EmergencyEMERGENCY? Get 24/7 Help Now!

MongoDB Audit Log: Why and How

 | March 3, 2017 |  Posted In: MongoDB, Percona Server for MongoDB, Security

MMAPv1

This blog post is another in the series on the Percona Server for MongoDB 3.4 bundle release. In this blog post, we’ll talk about the MongoDB audit log. Percona’s development team has always invested in the open-source community a priority – especially for MongoDB. As part of this commitment, Percona continues to build MongoDB Enterprise […]

Read More

MySQL Ransomware: Open Source Database Security Part 3

and  | February 27, 2017 |  Posted In: MySQL, Security

MySQL Ransomware

This blog post examines the recent MySQL® ransomware attacks, and what open source database security best practices could have prevented them. Unless you’ve been living under a rock, you know that there has been an uptick in ransomware for MongoDB and Elasticsearch deployments. Recently, we’re seeing the same for MySQL. Let’s look and see if this is MySQL’s […]

Read More

Webinar Thursday, February 23, 2017: Troubleshooting MySQL Access Privileges Issues

 | February 22, 2017 |  Posted In: MySQL, Security, Technical Webinars

Troubleshooting MySQL Access Privileges

Please join Sveta Smirnova, Percona’s Principal Technical Services Engineer, as she presents Troubleshooting MySQL Access Privileges Issues on February 23, 2017 at 11:00 am PST / 2:00 pm EST (UTC-8). Do you have registered users who can’t connect to the MySQL server? Strangers modifying data to which they shouldn’t have access? MySQL supports a rich […]

Read More

Docker Security Vulnerability CVE-2016-9962

 | January 31, 2017 |  Posted In: Docker, Events and Announcements, MongoDB, MySQL, PMM, Security

CVE-2016-9962

Docker 1.12.6 was released to address CVE-2016-9962. CVE-2016-9962 is a serious vulnerability with RunC. Quoting the coreos page (linked above): “RunC allowed additional container processes via runc exec to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new […]

Read More

CVE-2016-6225: Percona Xtrabackup Encryption IV Not Being Set Properly

and  | January 12, 2017 |  Posted In: MySQL, Security

Pepper.com

If you are using Percona XtraBackup with xbcrypt to create encrypted backups, and are using versions older than 2.3.6 or 2.4.5, we advise that you upgrade Percona XtraBackup. Note: this does not affect encryption of encrypted InnoDB tables. CVE-2016-6225 Percona XtraBackup versions older than 2.3.6 or 2.4.5 suffered an issue of not properly setting the Initialization Vector (IV) for […]

Read More

MongoDB Ransomware: Not Likely, But How Do You Know?

 | January 5, 2017 |  Posted In: MongoDB, Security

MongoDB Ransomware

In this blog post, we’ll look at some of the concerns recently seen around MongoDB ransomware and security issues. Security blogs and magazines have recently been aflutter with the news that a hacker is stealing data from MongoDB instantiations and demanding bitcoins to get the data back. This sounds pretty bad at first glance, but […]

Read More

Percona XtraDB Cluster 5.6.30-25.16.2 is now available (CVE-2016-6662 fix)

 | September 15, 2016 |  Posted In: Events and Announcements, MySQL, Percona Software, Percona XtraDB Cluster, Security

wsrep-stages

Percona  announces the new release of Percona XtraDB Cluster 5.6 on September 15, 2016. Binaries are available from the downloads area or our software repositories. Percona XtraDB Cluster 5.6.30-25.16.2 is now the current release, based on the following: Percona Server 5.6.30-76.3 Galera Replication library 3.16 Codership wsrep API version 25 This release provides a fix for CVE-2016-6662. […]

Read More

Is Your Database Affected by CVE-2016-6662?

 | September 12, 2016 |  Posted In: MySQL, Security

CVE-2016-9962

In this blog post, I will discuss the CVE-2016-6662 vulnerability, how to tell if it affects you, and how to prevent the vulnerability from affecting you if you have an older version of MySQL. I’ll also list which MySQL versions include the vulnerability fixes. As we announced in a previous post, there are certain scenarios in […]

Read More

Get MySQL Passwords in Plain Text from .mylogin.cnf

 | September 7, 2016 |  Posted In: MySQL, Security

MySQL Passwords

This post will tell you how to get MySQL passwords in plain text using the .mylogin.cnf file. Since MySQL 5.6.6, it became possible to store MySQL credentials in an encrypted login path file named .mylogin.cnf, using the mysql_config_editor tool. This is better than in plain text anyway. What if I need to read this password in […]

Read More