Gotham Security Daily Threat Alerts

By Nancy Rand
Posted in Security
On November 08, 2016

November 7, SecurityWeek – (International) Critical privilege escalation flaws found in MySQL. Oracle Corporation released updates for its MySQL database management systems after a security researcher discovered an arbitrary code execution flaw and race condition issue in MySQL that a malicious actor could chain together to escalate privileges to root and fully compromise a targeted system. Percona released an update for its Percona Server for MySQL and Percona XtraDB cluster to address the same vulnerabilities in its software, and MariaDB released a patch for the race condition flaw in its software. Source

November 5, SecurityWeek – (International) Android spyware targets executives. Security researchers form Skycure discovered an Android spyware, dubbed Exaspy could be leveraged to access a victim’s chats and messages, record audio during calls or in the background, take screenshots, and collect contact lists and call logs, among other malicious actions. The researchers found that the malware required physical access to a targeted device for installation, and once installed, the app runs under the name Google Services, disguising itself as the legitimate Google Play Services. Source

Above Reprinted from the USDHS Daily Open Source Infrastructure Report

Nancy Rand

Nancy Rand

Nancy has more than 20 years’ experience in information technology and security, solving business issues and implementing best-practice solutions that support organizational objectives. Her expertise includes leveraging, optimizing, and implementing diverse technology platforms, and management of large-scale technology projects.