November 7, SecurityWeek – (International) Critical privilege escalation flaws found in MySQL. Oracle Corporation released updates for its MySQL database management systems after a security researcher discovered an arbitrary code execution flaw and race condition issue in MySQL that a malicious actor could chain together to escalate privileges to root and fully compromise a targeted system. Percona released an update for its Percona Server for MySQL and Percona XtraDB cluster to address the same vulnerabilities in its software, and MariaDB released a patch for the race condition flaw in its software. Source
November 5, SecurityWeek – (International) Android spyware targets executives. Security researchers form Skycure discovered an Android spyware, dubbed Exaspy could be leveraged to access a victim’s chats and messages, record audio during calls or in the background, take screenshots, and collect contact lists and call logs, among other malicious actions. The researchers found that the malware required physical access to a targeted device for installation, and once installed, the app runs under the name Google Services, disguising itself as the legitimate Google Play Services. Source
Above Reprinted from the USDHS Daily Open Source Infrastructure Report