Database Security Digest - January 2018

Database Security Digest - January 2018
Here is a quick look at the database security news in January 2018

Coincheck

The Tokyo-based cryptocurrency exchange Coincheck loses more than $ 400 million in a hacking attack. The hackers have pulled off the biggest crypto heist of all time so far sending clients into a panic about the future of their virtual assets. The Coincheck exchange is trading in NEM virtual currency and reported a significant drop in the balance of the virtual currency. The investigation showed that about $ 400 million worth of NEM had been illegally transferred to some unidentified accounts. NEM deposits of all customers were frozen and Coincheck had to freeze all withdrawals. At the moment the management of the company is investigating the accident. The theft was possible due to the fact that the executive team failed to implement basic security features.

Blackwallet

The Stellar Lumen cryptocurrency was targeted by a hacking attack. The attackers were able to redirect the DNS server to a server controlled by the criminals. The result of this theft was 670,000 Lumens (approximately $400,000) missing. According to the experts the exploit used was a code injection. If the Blackwallet users had more than 20 Lumens in their wallets their funds were automatically pushed to a different wallet apparently belonging to the attacker.

Vtech

The charges are raised at $650,000 for a Hong Kong-based electronic toymaker. The US Federal Trade Commission (FTC) raised the charges at VTech following the data breach back in 2015. A settlement has been reached with the FTC after two years of investigation. Now the toymaker has to pay $650,000 to settle charges due to the fact it failed to protect the privacy of its users. The Vtech electronic toymaker amassed a lot of information about children and parents using its Kid Connect application. However, doing that the company didn’t seek consent from parents or told children what data was being collected. The investigation showed that the security practices in the company were poor and one could easily get access to parents’ and children’s names, home addresses and even pictures and chat logs. The hacker used a simple but still very effective method of SQL injection which let him view photos and audio files uploaded by children and parents. In the future the company promised to uphold to stricter security and pay more attention to personal data protection.

Jason’s Deli

There has been a massive data breach from this family-owned chain of restaurants in the USA. Investigators say that the hackers used RAM-scraping malware installed on the point-of-sale terminals all over the USA starting June 8, 2017. The management of the company notified the public that the hackers were able to obtain information on up to 2 million card numbers, including cardholder names, expiration dates, cardholder verification values, and service codes.

OnePlus

OnePlus company is responsible for leaking of up to 40,000 credit card details in the result of a hacker attack. Anyone making their purchase online put their credit card information at risk and probably might want to contact their banks. Credit card information was stolen from customers while they were making their purchases on the manufacture’s website. It seems that the weakest link on the website might be the payment integration of the company with the Magento eCommerce platform.

UK Top law firms

Cybersecurity researchers have found file dumps on the Dark Internet. These databases contain about 1.2 million entries leaked from several top UK law companies. These entries contain e-mail addresses and 80 percent of them were connected to passwords. To make the situation worse, some passwords were plaintext. Using this information hackers or virtually anyone can skip past any company corporate defense system using legitimate credentials without being detected.

Database updates

MariaDB
https://nvd.nist.gov/vuln/detail/CVE-2017-15365
IBM DB2
https://nvd.nist.gov/vuln/detail/CVE-2016-0215
Apache
https://nvd.nist.gov/vuln/detail/CVE-2016-6814
MySQL
https://nvd.nist.gov/vuln/detail/CVE-2014-8335
https://nvd.nist.gov/vuln/detail/CVE-2014-4991
https://nvd.nist.gov/vuln/detail/CVE-2014-4995
https://nvd.nist.gov/vuln/detail/CVE-2014-4996
https://nvd.nist.gov/vuln/detail/CVE-2014-4998
https://nvd.nist.gov/vuln/detail/CVE-2014-4999
https://nvd.nist.gov/vuln/detail/CVE-2014-5001
https://nvd.nist.gov/vuln/detail/CVE-2014-5004
https://nvd.nist.gov/vuln/detail/CVE-2018-2562
https://nvd.nist.gov/vuln/detail/CVE-2018-2565
https://nvd.nist.gov/vuln/detail/CVE-2018-2573
https://nvd.nist.gov/vuln/detail/CVE-2018-2576
https://nvd.nist.gov/vuln/detail/CVE-2018-2583
https://nvd.nist.gov/vuln/detail/CVE-2018-2585
https://nvd.nist.gov/vuln/detail/CVE-2018-2586
https://nvd.nist.gov/vuln/detail/CVE-2018-2590
https://nvd.nist.gov/vuln/detail/CVE-2018-2591
https://nvd.nist.gov/vuln/detail/CVE-2018-2600
https://nvd.nist.gov/vuln/detail/CVE-2018-2612
https://nvd.nist.gov/vuln/detail/CVE-2018-2622
https://nvd.nist.gov/vuln/detail/CVE-2018-2640
https://nvd.nist.gov/vuln/detail/CVE-2018-2645
https://nvd.nist.gov/vuln/detail/CVE-2018-2646
https://nvd.nist.gov/vuln/detail/CVE-2018-2647
https://nvd.nist.gov/vuln/detail/CVE-2018-2665
https://nvd.nist.gov/vuln/detail/CVE-2018-2667
https://nvd.nist.gov/vuln/detail/CVE-2018-2668
https://nvd.nist.gov/vuln/detail/CVE-2018-2696
https://nvd.nist.gov/vuln/detail/CVE-2018-2703
https://nvd.nist.gov/vuln/detail/CVE-2018-6521
Oracle
https://nvd.nist.gov/vuln/detail/CVE-2018-2699
https://nvd.nist.gov/vuln/detail/CVE-2018-2680
https://nvd.nist.gov/vuln/detail/CVE-2018-2575
https://nvd.nist.gov/vuln/detail/CVE-2017-10282
SAP HANA
https://nvd.nist.gov/vuln/detail/CVE-2018-2362
Download free 30 days Trial
Get your trial