Cyware Daily Threat Intelligence May 08, 2018

Top Vulnerabilities Reported in the Last 24 Hours
May Android updates
Android Security Patches for May 2018 have been released by Google for supported Pixel and Nexus devices. The updates fixed around 22 security vulnerabilities across various components and also added improvements. The update is being released in a phased manner and will be available for all users in a few days.

Security flaw in 7Zip
A serious security vulnerability has been discovered in all versions of 7Zip prior to 18.05. By exploiting this vulnerability, hackers can install programs on victim’s PC, view, edit, or delete data, or create new user accounts with full access rights. Mac users aren't affected by the flaw. Windows users are advised to apply the ‘Principle of Least Privilege’ to all systems and services.

baseStriker method
Cyber criminals have come up with a new attack method, dubbed base Striker, to ensure that the URLs included in phishing emails bypass the Safe Links security feature in Office 365. Even though currently this method is just used to launch phishing attacks, researchers believe that this can be used to deliver malware.

Top Breaches Reported in the Last 24 Hours
Data breach at Fleetcor Technologies
Fleetcor Technologies released a statement that the company's gift card systems were accessed by an unauthorized party, who stole a huge number of gift cards and PIN numbers. The incident likely occurred last month. Good news: there's no evidence of any other breach in the company network.

Data breach at Sheffield Credit Union
A data breach at the Sheffield Credit Union impacted around 15,000 members. Personal information including names, telephone numbers, addresses, savings balances, loan agreements, national insurance numbers, bank sort codes and account numbers were accessed by the hackers. Members are warned to look out for possible phishing attacks and identity theft.

Drupal sites under attack
A major cryptojacking campaign has been uncovered by security researchers, targeting Drupal sites. Hackers exploited the two vulnerabilities--CVE-2018-7600 and CVE-2018-7602--that were found in over 1 million websites. The attack is said to have impacted at least 348 government and university websites all over the world.



Tags


    • Share this blog:
    To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.