Cyware Daily Threat Intelligence March 20, 2018

Update for Ceph
An update has been released for Red Hat Ceph Storage 3.0 for Ubuntu 16.04, which resolves the unauthenticated malformed HTTP requests that were prone to denial of service vulnerability (CVE-2018-7262). A successful exploit could consume excessive amounts of memory resources on the targeted system, resulting in a DoS condition.

Bugs in Apple, Microsoft, Mozilla, and Oracle
Independent security researchers discovered several vulnerabilities--five vulnerability exploits in Apple, four bugs in Microsoft, two bugs in Oracle, and one bug in Microsoft. The vulnerabilities were discovered at the annual Pwn2Own contest of 2018.

Windows update KB4088875 issues
Microsoft acknowledged the IP address issues that occur following the application of patch KB4088875. Updating the patch might create a new Ethernet virtual Network Interface Card (vNIC) with default settings. Microsoft has provided a VBS script to be run as a workaround to fix the issue. Frost Bank data breach
Frost bank recently suffered a data breach that exposed saved images of cheques. Hackers gained access to a third-party lockbox software program that is used to electronically save images of cheques in a database. Around 470 commercial customers use this electronic box.

PREPA suffers attack
A cyber attack was launched on Puerto Rico Electric Power Authority (PREPA), stalling its computer infrastructure and hampering the service system for some time. PREPA authorities ensured that customer data was not compromised. Investigations on how the attack occurred, are still going on.

Facebook data breach
It has been revealed that Cambridge Analytica is in possession of around 50 million Facebook profiles, and targeted them with political ads. The data was initially harvested by a Cambridge University researcher but was later used by the company for ad targeting purposes. Facebook, in 2016, asked the company to destroy any data they possess.