Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence January 22, 2018 - Featured Image

Daily Threat Briefing Jan 22, 2018

Top Vulnerabilities Reported in the Last 24 Hours

Uber's security bug
A new security vulnerability was discovered in Uber that allows hackers to bypass two-factor authentication and gain access to user accounts. However, the company isn't releasing a mitigation anytime soon, as according to Uber, the flaw "is not a in particular serious" factor. The company also said that the flaw is a result of the ongoing tests.

WordPress CMS vulnerabilities
Threat actors have been exploiting CMS vulnerabilities, using the EvilTraffic malware, to upload and execute arbitrary PHP pages used to generate revenues via advertising. The malware is used to trigger a redirecting chain to generate advertising traffic. It is also used to hijack web browsers by changing the browser settings.

Top Breaches Reported in the Last 24 Hours

UK law firms breached
Confidential data including almost 1,160,000 email addresses drawn from the top 500 UK legal firms has been found on the dark web. 80% of these leaked email IDs had been exposed via third-party security breaches which also contained password details, stored in plain text.

Data leak from Jenkins servers
Security researchers found that Jenkins servers leaked sensitive information. Of the sample size, 10-20% servers were misconfigured, including ones belonging to major companies. Researchers also found that few of the misconfigured servers also leaked guest or administrator permissions by default.

Related Threat Briefings