Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence January 23, 2019 - Featured Image

Daily Threat Briefing Jan 23, 2019

Top Breaches Reported in the Last 24 Hours

4 million applications exposed

AEISEC, a non-profit organization has exposed over four million intern applications on a server without a password. The information was stored on an unprotected ElasticSearch database. Researchers believe that the data exposed in the leak include email addresses, full names, birth dates and gender of applicants. The database also contained an in-depth description of applicants' reasons for applying for the internship. Upon discovery of the leak, the firm was quick at taking action and secured the unprotected database.

BlackRock data breach

BlackRock, the world's largest asset manager, has inadvertently exposed posted sensitive information of its financial adviser clients on its website. The leaked data was available on three spreadsheets and reportedly included names, email addresses and iShares assets of thousands of advisers. There was also a column in the spreadsheet titled 'Club Level' and included labels such as 'Patriot Club' and 'Directors Club'.

Top Malware Reported in the Last 24 Hours

100,000 malicious URLs removed

Abuse.ch team has taken down over 100,000 malicious URLs along with the help of information security(infosec) community. The team included around 256 researchers who worked together for 10 months in order to make it a successful operation. A vast majority of URLs were found to hosting prolific malware such as Emotet and Gozi trojans and GandCrab ransomware. The researchers collected about 380,000 malware samples over the past ten months and almost 16,000 of them were payloads for Emotet trojan. Around 13,000 payloads were found to be related to Gozi trojan and little over 6,000 samples belonged to GandCrab ransomware.

Top Vulnerabilities Reported in the Last 24 Hours

Cisco patches CVE-2018-15439

Security patch for a critical vulnerability - dubbed as CVE-2018-15439 - in Cisco's small business switches software has been released by the firm. The vulnerability affected Cisco's software version 1.4.9.04 and could allow a remote attacker to bypass a device's authentication mechanism. The flaw could also allow the attacker to execute arbitrary commands with full admin rights.

Adobe patches XSS vulnerabilities

Adobe has released security patches for two cross-site scripting vulnerabilities (CVE-2018-19726 and CVE-2018-19727) that were discovered in Adobe Experience Manager (AEM) products. The flaws could result in the disclosure of sensitive information.

Flaws in Omron HMI products

The HMI products of Omron was found to be infected by a remote code execution flaw. The flaw can be exploited via malicious project files and could enable attackers to inject random codes on the vulnerable installations of Omron. Apart from that, several other flaws that can trigger DDoS attacks on the systems were also found by researchers.

Related Threat Briefings