Share Blog post
A new security vulnerability was discovered in Uber that allows hackers to bypass two-factor authentication and gain access to user accounts. However, the company isn't releasing a mitigation anytime soon, as according to Uber, the flaw “is not a in particular serious” factor. The company also said that the flaw is a result of the ongoing tests.
WordPress CMS vulnerabilities
Threat actors have been exploiting CMS vulnerabilities, using the EvilTraffic malware, to upload and execute arbitrary PHP pages used to generate revenues via advertising. The malware is used to trigger a redirecting chain to generate advertising traffic. It is also used to hijack web browsers by changing the browser settings.
Confidential data including almost 1,160,000 email addresses drawn from the top 500 UK legal firms has been found on the dark web. 80% of these leaked email IDs had been exposed via third-party security breaches which also contained password details, stored in plain text.
Data leak from Jenkins servers
Security researchers found that Jenkins servers leaked sensitive information. Of the sample size, 10-20% servers were misconfigured, including ones belonging to major companies. Researchers also found that few of the misconfigured servers also leaked guest or administrator permissions by default.
Posted on: January 22, 2018
Get the Daily Threat Briefing delivered to your email!
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.