Cyware Daily Threat Intelligence July 09, 2018

Apple fixes KRAK flaws
A WiFi update has been released by Apple for Boot Camp 6.4.0, addressing vulnerabilities for Mac users booted into Windows using the Boot Camp utility. Using these flaws tracked as CVE-2017-13077, CVE-2017-13078, and CVE-2017-13080 hackers in the WiFi range could have hacked into a system. Users are advised to download the update through Apple Software Update for Windows.

Thunderbird got a boost
A slew of patches have been patched by Mozilla in its free open-source cross-platform email client, Thunderbird. Hackers could leverage this flaw to build S/MIME and PGP decryption oracles in HTML messages. These flaws also allowed hackers to leak plaintext messages when an S/MIME encrypted message was forwarded. Fuel Management System hacked
As per reports, hackers have stolen 600 gallons of fuel worth $1,800 from a Detroit gas station by hacking into the fuel management system. Hackers have disabled the system's capability to cut off the fuel supply. Experts believe that the thieves used some sort of remote device.

Data breach at Domain Factory
Domainfactory, a German hosting company reportedly got hacked by an unauthorized user. Customers are advised to change all of their passwords. The number of impacted customers is not known yet. The accessed data include customer name, company name, customer number, address, telephone number, DF telephone password, date of birth, bank name and account number (eg IBAN or BIC), and Schufa score.

Timehop data breach
A security breach of the Timehop app resulted in data loss of over 21 million users. As per investigations, the intrusion took place on December 19, 2017. Lack of multi-factor authorization on user accounts has been attributed as the major cause of the breach.