Cyware Daily Threat Intelligence July 20, 2018

Top Vulnerabilities Reported in the Last 24 Hours
Update available for Openstack
A security update has been made available for Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7. The update addresses an issue tracked as CVE-2018-10898. Fixed flaws include docker logs opendaylight_api command that doesn't show the OpenDaylight controller's log. Users are urged to update their system asap.

Use-after-free Vulnerabilities
Security researchers have discovered a pair of vulnerabilities in Foxit PDF Reader. Cyber criminals are capable of using specially crafted PDF files to trigger the use-after-free vulnerabilities potentially leading to a use-after-free condition. Attackers can use various techniques to trick users into opening the malicious file. The two vulnerabilities are marked as CVE-2018-3924 and CVE-2018-3939.

Top Breaches Reported in the Last 24 Hours
Data breach at ComplyRight
A human resources service provider for small businesses, ComplyRight has become a victim of a data breach. The company discovered unauthorized access of its website between April 20 and May 22. The company reported that the data breach only impacted less than 10% of the individuals. No evidence of fraud has been detected yet.

MoneyTaker group steals Russian bank
The Russia-based PIR Bank lost around $1 million after the MoneyTaker hacker group hacked them to steal money. The funds were stolen from Bank of Russia’s Automated Workstation Client. MoneyTaker transferred the stolen amount to 17 accounts at major Russian bank as and cashed out.

In-app currency for money laundering
An exposed MongoDB instance has been exploited to steal credit card numbers and payment details. Attackers combined credit card details with a dump of Facebook and stolen email account data. Some of the information was also stolen from freemium games that offer in-app purchases through virtual currency.





  • Share this blog:
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.