbers used to book travels have fallen prey to unknown hackers. The hackers might have also stolen names, dates of birth, phone numbers, email addresses of customers who were using services of the company in 2016-2017. Since this information is in hands of cybercriminals customers are strongly advised to be very careful about any notifications they get regarding their credit cards and immediately report to their issuing banks in case of any suspicious activity.

Data Breach Left Millions of Israeli Kid’s Pictures Exposed to Hacking

Remini is an application that helps preschool teachers to stay in touch with parents. Using the app they can share pictures, videos and personal information about children in their care. However, the app developers forgot about security of the shared information and, in the result, this information is easily accessible virtually to everyone interested. The Remini database includes about 6 million pictures which are not protected in any way. Also, it contains personal information on more than 100,000 parents. The database was an unsecured Amazon database defined as public.

My FitnessPal, 150 million accounts exposed

MyFitnessPall, a virtual health and wellness assistant boasts of 150 million free accounts. However, hackers have been able to make off with user names, e-mail addresses and passwords. Details of this, presumably, the largest data breach since the beginning of the year are still to be discovered and investigated. The company is saying that the first intrusion happened in February 2018, but the company hasn’t been aware of it until March 25. Fortunately, hackers were not able to get hold of SSN or payment card data, but that’s only because the company isn’t collecting this information. However, the obtained information can be used for phishing attacks on users and that’s where the real danger lies. Now MyFitnessPal users need to change their passwords if they’re willing to stay MyFitnessPal’s users, of course.

Databases’ security updates

DB2
https://nvd.nist.gov/vuln/detail/CVE-2018-1065
https://nvd.nist.gov/vuln/detail/CVE-2017-1571
https://nvd.nist.gov/vuln/detail/CVE-2017-1677
https://nvd.nist.gov/vuln/detail/CVE-2018-1426
https://nvd.nist.gov/vuln/detail/CVE-2018-1427
https://nvd.nist.gov/vuln/detail/CVE-2018-1428
https://nvd.nist.gov/vuln/detail/CVE-2018-1448
https://nvd.nist.gov/vuln/detail/CVE-2018-9159
Hive
https://nvd.nist.gov/vuln/detail/CVE-2018-7550
https://nvd.nist.gov/vuln/detail/CVE-2018-1316
https://nvd.nist.gov/vuln/detail/CVE-2018-5729
https://nvd.nist.gov/vuln/detail/CVE-2018-5730
https://nvd.nist.gov/vuln/detail/CVE-2018-7170
https://nvd.nist.gov/vuln/detail/CVE-2018-7182
https://nvd.nist.gov/vuln/detail/CVE-2018-7184
https://nvd.nist.gov/vuln/detail/CVE-2018-7185
https://nvd.nist.gov/vuln/detail/CVE-2014-8780
https://nvd.nist.gov/vuln/detail/CVE-2014-6617
https://nvd.nist.gov/vuln/detail/CVE-2014-8129
https://nvd.nist.gov/vuln/detail/CVE-2014-8130
https://nvd.nist.gov/vuln/detail/CVE-2018-7858
https://nvd.nist.gov/vuln/detail/CVE-2018-7529
https://nvd.nist.gov/vuln/detail/CVE-2018-7531
https://nvd.nist.gov/vuln/detail/CVE-2018-7533
https://nvd.nist.gov/vuln/detail/CVE-2018-8715
https://nvd.nist.gov/vuln/detail/CVE-2018-1324
https://nvd.nist.gov/vuln/detail/CVE-2014-2297
https://nvd.nist.gov/vuln/detail/CVE-2018-7262
https://nvd.nist.gov/vuln/detail/CVE-2018-8822
https://nvd.nist.gov/vuln/detail/CVE-2014-1215
https://nvd.nist.gov/vuln/detail/CVE-2014-3990
https://nvd.nist.gov/vuln/detail/CVE-2017-12410
https://nvd.nist.gov/vuln/detail/CVE-2017-12815
https://nvd.nist.gov/vuln/detail/CVE-2018-6882
https://nvd.nist.gov/vuln/detail/CVE-2014-5130
https://nvd.nist.gov/vuln/detail/CVE-2014-5131
https://nvd.nist.gov/vuln/detail/CVE-2014-5132
MySQL
https://nvd.nist.gov/vuln/detail/CVE-2018-7662
https://nvd.nist.gov/vuln/detail/CVE-2016-0898
Oracle
https://nvd.nist.gov/vuln/detail/CVE-2017-9278
https://nvd.nist.gov/vuln/detail/CVE-2017-17428
https://nvd.nist.gov/vuln/detail/CVE-2016-5314
PostgreSQL
https://nvd.nist.gov/vuln/detail/CVE-2017-14798
https://nvd.nist.gov/vuln/detail/CVE-2018-1058
SAP HANA
https://nvd.nist.gov/vuln/detail/CVE-2018-2402