Cyware Daily Threat Intelligence October 9, 2018

Top Vulnerabilities Reported in the Last 24 Hours

IBM QRadar flaws
Multiple vulnerabilities have been discovered in IBM QRadar. If exploited, the bugs could allow attackers to cause a denial of service (DoS) condition and also carry out information disclosure attacks. The information disclosure vulnerability could allow an attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to successfully view arbitrary files on the system.

WECON bugs
Multiple flaws were discovered in the human-machine interface (HMI) software of China-based WECON’s PI Studio. The company’s products are used in energy, water, critical manufacturing, and wastewater sectors. The flaws, if exploited, could allow attackers to conduct remote code execution attacks and also expose sensitive information. Although WECON confirmed the vulnerabilities, it is yet to issue patches. Users are advised to take precautionary measures like ensuring minimal network exposure for all control system devices, placing remote devices behind firewalls and isolating them from the business network, as well as using secure methods for remote access.

Top Breaches Reported in the Last 24 Hours

Google Plus breach
An API bug in Google Plus may have exposed the personal information of 500,000 users. The data was left exposed to internal developers by the bug that existed in the system for over two years. The issue was discovered and patched in March this year as part of a review of how Google shares data with other applications. Following the breach, Alphabet has decided to shut down Google Plus. 

Navionics data leak
The Italian marine navigation firm Navionics, which was recently acquired by Garmin, inadvertently exposed corporate and customer data. Security experts discovered an unsecured MongoDB database containing 19GB of sensitive information that was left publicly available to anyone on the internet. The database was immediately secured once Navionics was notified about it. 

Anne Arundel County Library
Around 600 computers at the Anne Arundel County Library were infected with the Emotet banking trojan. The breach may have impacted around 5,000 users. Computer users, especially those who used computers for banking or social security information, were urged to track their accounts for fraudulent activity.




  • Share this blog:
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.