Every month our Cyber Defense Center keeps you informed about the most recent dangers, hacks, leaks and attacks. Make sure to stay up-to-date and bring a visit to our security blog regularly. If you have any questions, please don’t hesitate to contact us!
Top 5 dangers
1. RCE Cisco WebEx extension vulnerability • Source
This month a remotely exploitable code execution flow in the Cisco WebEx extension for Google Chrome, Internet Explorer on Windows systems, and Firefox has been discovered. According to Cisco browser extensions for Mac or Linux and Microsoft Edge are not affected.
More information can be found on the security advisory of Cisco.
2. Mail providers are failing to filter out dangerous emails from users’ inboxes • Source
According to Mimecast’s third quarterly Email Security Risk Assessment (ESRA), these emails can contain malicious attachments and dangerous files types, be used for business email compromise and impersonation attacks or be spam and phishing attempts.
3. Google Groups misconfiguration leads to sensitive data leaks • Source
If your employees are using Google Groups to discuss issues and ideas, you might want to check whether the sharing setting for these groups is set to “Private”.
4. Android spyware still collects personal identifiable information despite outcry • Source
Researchers told attendees at Black Hat Adups was still sending user data back to the company’s Chinese-based servers. This includes user data, body of text messages, call history with phone numbers etc
5. The use of file less threats and dual-use tools by attackers is becoming more common • Source
Attackers are increasingly making use of tools already installed on targeted computers or are running simple scripts and shellcode directly in memory. Creating fewer new files on the hard disk, or being completely file less, means less chance of being detected by traditional security tools and therefore minimizes the risk of an attack being blocked. Using simple and clean dual-use tools allows the attacker to hide in plain sight among legitimate system administration work.
Top 5 recent hacks, leaks and attacks
1. Casino hacked through a fish (or is it phish) tank • Source
Hackers attempted to steal data from a North American casino through a fish tank connected to the internet. As internet-connected gadgets and appliances become more common, there are more ways for bad guys to gain access to networks and take advantage of insecure devices.
2. Hackers can turn web-connected car washes into death traps • Source
3. Dutch police seized AlphaBay, a Dark Web marketplace • Source
AlphaBay offered illicit commodities such as drugs, IDs and weapons. The Dutch police managed to copy the servers (placed in Lithuania) and generate a copy of AlphaBay on their servers for investigations.
4. Researchers remotely hack Tesla Model X • Source
Security researchers from Tencent’s Keen Security Lab have found vulnerabilities in one of Tesla’s cars and demonstrated that they can be exploited remotely to do things like open the car’s doors and force it to break while in motion.
5. Biggest data leak in Swedish history • Source
The Swedish Transport Agency (STA) outsourced the management of its database and other IT services to IBM. During the process, STA decided to bypass several security checks and as a result gave access to the whole database to foreign nationals from the Czech Republic and Serbia.