Cyware Daily Threat Intelligence August 20, 2018

Share Blog post

Top Vulnerabilities Reported in the Last 24 Hours
File disclosure bug
The telecommunications relay services (TRSs) systems used by all major Canadian internet service providers are impacted by a local file disclosure vulnerability. The vulnerability was caused by improper input sanitization. If exploited, the flaw could allow attackers to steal passwords from configuration files across multiple providers, compromise affected providers using the stolen passwords, and then potentially launch a large-scale identity theft operation against Canadians. Fortunately, Canadian ISPs have patched the bug. 

DoS flaw
Security researchers discovered that JavaScript web apps are vulnerable to regular expression (regex) denial of service (ReDoS) attacks. Researchers have found 25 vulnerabilities in Node.js modules of around 340 websites. These flaws could result in vulnerable websites freezing.

Top Breaches Reported in the Last 24 Hours
Fortnite breach
Fortnite, one of the most popular games in the world, was hit by a data breach and children's information was found up for sale on the dark web. Scammers have been selling players' login and passwords for $2.61 each - allowing buyers to rack up huge in-play charges on the accounts of unsuspecting gamers.

EMCC breach
The data of current and former staff and students of the Eastern Maine Community College (EMCC) in Bangor could have been exposed due to a potential breach.  Usernames and passwords along with personal information, like dates of birth and Social Security numbers, could have been accessed in the breach. 42,000 current and former students are being notified that certain computers were recently infected with malware and may have been hacked.

Augusta University breach
Georgia-based Augusta University Health fell victim to a phishing attack that could have impacted personal records of 417,000 patients. The breached data includes medical records, treatment information, surgical details, diagnoses, medication, dates of services, and more. In some cases, patients' Social Security Numbers and driver’s license numbers were also compromised.


 Tags

emcc

Posted on: August 20, 2018

Get the Daily Threat Briefing delivered to your email!



More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.



Join Thousands of Other Cyware Followers!