Round Up of Major Breaches and Scams
Another day, another Indian job site targeted by hackers. This time, the database of Indian job board IIMJobs was leaked on a prominent hacking forum after the website suffered a data breach. The database was leaked on November 23rd, 2020 containing up to 46GB of data belonging to jobseekers and recruiters registered with IIMJobs.
In a joint statement Tuesday, the Capital Markets Authority and the Israel National Cyber Directorate confirmed that there had been a cyberattack on the Shirbit insurance company and that information had been leaked in the breach.
The CyberNews investigation team discovered an unsecured, publicly accessible Kibana dashboard of an ElasticSearch database containing confidential data belonging to French pharmaceuticals distribution platform Apodis Pharma, leaking 1.7+ TB of confidential data.
Round Up of Major Malware and Ransomware Incidents
Researchers have discovered a Monero cryptomining botnet they call Xanthe, which has been exploiting incorrectly configured Docker API installations in order to infect Linux systems.
Round Up of Major Vulnerabilities and Patches
Vulnerabilities discovered by researchers in Rockwell Automation’s FactoryTalk Linx product can allow attackers to compromise engineering workstations in industrial environments.
The critical remote code execution (RCE) vulnerability CVE-2020-14882 in Oracle WebLogic is actively exploited by operators behind the DarkIRC botnet. The CVE-2020-14882 can be exploited by unauthenticated attackers to take over the system by sending a simple HTTP GET request.
Google Project Zero whitehat hacker Ian Beer on Tuesday disclosed details of a now-patched critical “wormable” iOS bug that could have made it possible for a remote attacker to gain complete control of any device in the vicinity over Wi-Fi.
The GO SMS Pro Android app has published two new versions on Google Play since a major security weakness was disclosed in November but neither fixes the original issue, leaving 100 million users at risk for privacy violations, researchers said. Meanwhile, a raft of exploitation tools has been released in the wild for the bug.