Share Blog post
The scrollspy plugin of Bootstrap contains a vulnerability which could allow remote attackers to launch cross-site scripting (XXS) attacks, which could help them gain access to sensitive information. The vulnerability exists in the data-target property of the scrollspy plugin used by the affected software and is due to insufficient validation of user-supplied input.
A vulnerability has been found in Facebook Messenger for Android. If exploited, the bug could allow hackers to conduct man-in-the-middle (MITM) attacks. The flaw could also allow attackers to secretly alter communications between two parties who believe they are directly communicating with each other.
SQL injection flaw
Security researchers detected a vulnerability in the WolfSight CMS during a bug bounty program. The flaw could allow hackers to conduct SQL injection attacks, which in turn could influence the database exchange.
Aviation ID Australia was hit by hackers. The firm issues Aviation Security Identity Cards (ASICs). The breach potentially exposed personal details of those applying for a security check. It is estimated that personal information including name, street address, birth certificate number, drivers license number, Medicare card number and ASIC number could have been accessed by hackers.
Zimbabwe Electoral Commission breach
The Zimbabwe Electoral Commission is suspected to have been infiltrated by hackers who stole biometric voters’ roll. The information suspected stolen includes personal details such as fingerprints, pictures, addresses, cellphone numbers, national identity numbers and physical addresses.
Robocent political autodial firm’s cloud storage was publicly exposed. The AWS buckets, which contained 2594 files, were accessible to anyone on the internet. The database contained audio files, with pre-recorded political messages for robocalls dials and voter data. Information such as full names, phone numbers, dates of birth, political affiliations, and demographics was also exposed.
Posted on: July 19, 2018
Get the Daily Threat Briefing delivered to your email!
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.
Explore Industry Briefs
Cyware for Enterprise
Adopt next-gen security with threat intelligence analysis, security automation...
Cyware for ISACs/ISAOs
Anticipate, prevent, and respond to threats through bi-directional threat in...