Database Security Digest – June 2017
According to research conducted by Ponemon Institute, the average cost of a data breach in 2016 decreased by 10 percent to $3,62 million. However, the average volume of breaches increased by 24,000 records. Here is the digest of news on database security of the previous month.
OneLogin Breach that Can Turn into Nightmare
What can be worse for a major password management service than leaking database tables containing information about users, apps, and various types of keys? Well, according to OneLogin’s post, there might be a chance that hackers could also have decrypted sensitive data during seven hours in the system. The information that sensitive data has been decrypted hasn’t been confirmed, so let’s hope for the best.
Oops, Another Ransomware
While waiting for another portion of zero-day vulnerabilities from Shadow Brokers, hackers try to get the maximum advantage of EternalBlue (Microsoft Server Message Block protocol vulnerability) leveraging it to distribute the Nitol backdoor and Gh0st RAT malware. Moreover, unknown threat actors have spread a new malware Petya using the EternalBlue and EternalRomance. 80% of Petya infections were in Ukraine. Unlike WannaCry, Petya doesn’t provide the key to decrypt the data once the ransom is paid, which makes encrypted data completely useless. It also has some additional features to help the spreading through the network making it more dangerous than its ancestor.
Microsoft released patches for supported and unsupported versions of Windows in March 2017 to address the EternalBlue vulnerability. Looks like many users put off the update despite all warnings.
Hackers Actively Participating in Elections
Investigators of the US election hacking have reported that there is at least one case where voter database was altered. Personal data of 90,000 voters stored in the database was also stolen. Authorities are now trying to determine whether or not it was done by a Kremlin-linked hacker group.
Popular internet radio and social networking service 8tracks has suffered a data breach compromising data of 18 million users, including emails and SHA 1 encrypted passwords. The attack has been performed by an employee’s GitHub account that was not secured with two-factor authentication.
43TB data leaked
According to Appthority’s report, more than 1,000 applications on mobile devices leaked personally identifiable information including location, passwords, VPN PINs, phone numbers and emails. The culprit of the issue lies in misconfigured backend storage platforms, such as MySQL, MongoDB, Redis, Elasticsearch.
Description: A vulnerability in Azure Active Directory Connect which is used for monitoring the status of a network’s synchronization between local Active Directory and a cloud-based Active Directory. If misconfigured during enablement, it allows an attacker to reset passwords and gain unauthorized access to arbitrary on-premises AD privileged user accounts.
Microsoft has already issued an update to fix the vulnerability.
CVSS Severity Score: 7.1
Description: A buffer overflow vulnerability that could allow a local user to overwrite DB2 files or cause denial of service.
CVSS Severity Score: 7.3
Description: Locally exploitable stack-based buffer overflow vulnerability caused by improper bounds checking which could allow a local attacker to execute arbitrary code.
CVSS Severity Score: 6.5
Description: PostgreSQL PL/Java before 1.5.0 allows remote authenticated users to alter type mappings for types they do not own.
CVSS Severity Score: 7.5
Description: PostgreSQL PL/Java after 9.0 does not honor access controls on large objects. Network exploitable without authentication.
CVSS Severity Score: 6.5
Description: PostgreSQL PL/Java before 1.5.0 allows remote authenticated users with USAGE permission on the public schema to alter the public schema classpath.
Description: In Redgate SQL Monitor, a remote attacker can gain unauthenticated access to the Base Monitor, resulting in the ability to execute arbitrary SQL commands on any monitored Microsoft SQL Server machines. If the Base Monitor is connecting to these machines using an account with SQL admin privileges, then code execution on the operating system can result in full system compromise (if Microsoft SQL Server is running with local administrator privileges).
CVSS Severity Score: 5.9
Description: In environments that use an external location for hive tables, Hive Authorizer in Apache Ranger should be checking RWX permission for creating tables.
Greenplum Database 220.127.116.11
Greenplum Database update presents checksum protection for detecting corruption issues with change tracking files during recovering with Greenplum Database gprecoverseg utility or resynchronization of Greenplum Database segment instance. See the full list of fixed bugs here.
- A security fix resolving database fail during LDAP authentication.
- Kafka integration fix. Fixed incorrect inserting of log messages into the kafka_events system table.
- Recovery abortion when a global catalog lock failed on some locks. The issue has been resolved.
- An identity column without an associated sequence caused the database to fail when exporting objects. The issue has been resolved.