Cyware Daily Threat Intelligence January 22, 2018

Share Blog post

Top Vulnerabilities Reported in the Last 24 Hours
Uber's security bug
A new security vulnerability was discovered in Uber that allows hackers to bypass two-factor authentication and gain access to user accounts. However, the company isn't releasing a mitigation anytime soon, as according to Uber, the flaw “is not a in particular serious” factor. The company also said that the flaw is a result of the ongoing tests.

WordPress CMS vulnerabilities
Threat actors have been exploiting CMS vulnerabilities, using the EvilTraffic malware, to upload and execute arbitrary PHP pages used to generate revenues via advertising. The malware is used to trigger a redirecting chain to generate advertising traffic. It is also used to hijack web browsers by changing the browser settings.

Top Breaches Reported in the Last 24 Hours
UK law firms breached
Confidential data including almost 1,160,000 email addresses drawn from the top 500 UK legal firms has been found on the dark web. 80% of these leaked email IDs had been exposed via third-party security breaches which also contained password details, stored in plain text.

Data leak from Jenkins servers
Security researchers found that Jenkins servers leaked sensitive information. Of the sample size, 10-20% servers were misconfigured, including ones belonging to major companies. Researchers also found that few of the misconfigured servers also leaked guest or administrator permissions by default.


 Tags

Posted on: January 22, 2018

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!