Page 17 - AccumeView - September 2019
P. 17
Vulnerabilities &
ICOs
➢ Hackers replace customer data on unprotected MongoDB with ransom note
➢ Misconfigured JIRA Servers Leak Info on Users and Projects
➢ IKEA inadvertently exposed over 400 email addresses due to human error
➢ Broken Arrow Public Schools hit with ransomware attack
➢ We checked and yup, it's no longer 2001. And yet you can pwn a Windows box via
Notepad.exe
➢ Threat actors use a Backdoor and RAT combo to target the Balkans
➢ Vulnerability in Microsoft CTF protocol goes back to Windows XP
➢ New Bluetooth KNOB Flaw Lets Attackers Manipulate Traffic
➢ HVACking: Remotely Exploiting Bugs in Building Control Systems
➢ Trolldesh Ransomware Dropper
➢ Baldr malware unpicked with a little help from crooks’ bad opsec
➢ Silence Advanced Hackers Attack Banks All Over the World
➢ New Phishing Campaign Bypasses Microsoft ATP to Deliver Adwind to Utilities Industry
➢ $11M Email Scam at Caterpillar Pinned to Nigerian Businessman
➢ Routers from well-known manufacturers vulnerable to cross-router data leaks
➢ Hy-Vee issues warning to customers after discovering point-of-sale breach
➢ Command Injection with USB Peripherals
"I think continuous testing is really important because adversaries
behaviors change frequently, our profiles and organizations change
frequently and more importantly, even than the changes they bring
and the changes in the playbooks we face is ultimately the controls
and their effectiveness are easy to lose track of. And so when I think
about testing constantly, it is because I want to know more up to the
minute than up to the month how our controls are performing.“
-Justin Berman, CISO at Zenefits, on the importance of constant
testing of security controls
