Cyware Daily Threat Intelligence July 19, 2018

XXS vulnerability
The scrollspy plugin of Bootstrap contains a vulnerability which could allow remote attackers to launch cross-site scripting (XXS) attacks, which could help them gain access to sensitive information. The vulnerability exists in the data-target property of the scrollspy plugin used by the affected software and is due to insufficient validation of user-supplied input.

MITM bug
A vulnerability has been found in Facebook Messenger for Android. If exploited, the bug could allow hackers to conduct man-in-the-middle (MITM) attacks. The flaw could also allow attackers to secretly alter communications between two parties who believe they are directly communicating with each other.

SQL injection flaw
Security researchers detected a vulnerability in the WolfSight CMS during a bug bounty program. The flaw could allow hackers to conduct SQL injection attacks, which in turn could influence the database exchange.  Aviation ID Australia hack
Aviation ID Australia was hit by hackers. The firm issues Aviation Security Identity Cards (ASICs). The breach potentially exposed personal details of those applying for a security check. It is estimated that personal information including name, street address, birth certificate number, drivers license number, Medicare card number and ASIC number could have been accessed by hackers. 

Zimbabwe Electoral Commission breach
The Zimbabwe Electoral Commission is suspected to have been infiltrated by hackers who stole biometric voters’ roll. The information suspected stolen includes personal details such as fingerprints, pictures, addresses, cellphone numbers, national identity numbers and physical addresses. 

Robocent breach
Robocent political autodial firm’s cloud storage was publicly exposed. The AWS buckets, which contained 2594 files, were accessible to anyone on the internet. The database contained audio files, with pre-recorded political messages for robocalls dials and voter data. Information such as full names, phone numbers, dates of birth, political affiliations, and demographics was also exposed.