Cyware Daily Threat Intelligence January 22, 2018

Top Vulnerabilities Reported in the Last 24 Hours
Uber's security bug
A new security vulnerability was discovered in Uber that allows hackers to bypass two-factor authentication and gain access to user accounts. However, the company isn't releasing a mitigation anytime soon, as according to Uber, the flaw “is not a in particular serious” factor. The company also said that the flaw is a result of the ongoing tests.

WordPress CMS vulnerabilities
Threat actors have been exploiting CMS vulnerabilities, using the EvilTraffic malware, to upload and execute arbitrary PHP pages used to generate revenues via advertising. The malware is used to trigger a redirecting chain to generate advertising traffic. It is also used to hijack web browsers by changing the browser settings.

Top Breaches Reported in the Last 24 Hours
UK law firms breached
Confidential data including almost 1,160,000 email addresses drawn from the top 500 UK legal firms has been found on the dark web. 80% of these leaked email IDs had been exposed via third-party security breaches which also contained password details, stored in plain text.

Data leak from Jenkins servers
Security researchers found that Jenkins servers leaked sensitive information. Of the sample size, 10-20% servers were misconfigured, including ones belonging to major companies. Researchers also found that few of the misconfigured servers also leaked guest or administrator permissions by default.



Tags


    • Share this blog:
    To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.