Internal Threats












        WeWork's Wi-Fi Exposed Files, Credentials, Emails. For years, sensitive documents and corporate data have
        been easily viewable on the coworking space's open network. WeWork's weak Wi-Fi security has been leaving
        sensitive data accessible on its open network for years. That may have compromised both organizations that
        work in WeWork spaces as well as those that have never entered WeWork but do business with companies
        that use its offices. A Fast Company report back in August highlighted poor security practices by the real estate
        firm, which rents out coworking spaces to mostly small businesses. A new report from CNET takes a deeper
        dive into the extent of WeWork's oversight and implications for its customers.
                Source:  https://www.darkreading.com/risk/weworks-wi-fi-exposed-files-credentials-emails/d/d-
                id/1335865



        Critical Vulnerability in D-link DNS-320 Devices let Hackers to Execute Remote Code and to Steal Data. D-link
        DNS-320 Devices have used as an ideal backup solution, it offers an effective way to share documents, music,
        videos, and photos with anyone that connected in your network. CyStack security researcher, Trung Nguyen,
        detected a remote code execution vulnerability in DNS-320 sharecenter devices that let the user’ s data
        vulnerable to remote hackers. The vulnerability can be tracked as CVE-2019-16057. The vulnerability resides in
        the login module of DNS-320 devices, by exploiting this vulnerability attackers could gain access to the devices
        remotely and control devices by executing arbitrary code

                Source: https://gbhackers.com/unauthenticated-rce-dns-320/



        Skidmap, Linux Malware Mining Cryptocurrency in Disguise. A new strain of Linux malware has been
        discovered by security researchers, which is configured to carry out a multitude of malicious activities besides
        just illegally mining cryptocurrency; by using a "secret master password" it provides hackers the universal
        access to the system. Skidmap, Linux malware demonstrates the increased convolutions in Cryptocurrency
        mining malware and prevalence of the corresponding threats. In order to carry out its cryptocurrency mining
        in disguise, Skidmap forges CPU-related statistics and network traffic, according to TrendMicro's recent blog on
        the subject. Highlighting the advanced methods used by Skidmap, researchers at TrendMicro said, "Skidmap
        uses fairly advanced methods to ensure that it and its components remain undetected. For instance, its use of
        LKM rootkits — given their capability to overwrite or modify parts of the kernel — makes it harder to clean
        compared to other malware.".

                Source: https://www.ehackingnews.com/2019/09/skidmap-linux-malware-mining.html

















                                                    www.accumepartners.com
                                                                                                                    11