Your News for this Week
Billions of Records Including Passwords Leaked by Smart Home Vendor
A publicly accessible ElasticSearch cluster owned by Orvibo, a Chinese smart home solutions provider, leaked more than two billion user logs containing sensitive data of customers from countries all over the world.
Cyber Command Warns APT Targeting Government Agencies
A threat group has been exploiting an Outlook vulnerability to attack government agencies, according to a warning issued by the U.S. Cyber Command on July 2.
Microsoft reportedly issued a patch for the vulnerability, CVE-2017-11774, in October 2017 after a proof of concept (PoC) was publicly disclosed. Malicious actors have been exploiting the vulnerability ever since. In December 2018, researchers at FireEye issued a report on Iranian attackers believed to be associated with APT33 who were exploiting the vulnerability.
Mac Malware Pushed via Google Search Results, Masquerades as Flash Installer
Never-before-seen Mac malware, dubbed OSX/CrescentCore, has been discovered in the wild. The trojan, spotted on various websites masquerading as an Adobe Flash Player installer, drops malicious applications and browser extensions on victims’ systems when downloaded
17-Year-Old Weakness in Firefox Let HTML File Steal Other Files From Device
Except for phishing and scams, downloading an HTML attachment and opening it locally on your browser was never considered as a severe threat until a security researcher today demonstrated a technique that could allow attackers to steal files stored on a victim's computer.
Barak Tawily, an application security researcher, shared his findings with The Hacker News, wherein he successfully developed a new proof-of-concept attack against the latest version of Firefox by leveraging a 17-year-old known issue in the browser.