Cyware Daily Threat Intelligence May 21, 2018

Share Blog post

Top Vulnerabilities Reported in the Last 24 Hours
New Spectre exploit method
A new Spectre attack has been formulated by security researchers in order to recover data stored inside a secure CPU area called the System Management Mode (SMM). One of the Spectre variant (CVE-2017-5753) was modified to bypass the SMRR protection mechanism and access data stored inside the System Management RAM (SMRAM).

D-Link's authentication bypass flaw
An authentication bypass vulnerability has been discovered in D-Link DSL-3782. Tracked CVE-2018-8898, the flaw in the web panel of D-Link DSL 3782 version does not release a token ID that identifies the logged in administrator. Unfortunately, no fixes have been released to mitigate the flaw yet.

Security update for Mozilla
Mozilla has released a security update fixing several vulnerabilities found in Thunderbird. While some of the flaws are of moderate and low severity, few of the other issues fixed fall under high and critical severity level. Among the fixed flaws is, CVE-2018-5150, a critical vulnerability that can cause memory corruption.

Top Breaches Reported in the Last 24 Hours
Apple ID passwords leaked
TeenSafe, an app for parents to monitor their teenagers' phone activity has leaked tens of thousands of login credentials. The leaked credentials also include Apple ID login details. The data leak occurred after a server hosted on Amazon cloud was left unprotected.

Around 200 million Japanese identities on sale
More than 200 million pieces of personal information, apparently harvested from Japanese databases, is on sale on underground market places. Data appears to be harvested from May-July 2013 and May-June 2016, from 11-50 websites. Leaked personal information includes names, credentials, email addresses, dates of birth, phone numbers, and home addresses.

UB accounts hit by data breach
A data breach has hit more than 2,500 students, alumni, faculty, and staff associated with the University at Buffalo. The accounts were compromised after the victims used their UB usernames and passwords to log into a third-party site. Victims are advised to change their login credentials.


 Tags

Posted on: May 21, 2018



More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.