September 12, SecurityWeek – (International) Critical MySQL zero-day exposes servers to attacks. An independent security researcher discovered a critical zero-day vulnerability affecting the MySQL open-source database software that can be exploited by an attacker who can authenticate to the MySQL database via a Web interface or network connection to leverage arbitrary code execution with root privileges, which can compromise the server running MySQL. The researcher reported that all MySQL branches are susceptible to the attack, and that the attack can be leveraged on a device with Linux security modules installed. Source
September 10, Softpedia – (International) Free decrypter available for Philadelphia ransomware. An Emsisoft security researcher released a decrypter for the Philadelphia ransomware that can unlock a victim’s files for free after the researcher discovered the malware was deleting a predetermined number of files from an infected device if the user did not immediately pay the ransom. Source
September 9, SecurityWeek – (International) Privilege escalation, DoS vulnerabilities patched in Xen. The Xen Project released patches addressing four vulnerabilities, including a privilege escalation flaw in all versions of Xen that could allow a malicious 32-bit paravirtualization (PV) guest administrator to gain host privileges, an overflow issue affecting all Xen versions that could be leveraged by a hardware virtual machine (HVM) guest admin to cause Xen to fail a bug check and cause a host to enter a denial-of-service (DoS) condition, and a use-after-free vulnerability that can be leveraged by a guest admin to crash the host and for information leaks and arbitrary code execution, among other vulnerabilities. Source
Above reprinted from the USDHS Daily Open Source Infrastructure Report