Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence July 19, 2018 - Featured Image

Daily Threat Briefing Jul 19, 2018

Top Vulnerabilities Reported in the Last 24 Hours

**XXS vulnerability
** The scrollspy plugin of Bootstrap contains a vulnerability which could allow remote attackers to launch cross-site scripting (XXS) attacks, which could help them gain access to sensitive information. The vulnerability exists in the data-target property of the scrollspy plugin used by the affected software and is due to insufficient validation of user-supplied input.

**MITM bug
** A vulnerability has been found in Facebook Messenger for Android. If exploited, the bug could allow hackers to conduct man-in-the-middle (MITM) attacks. The flaw could also allow attackers to secretly alter communications between two parties who believe they are directly communicating with each other.

**SQL injection flaw
** Security researchers detected a vulnerability in the WolfSight CMS during a bug bounty program. The flaw could allow hackers to conduct SQL injection attacks, which in turn could influence the database exchange.

Top Breaches Reported in the Last 24 Hours

**Aviation ID Australia hack
** Aviation ID Australia was hit by hackers. The firm issues Aviation Security Identity Cards (ASICs). The breach potentially exposed personal details of those applying for a security check. It is estimated that personal information including name, street address, birth certificate number, drivers license number, Medicare card number and ASIC number could have been accessed by hackers.

**Zimbabwe Electoral Commission breach
** The Zimbabwe Electoral Commission is suspected to have been infiltrated by hackers who stole biometric voters' roll. The information suspected stolen includes personal details such as fingerprints, pictures, addresses, cellphone numbers, national identity numbers and physical addresses.

**Robocent breach
** Robocent political autodial firm's cloud storage was publicly exposed. The AWS buckets, which contained 2594 files, were accessible to anyone on the internet. The database contained audio files, with pre-recorded political messages for robocalls dials and voter data. Information such as full names, phone numbers, dates of birth, political affiliations, and demographics was also exposed.

Related Threat Briefings