Database Security Digest, June-July 2016

According to latest IBM Security report released this June, the average cost of a data breach hit $4 million, representing an increase for 29% since 2013. Every lost or stolen record costs for corporations approximately $158. There is also a dismal 64% increase in reported security incidents. Results of the report imply that cyber-attacks are improving and getting hacked becomes more expensive, which reminds the importance of being up-to-date when it comes to information security. Here is the digest of recently released DBMS updates and information about most important fixed vulnerabilities.

Extensive Patching by Oracle

Oracle continues to extend the sphere of its influence by reaching a $9.3 billion worth agreement to acquire NetSuite, which is a company that sells a group of software services used to manage business’s operations and customers relations for more than 30,000 organizations. Right before the huge bargain announcement Oracle has released next scheduled Critical Patch Update surpassing its previous unwanted record for the number of security fixes by troubleshooting 27.6 problems across various products, including Oracle Database Server and Oracle MySQL.

For Oracle MySQL Critical Patch Update contains 22 new security fixes. 3 of these vulnerabilities (CVE-2016-2105, CVE-2016-5444, CVE-2016-3452) may be remotely exploitable without authentication. Here is the Oracle MySQL risk matrix:

 
CVE# Component Sub- component Protocol Remote Exploit without Auth.? Base Scor