Cyware Daily Threat Intelligence February 19, 2018

Web portal vulnerabilities
Vulnerabilities and security lapses have been discovered by researchers in Kaspersky Lab's my[dot]Kaspersky[dot]com web portal. Exploiting these flaws will expose users to potential session hijackings and account takeovers. As per Kaspersky, the issue has been fixed.

Bug in macOS
A bug has been found in Apple's recently revised file system, APFS which may lead to loss of data. According to the researcher, APFS sparse disk images fail to accurately track available free space, thereby allowing storage operations to continue when space to store the data isn't there.

7900 flaws left unreported
As per an analysis done by Risk Based Security, close to 7,900 flaws weren't reported to MITRE’s Common Vulnerability and Exposures (CVE) and the NV database. More than 18,000 CVE IDs were assigned to CVE Numbering Authorities, out of which, 7,000 were put separately in reserved status. City Union bank hit by fraud
Three fraudulent remittances were found to have gone through the SWIFT system of the City Union. The fraud transactions resulted in a loss of nearly $2 million. Three transactions, of worth $5,00,000, $372,150 and $1 million, have been sent to various banks.

Data breach exposed details of California state workers
A recent data breach at the Department of Fish and Wildlife resulted in data leak of personally identifiable information for thousands of state employees and contractors. Compromised data includes the full names, Social Security Numbers and, in some cases, home addresses.

UAE prevents cyber attacks
As per the Telecommunications Regulations Authority (TRA), 34 cyber attack attempts, targeted towards government and private firms, have been prevented by UAE. The cyber attacks included 16 fraudulent offensives, 8 data breaches and 3 attempts to block or deface websites. Most of the attacks were carried out by Zyklon malware.