A security lapse can give hackers a free pass to sensitive and confidential information of an organization. But, what if the data is associated with security agencies? New research has revealed that troves of PDF files belonging to 75 security agencies are at risk of data theft and other cyberattacks as they fail to follow basic cybersecurity protocols.
Meanwhile, a new variant of Mirai botnet, dubbed ZHtrap, is scaling up its capabilities to ensnare more devices. The botnet works by exploiting vulnerabilities in DVRs, CCTV cameras, Netgear routers, and Realtek devices. It follows a unique approach to hijack its rivals’ infrastructure.
Top Breaches Reported in the Last 24 Hours
Security agencies leak data
Security agencies have been found leaking
troves of sensitive data in a major security lapse. While 19 agencies did not update software for over two years, dozens of agencies lacked the proper sanitization process of PDF files. Among the exposed data, includes the name of the author, operating system, author email, device details, file path information, and name of the PDF app.
New firms affected
At least 32 Indian organizations
have been attacked by hackers who exploited vulnerabilities in unpatched Microsoft business email servers. The affected organizations are scattered across financial, government, and manufacturing sectors.
Top Malware Reported in the Last 24 Hours
is a new IoT botnet that inherits functionalities from the infamous Mirai botnet. The botnet works by exploiting vulnerabilities in DVRs, CCTV cameras, Netgear routers, and Realtek devices. It follows a unique approach to hijack its rivals’ infrastructure. Upon infection, it creates a ground to launch DDoS attacks. Three versions of this botnet have been seen so far, suggesting it’s still actively developed and upgraded with new functionalities.
Top Vulnerabilities Reported in the Last 24 Hours
Google releases PoC for Spectre
Patch for a zero-day issued
has fixed a new zero-day flaw that is being actively exploited in the wild. Tracked as CVE-2021-21193, the use-after-free vulnerability resides in the Blink rendering engine of the Chrome browser. The issue has been fixed in the 89.0.4389.90 version of Chrome for Windows, Mac, and Linux.