Articles for September 2016

New MySQL Zero Days — Hacking Website Databases

Published on

Two critical zero-day vulnerabilities have been discovered in the world’s 2nd most popular database management software MySQL that could allow an attacker to take full control over the database.

Polish security researcher Dawid Golunski has discovered two zero-days, CVE-2016-6662 and CVE-2016-6663, that affect all currently supported MySQL versions as well as its forked such as MariaDB and PerconaDB.

Golunski further went on to publish details and a proof-of-concept exploit code for CVE-2016-6662 after informing Oracle of both issues, along with vendors of MariaDB and PerconaDB.

Both MariaDB and PerconaDB had fixed the vulnerabilities, but Oracle had not.

The vulnerability (CVE-2016-6662) can be exploited by hackers to inject malicious settings into MySQL configuration files or create their own malicious ones.

Source: New MySQL Zero Days — Hacking Website Databases

Loading

How to verify a data breach (and avoid going to jail)

Published on

This year, we’ve seen dozens of hacks, breaches, and leaks of billions of records. And it’s still only September. But there are now so many hacks and breaches that you may never hear about most of them.

In most cases, only the “verified” breaches make it to the light of day. And that process alone can take days or even weeks of trying to figure out if allegedly hacked data is what is claimed.

Source: How to verify a data breach (and avoid going to jail)

Loading

Warning! This Cross-Platform Malware Can Hack Windows, Linux and OS X Computers

Published on

Unlike specially crafted malware specifically developed to take advantage of Windows operating system platform, cyber attackers have started creating cross-platform malware for wider exploitation.

Due to the rise in popularity of Mac OS X and other Windows desktop alternatives, hackers have begun designing cross-platform malware modularly for wide distribution.

Cross-platform malware is loaded with specialized payloads and components, allowing it to run on multiple platforms.

Source: Warning! This Cross-Platform Malware Can Hack Windows, Linux and OS X Computers

Loading

Here’s How to Hack Windows/Mac OS X Login Password (When Locked)

Published on

Way to go Mubix!


A Security researcher has discovered a unique attack method that can be used to steal credentials from a locked computer (but, logged-in) and works on both Windows as well as Mac OS X systems.

In his blog post published today, security expert Rob Fuller demonstrated and explained how to exploit a USB SoC-based device to turn it into a credential-sniffer that works even on a locked computer or laptop.

Fuller modified the firmware code of USB dongle in such a way that when it is plugged into an Ethernet adapter, the plug-and-play USB device installs and acts itself as the network gateway, DNS server, and Web Proxy Auto-discovery Protocol (WPAD) server for the victim’s machine.

Source: Here’s How to Hack Windows/Mac OS X Login Password (When Locked)

Loading