Share Blog post
A new malicious program, named Vega Stealer, has been discovered stealing credit card data and saved credentials within the Web-browsers Firefox and Chrome. Vega Stealer is a variant of the August Stealer strain. Users are advised to change existing login information to any accounts they access using Chrome or Firefox. Additionally, disable Autofill in your browsers.
Roaming Mantis upgrades to Cryptomining
A security flaw in Intel, ARM and AMD chips has been discovered by security researchers in Microsoft and Google. Dubbed Speculative Store Bypass or “Variant 4”, this flaw affects a broad swath of modern computing chips. The flaw (CVE-2018-3639) is related to the Spectre and Meltdown chip flaws.
LPE vulnerability in Dell
A local privilege escalation (LPE) vulnerability in SupportAssist has been patched by Dell on all new devices running on Windows. The security issue resides in a kernel driver that the tool loads. Hackers can abuse this vulnerability to bypass driver signature enforcement (DSE) ad infinitum. This exposes functionality such as capabilities to read and write the model-specific register (MSR).
Comcast website bug
A new bug has been discovered in Comcast's website used to activate Xfinity routers. The flaw allows hackers to access sensitive information, rename Wi-Fi network names and passwords, thus, temporarily locking users out. For now, the option has been removed from the website.
Nuance recently announced that it was involved in a healthcare data breach that impacted 45,000 patient records. An unidentified third party has gained access to one of its medical transcription platforms. Names, dates of birth, medical record numbers, patient numbers, and information dictated by the provider of approximately 900 San Francisco Department of Public Health patients were affected.
CSC data breach
Corporation Service Company (CSC) recently notified its customers that the company became a victim of a data breach. Hackers got hold of the company’s network and stole customers’ personal information and payment details. The data breach affected 5000 customers from California. It is unclear whether or not customers outside California have been affected.
Posted on: May 22, 2018
Get the Daily Threat Briefing delivered to your email!
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.