Gotham Security Daily Threat Alerts

By Nancy Rand
Posted in Security
On September 14, 2016

September 12, SecurityWeek – (International) Critical MySQL zero-day exposes servers to attacks. An independent security researcher discovered a critical zero-day vulnerability affecting the MySQL open-source database software that can be exploited by an attacker who can authenticate to the MySQL database via a Web interface or network connection to leverage arbitrary code execution with root privileges, which can compromise the server running MySQL. The researcher reported that all MySQL branches are susceptible to the attack, and that the attack can be leveraged on a device with Linux security modules installed. Source

September 10, Softpedia – (International) Free decrypter available for Philadelphia ransomware. An Emsisoft security researcher released a decrypter for the Philadelphia ransomware that can unlock a victim’s files for free after the researcher discovered the malware was deleting a predetermined number of files from an infected device if the user did not immediately pay the ransom. Source

September 9, SecurityWeek – (International) Privilege escalation, DoS vulnerabilities patched in Xen. The Xen Project released patches addressing four vulnerabilities, including a privilege escalation flaw in all versions of Xen that could allow a malicious 32-bit paravirtualization (PV) guest administrator to gain host privileges, an overflow issue affecting all Xen versions that could be leveraged by a hardware virtual machine (HVM) guest admin to cause Xen to fail a bug check and cause a host to enter a denial-of-service (DoS) condition, and a use-after-free vulnerability that can be leveraged by a guest admin to crash the host and for information leaks and arbitrary code execution, among other vulnerabilities. Source

Above reprinted from the USDHS Daily Open Source Infrastructure Report 



Nancy Rand

Nancy Rand

Nancy has more than 20 years’ experience in information technology and security, solving business issues and implementing best-practice solutions that support organizational objectives. Her expertise includes leveraging, optimizing, and implementing diverse technology platforms, and management of large-scale technology projects.