Cyware Daily Threat Intelligence August 20, 2018

Top Vulnerabilities Reported in the Last 24 Hours
File disclosure bug
The telecommunications relay services (TRSs) systems used by all major Canadian internet service providers are impacted by a local file disclosure vulnerability. The vulnerability was caused by improper input sanitization. If exploited, the flaw could allow attackers to steal passwords from configuration files across multiple providers, compromise affected providers using the stolen passwords, and then potentially launch a large-scale identity theft operation against Canadians. Fortunately, Canadian ISPs have patched the bug. 

DoS flaw
Security researchers discovered that JavaScript web apps are vulnerable to regular expression (regex) denial of service (ReDoS) attacks. Researchers have found 25 vulnerabilities in Node.js modules of around 340 websites. These flaws could result in vulnerable websites freezing.

Top Breaches Reported in the Last 24 Hours
Fortnite breach
Fortnite, one of the most popular games in the world, was hit by a data breach and children's information was found up for sale on the dark web. Scammers have been selling players' login and passwords for $2.61 each - allowing buyers to rack up huge in-play charges on the accounts of unsuspecting gamers.

EMCC breach
The data of current and former staff and students of the Eastern Maine Community College (EMCC) in Bangor could have been exposed due to a potential breach.  Usernames and passwords along with personal information, like dates of birth and Social Security numbers, could have been accessed in the breach. 42,000 current and former students are being notified that certain computers were recently infected with malware and may have been hacked.

Augusta University breach
Georgia-based Augusta University Health fell victim to a phishing attack that could have impacted personal records of 417,000 patients. The breached data includes medical records, treatment information, surgical details, diagnoses, medication, dates of services, and more. In some cases, patients' Social Security Numbers and driver’s license numbers were also compromised.



Tags


  • Share this blog:
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.