Cyware Daily Threat Intelligence

Daily Threat Briefing • Aug 20, 2018
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Aug 20, 2018
Top Vulnerabilities Reported in the Last 24 Hours
**File disclosure bug
** The telecommunications relay services (TRSs) systems used by all major Canadian internet service providers are impacted by a local file disclosure vulnerability. The vulnerability was caused by improper input sanitization. If exploited, the flaw could allow attackers to steal passwords from configuration files across multiple providers, compromise affected providers using the stolen passwords, and then potentially launch a large-scale identity theft operation against Canadians. Fortunately, Canadian ISPs have patched the bug.
**DoS flaw
** Security researchers discovered that JavaScript web apps are vulnerable to regular expression (regex) denial of service (ReDoS) attacks. Researchers have found 25 vulnerabilities in Node.js modules of around 340 websites. These flaws could result in vulnerable websites freezing.
Top Breaches Reported in the Last 24 Hours
**Fortnite breach
** Fortnite, one of the most popular games in the world, was hit by a data breach and children's information was found up for sale on the dark web. Scammers have been selling players' login and passwords for $2.61 each - allowing buyers to rack up huge in-play charges on the accounts of unsuspecting gamers.
**EMCC breach
** The data of current and former staff and students of the Eastern Maine Community College (EMCC) in Bangor could have been exposed due to a potential breach. Usernames and passwords along with personal information, like dates of birth and Social Security numbers, could have been accessed in the breach. 42,000 current and former students are being notified that certain computers were recently infected with malware and may have been hacked.
**Augusta University breach
** Georgia-based Augusta University Health fell victim to a phishing attack that could have impacted personal records of 417,000 patients. The breached data includes medical records, treatment information, surgical details, diagnoses, medication, dates of services, and more. In some cases, patients' Social Security Numbers and driver's license numbers were also compromised.