The news comes as President Trump tweets opposition to take-down efforts by the tech giants.
Link: https://threatpost.com/following-facebook-and-twitter-google-targets-iranian-influence-operation/136912/
Tag: Web Security
T-Mobile Alerts 2.3 Million Customers of Data Breach Tied to Leaky API
T-Mobile alerts millions of its customers to a breach of its website that resulted in subscriber names, zip codes, phone numbers, email addresses and account numbers being stolen.
Link: https://threatpost.com/t-mobile-alerts-2-3-million-customers-of-data-breach-tied-to-leaky-api/136896/
Cross-Site Scripting Flaw in Apache ActiveMQ Threatens Web Visitors
With the malicious code embedded into websites, the attacker can then piggyback on the trust level of the website and launch a variety of attacks.
Link: https://threatpost.com/cross-site-scripting-flaw-in-apache-activemq-threatens-web-visitors/136888/
ThreatList: $1.1M is Lost to Cybercrime Every Minute of Every Day
Every minute, there are also 5,518 records leaked from publicly disclosed incidents.
Link: https://threatpost.com/threatlist-1-1m-is-lost-to-cybercrime-every-minute-of-every-day/136871/
AdvisorsBot Downloader Emerges in Raft of Malware Campaigns
A tricky downloader has hit the scene in a series of campaigns targeting restaurants, hotels and telecommunications companies.
Link: https://threatpost.com/advisorsbot-downloader-emerges-in-raft-of-malware-campaigns/136863/
Apache Struts 2 Flaw Uncovered: ‘More Critical Than Equifax Bug’
Apache has patched a critical remote code-execution vulnerability in Struts 2, and users should update immediately.
Link: https://threatpost.com/apache-struts-2-flaw-uncovered-more-critical-than-equifax-bug/136850/
Security and Artificial Intelligence: Hype vs. Reality
Bridging the divide between hype and reality when it comes to what artificial intelligence and machine learning can do to help protect a business.
Link: https://threatpost.com/security-and-artificial-intelligence-hype-vs-reality/136837/
DNC: Highly Publicized ‘Phishing Attempt’ Was Only a Security Test
DNC officials and Lookout believed a spoofed site was built to harvest authentication details for the Democratic voter database.
Link: https://threatpost.com/dnc-highly-publicized-phishing-attempt-was-only-a-security-test/136828/
DNC Becomes Latest Target in Series of Election-Season Attacks
The DNC thwarts a phishing effort aimed at its voter database, days after Microsoft’s Fancy Bear disruption and Facebook’s efforts against Iranian propaganda.
Link: https://threatpost.com/dnc-becomes-latest-target-in-series-of-election-season-attacks/136814/
Unpatched Ghostscript Flaws Allow Remote Takeover of Systems
A remote, unauthenticated attacker could execute arbitrary commands on systems with the privileges of the Ghostscript code.
Link: https://threatpost.com/unpatched-ghostscript-flaws-allow-remote-takeover-of-systems/136800/