Round Up of Major Breaches and Scams
Nearly all cybersecurity companies have exposed sensitive data including PII and passwords online, according to a new study from ImmuniWeb. The security vendor selected 398 of the world’s top security vendors and then scoured surface, dark and deep web sites including hacking forums and marketplaces, WhatsApp groups, public code repositories, social networks and paste websites. It claimed to have discovered verified sensitive data over 631,000 times, with 17% of these “incidents” estimated to have critical risk.
The world’s largest webmaster form has been found wanting in terms of its cybersecurity posture after researchers discovered an unprotected database leaking data on nearly 900,000 users. Digital Point provides a platform for members to chat and buy and sell websites, domains and digital services. Back in July, researchers at WebsitePlanet teamed up with Jeremiah Fowler to discover an Elasticsearch database belonging to Digital Planet that was left online without password protection, exposing nearly 63 million records.
Round Up of Major Malware and Ransomware Incidents
UK research university Newcastle University suffered a DoppelPaymer ransomware attack and took its systems offline in response to the attack. UK research university Newcastle University was infected with the DoppelPaymer ransomware, in response to the incident it was forced to take systems offline on the morning of August 30th. The Newcastle University did not provide info about the family of ransomware behind the attack, but the DoppelPaymer ransomware operators are claiming to be responsible.
There’s an update to the situation with Banco Estado, noted previously on this site. Catalin Cimpanu reports: BancoEstado, one of Chile’s three biggest banks, was forced to shut down all branches on Monday following a ransomware attack that took place over the weekend. “Our branches will not be operational and will remain closed today,” the bank said in a statement published on its Twitter account on Monday.
Round Up of Major Vulnerabilities and Patches
Microsoft has fixed a bug in the Windows 10 version 2004 defragger that caused SSD drives to be defragmented too often. In June 2020, after the Windows 10 May 2020 Update was released, we reported that the operating system’s automatic maintenance feature contained numerous bugs. These bugs would cause SSD drives to be excessively defragged and for the ‘Optimize Drives’ feature to try and use the ‘Trim’ command on non-SSD drives, which do not support it.
Google has resolved an XSS vulnerability in Google Maps that was reported through the tech giant’s bug bounty program. Google’s Vulnerability Reward Programs (VRP) provides a platform for third-party researchers to disclose security issues in Google services and products privately, in return for a financial reward and credit.
Routers made by MoFi Network are affected by several vulnerabilities, including critical flaws that can be exploited to remotely hack a device. The vulnerabilities were reported to the vendor in May by Rich Mirch, a security researcher at CRITICALSTART. However, some of them remain unpatched. The researcher discovered a total of 10 vulnerabilities affecting MOFI4500 routers, a majority related to the web management interface, which by default is accessible on all network interfaces.