Share Blog post
Security researchers have discovered two critical remote code execution (RCE) vulnerabilities in AVEVA's InTouch and InduSoft tools. One of the flaws was a critical stack buffer overflow bug which could have allowed attackers the ability to manipulate process parameters and potentially cause destructive attacks. Meanwhile, the other RCE flaw could allow attackers the ability to exploit the stack buffer overflow bug to inject malicious code. It is highly recommended that users update to the latest patched version.
Two vulnerabilities have been discovered in OpenSSL, which impact IBM Tivoli Storage FlashCopy Manager (FCM). The first flaw exists in AVX2 Montgomery multiplication procedure. The flaw could be exploited to steal sensitive information such as private key data. Meanwhile, the second vulnerability is an unspecified bug in numerous Oracle products. It could allow attackers to cause low confidentiality impact, low integrity impact, and high availability impact. Patches are available for these issues. Users are advised to update to the latest version.
Golden Heart Administrative Professionals was hit by hackers. Cybercriminals stole the healthcare data of over 44,000 patients. On April 14, GHAP fell victim to a ransomware attack, which saw attackers gain access to sensitive patient information, including names, addresses, Social Security numbers, dates of birth, medical treatment and diagnosis codes and in some cases, credit card information. Around 6,500 patients who needed an ambulance from 2012 through 2017 are potentially impacted by the breach.
Virginia bank hack
Virginia-based National Bank of Blacksburg was hacked twice in an eight-month period. The two attacks saw cybercriminals make away with over $2.4 million. The first heist occurred in May 2016 and the second took place in January 2017. In both instances, the bank's employees fell victim to a phishing email, which allowed the attackers to gain access to the bank's networks.
Posted on: July 25, 2018
Get the Daily Threat Briefing delivered to your email!
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.
Explore Industry Briefs
Cyware for Enterprise
Adopt next-gen security with threat intelligence analysis, security automation...
Cyware for ISACs/ISAOs
Anticipate, prevent, and respond to threats through bi-directional threat in...