Cyware Daily Threat Intelligence May 21, 2018

Top Vulnerabilities Reported in the Last 24 Hours
New Spectre exploit method
A new Spectre attack has been formulated by security researchers in order to recover data stored inside a secure CPU area called the System Management Mode (SMM). One of the Spectre variant (CVE-2017-5753) was modified to bypass the SMRR protection mechanism and access data stored inside the System Management RAM (SMRAM).

D-Link's authentication bypass flaw
An authentication bypass vulnerability has been discovered in D-Link DSL-3782. Tracked CVE-2018-8898, the flaw in the web panel of D-Link DSL 3782 version does not release a token ID that identifies the logged in administrator. Unfortunately, no fixes have been released to mitigate the flaw yet.

Security update for Mozilla
Mozilla has released a security update fixing several vulnerabilities found in Thunderbird. While some of the flaws are of moderate and low severity, few of the other issues fixed fall under high and critical severity level. Among the fixed flaws is, CVE-2018-5150, a critical vulnerability that can cause memory corruption.

Top Breaches Reported in the Last 24 Hours
Apple ID passwords leaked
TeenSafe, an app for parents to monitor their teenagers' phone activity has leaked tens of thousands of login credentials. The leaked credentials also include Apple ID login details. The data leak occurred after a server hosted on Amazon cloud was left unprotected.

Around 200 million Japanese identities on sale
More than 200 million pieces of personal information, apparently harvested from Japanese databases, is on sale on underground market places. Data appears to be harvested from May-July 2013 and May-June 2016, from 11-50 websites. Leaked personal information includes names, credentials, email addresses, dates of birth, phone numbers, and home addresses.

UB accounts hit by data breach
A data breach has hit more than 2,500 students, alumni, faculty, and staff associated with the University at Buffalo. The accounts were compromised after the victims used their UB usernames and passwords to log into a third-party site. Victims are advised to change their login credentials.



Tags


    • Share this blog:
    To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.