Threat-hunters say the breached data from the massive Equifax incident is nowhere to be found, indicating a spy job.
Link: https://threatpost.com/equifax-data-nation-state/141929/
Tag: Vulnerabilities
Data Breach Bonanza: Dating Apps, Equifax, Mass Credential Dumps
Data-exposure “lowlights" for the week ending Feb. 15, 2019.
Link: https://threatpost.com/data-breach-equifax-credential-dumps/141925/
Critical OkCupid Flaw Exposes Daters to App Takeovers
The flaw is only one of many romance-related security issues as bad actors take advantage of Valentine’s Day.
Link: https://threatpost.com/critical-okcupid-flaw-exposes-daters-to-app-takeovers/141794/
Lenovo Watch X Riddled with Security Vulnerabilities
Researchers have identified multiple security issues with this Lenovo smartwatch.
Link: https://threatpost.com/lenovo-watch-x-riddled-with-security-vulnerabilities/141822/
‘Dirty Sock’ Flaw in snapd Allows Root Access to Linux Servers
The issue affects default installations of Ubuntu Server and Desktop and is likely included in many Ubuntu-like Linux distributions.
Unpatched Apple macOS Hole Exposes Safari Browsing History
There are no permission dialogues for apps in certain folders for macOS Mojave, which allows a malicious app to spy on browsing histories..
Siemens Warns of Critical Remote-Code Execution ICS Flaw
The affected SICAM 230 process control system is used as an integrated energy system for utility companies, and as a monitoring system for smart-grid applications.
Link: https://threatpost.com/siemens-critical-remote-code-execution/141768/
Microsoft Patches Zero-Day Browser Bug Under Active Attack
In its February Patch Tuesday bulletin Microsoft patches four public bugs and one that under active attack.
Link: https://threatpost.com/microsoft-patches-zero-day-browser-bug-under-active-attack/141755/
Critical WordPress Plugin Flaw Allows Complete Website Takeover
Users of the popular plugin, Simple Social Buttons, are encouraged to update to version 2.0.22.
Link: https://threatpost.com/wordpress-plugin-flaw-website-takeover/141746/
Major Container Security Flaw Threatens Cascading Attacks
A fundamental component of container technologies like Docker, cri-o, containerd and Kubernetes contains an important vulnerability that could cause cascading attacks.
Link: https://threatpost.com/container-security-flaw-runc/141737/