Database Security Digest – November 2016
Halcyon days didn’t last long, November has been rich for cyber security events. Here are the most significant ones.
German telecommunications company Deutsche Telekom has been attacked by Mirai botnet and was forced to knock offline 900,000 customers. DDoS attack was performed with the help of SOAP remote execution vulnerability. Mirai botnet has added one more company on its victim list right beside GitHub, Twitter, Reddit, Netflix and many others. Mirai has been detected in the largest DDoS attacks in the history. The malware turns Linux users into remotely controlled bots, primarily targeting online consumer devices like remote cameras and home routers.
Two hackers got access to customers’ database of Three Mobile (UK) but didn’t have time to expose the data as they immediately got arrested. Another group called The Dark Overlord claims to have stolen 500 GB from United States glue and adhesive company Gorilla Glue.
Cobalt group has attacked cash machines in a dozen of European countries, using ‘jackpotting’ technique, malicious software that make ATM machines go bananas and spit out cash. Unnamed Russian bank’s automated banking system has been breached by unknown hackers who stole about $1.5 million from the bank’s correspondent account. Tesco Bank’s 9000 customers had their money stolen for a total cost of $3 million.
Among other cybersecurity issues there are: adultfriendfinder.com suffered a leak of 412 million records; Michael Page has leaked 780,000 job applicants’ records; wiper malware named Shamoon has paralyzed the Saudi Arabia's central bank and other seven Governmental institutions; someone hijacked Pinterest Account of Mark Zuckerberg and posted a message with a request to help Zuckerberg with his security issues. More hacks you can find at hackmageddon.com.
There is a new vulnerability CVE-2016-1251 affecting DBD::mysql or the Database Interface (DBI) MySQL driver for Perl.
CVSS severity: 8.1
Overview: It allows disclosure of information, modification and disruption of service without authorization.
New MariaDB adds packages for Ubuntu 16.10 Yakkety, modifications for XtraDB, TokuDB. As for the security, the update fixes the following vulnerabilities:
CVE-2016-7440 (There is no any available information about it so far)
CVE-2016-5584 Unspecified vulnerability with 4.3 severity rating that allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.
Percona Server 5.7.16-10
The update of Percona Server fixes several known issues.
A bug fixed with overwriting of log_slow_sp_statement when a stored routine called an administrative command like OPTIMIZE TABLE, ANALYZE TABLE, ALTERTABLE, CREATE/DROP INDEX. A server wouldn’t start after crash with innodb_force_recovery set to 6 in case there was a parallel doublewrite file. The bug is fixed.
The feature providing metrics for scalability measurement is now not recommended to use due to known crashing bugs. Users are advised to uninstall the plugin.Database Security Digest – October Database Security Digest – September Database Security Digest – August