Top Vulnerabilities Reported in the Last 24 Hours
IBM QRadar flaws
Multiple vulnerabilities have been discovered in IBM QRadar. If exploited, the bugs could allow attackers to cause a denial of service (DoS) condition and also carry out information disclosure attacks. The information disclosure vulnerability could allow an attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to successfully view arbitrary files on the system.
Multiple flaws were discovered in the human-machine interface (HMI) software of China-based WECON’s PI Studio. The company’s products are used in energy, water, critical manufacturing, and wastewater sectors. The flaws, if exploited, could allow attackers to conduct remote code execution attacks and also expose sensitive information. Although WECON confirmed the vulnerabilities, it is yet to issue patches. Users are advised to take precautionary measures like ensuring minimal network exposure for all control system devices, placing remote devices behind firewalls and isolating them from the business network, as well as using secure methods for remote access.
Top Breaches Reported in the Last 24 Hours
Google Plus breach
An API bug in Google Plus may have exposed the personal information of 500,000 users. The data was left exposed to internal developers by the bug that existed in the system for over two years. The issue was discovered and patched in March this year as part of a review of how Google shares data with other applications. Following the breach, Alphabet has decided to shut down Google Plus.
Navionics data leak
The Italian marine navigation firm Navionics, which was recently acquired by Garmin, inadvertently exposed corporate and customer data. Security experts discovered an unsecured MongoDB database containing 19GB of sensitive information that was left publicly available to anyone on the internet. The database was immediately secured once Navionics was notified about it.
Anne Arundel County Library
Around 600 computers at the Anne Arundel County Library were infected with the Emotet banking trojan. The breach may have impacted around 5,000 users. Computer users, especially those who used computers for banking or social security information, were urged to track their accounts for fraudulent activity.
Posted on: October 09, 2018