CVE-2016-6662 : MySQL Remote Code Execution and Privilege Escalation

I stumbled upon a new MySQL remote code execution vulnerability CVE-2016-6662, which details the flaw in the way config file could be written by an authorized mysql user and the config file can be read by mysqld_safe to run malicious code and gain privileged access. CVE-2016-6663, promises to be ...

More »

Dinesh Gunasekar - | Tags : RCE, CVE-2016-6662, Privilege Escalation, Remote Code Execution, Mysql 5.5, Mariadb 5.5

FireStorm storms next generation firewalls

A new vulnerability was discovered with Next Generation Firewalls, dubbed as FireStorm, bypassing firewall limitations to send out data. This can be used by malicious code to interact with command-and-control server and send out data. These firewalls were designed to allow full TCP handshake, irrespective of the destination. This is ...

More »

Dinesh Gunasekar - | Tags : Tunnelling, firewall

Rising threats to Hosting Providers

Hosting servers have been the target for unethical hackers, to spread malwares. One in three websites are either hacked or waiting to be hacked. Site owners are not aware till their site gets blacklisted. This post says 30,000 sites are hacked every day. Site owners have unknowingly become an ...

More »

Dinesh Gunasekar - | Tags : Hosting, Cloud

Can Opensource help in IT Security?

Opensource has now become very common in business and government organizations, as it is very cost effective and easy to modify as per need. The question is, if it can help in thwarting attacks. Here are my views on how opensource can help IT organization, especially SMBs. Define the Security ...

More »

Dinesh Gunasekar - | Tags : APT, IDS, Malware