Share Blog post
Several researchers have recently found two Point of Sale (POS) malware which were found abusing thousands of publicly available ElasticSearch nodes. The intention of these families is scraping credit card data stored in a system. The names of the malware are known to be JackPOS and AlinaPOS.
There were several vulnerabilities that Apple fixed with a slew of updates released recently. The vulnerabilities were found in the products like Xcode 9, Safari 11, iOS 11 and iTunes 12.7. The flaws let remote attackers launch attacks on the systems and take control of them. Most of the updates addressed low-level security issues. Users are advised to update their devices.
Recently, security experts identified several flaws in Ubuntu which include the infamous BlueBorne vulnerability. This vulnerability lets a remote attacker to crash the system using malicious Bluetooth traffic. Also, this can be used to initiate a denial of service. Therefore, users are to be install the updates immediately without fail and restart the system.
A bug known as OptionsBleed has been found in the widely used Apache Web Server. This leads to leakage of arbitrary memory pieces which could possibly expose passwords and other confidential information. Also, an attacker could use the HTTP OPTIONS request method to exploit the vulnerability. The Apache server has fixed the vulnerability, thus, users are suggested to update them.
The credit reporting company Equifax has acknowledged that there has been another security issue with it. Although, this is not a breach the security issue faced is quite a severe one. However, the spokesperson denied any relation between the security incident and the breach. But the researchers believe both the attacks involved the same hacker.
Montana school district shut
A hacker’s group going with the name “The Dark Overlord Solutions” are targeting several schools with cyber threats. An entire school district in Montana has been shut down due to the threat. It is believed that the hackers might have penetrated the school district’s main server and stole sensitive data from the current and past students.
An online learning portal going by the name Irish National Teacher’s Organization (INTO) has been breached recently. The website warned of a data breach which exposed names, email addresses, gender, and information related to course actions. The hacking may have affected around 30,000 users including teachers who took a learning course on the site in the last few years.
Emails purportedly from a popular nutrition and weight management company are being sent to innocent victims. But, the attachments contain malicious codes and when the unsuspecting users click on the maligned attachment, it infects the users’ devices. Scammers often impersonate reputed companies and friends, therefore, you should be careful of what you open.
Fake tax returns
In a recently discovered scam, fraudsters are using Social Security Numbers to file fake tax returns. Criminals are using various malicious methods to steal these numbers and use them to file fraudulent tax returns and snatch refunds from you. Therefore, users should be careful when responding to mails from unknown senders. Government agencies like IRS never ask for your personal information via an email.
Posted on: September 20, 2017
Get the Daily Threat Briefing delivered to your email!
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.
Explore Industry Briefs
Cyware for Enterprise
Adopt next-gen security with threat intelligence analysis, security automation...
Cyware for ISACs/ISAOs
Anticipate, prevent, and respond to threats through bi-directional threat in...