Nightfall Weekly InfoSec Roundup: July 23 to July 29

Michael Osakwe
July 30, 2019
Nightfall Weekly InfoSec Roundup: July 23 to July 29Nightfall Weekly InfoSec Roundup: July 23 to July 29
Michael Osakwe
July 30, 2019
On this page

Cyber Attacks & Breaches

  • 13,000 NAB customers affected by data breach
    (ComputerWorld) July 28th
    NAB has begun contacting some 13,000 of its customers revealing details of a data breach. The bank said that a range of personal information including names, dates of birth, contact details and in some cases, the number of a government-issued ID documents, was erroneously uploaded to the servers of two “data service companies”.
  • Ransomware crooks hit Synology NAS devices with brute-force password attacks
    (ZDNet) July 26th
    Taiwan-headquartered storage vendor Synology is warning users to strengthen the passwords to their network attached storage (NAS) after several devices — capable of storing terabytes of data — were encrypted by ransomware.

Vulnerabilities & Exploits

  • Critical Flaws Found in VxWorks RTOS That Powers Over 2 Billion Devices
    (The Hacker News) July 29th
    Security researchers have discovered almost a dozen zero-day vulnerabilities in VxWorks, one of the most widely used real-time operating systems (RTOS) for embedded devices that powers over 2 billion devices across aerospace, defense, industrial, medical, automotive, consumer electronics, networking, and other critical industries.
  • Scams use false alerts to target Office 365 users, admins
    (SC Magazine) July 23rd
    Malicious actors have recently been targeting Microsoft Office 365 users in two separate scams – one that distributes the TrickBot information-stealing trojan via a fake website and a phishing campaign that sends fake alerts with the intent to take over the accounts of email domain administrators.
  • Browser Flaws Exposed Local Area Networks at Health, Drug Firms
    (HIT Infrastructure) July 24th
    Vulnerabilities in Chrome and Firefox browser extensions enabled attackers to access local area networks (LANs) of several healthcare and pharmaceutical companies including AthenaHealth, Epic Systems, Kaiser Permanente, Merck, Pfizer, and Roche.
  • Slide deck brings BlueKeep exploit closer to the wild
    (TechTarget) July 23rd
    A Chinese researcher presented details regarding how to achieve a remote code execution BlueKeep exploit and experts now say attacks in the wild are closer than ever.
  • Android vulnerability lets hackers hijack your phone with malicious videos
    (The Next Web) July 24th
    If you use a phone running any version of Android between 7.0 and 9.0 (Nougat, Oreo, or Pie), you ought to immediately install the latest security update – or risk getting your handset hijacked by devious video malware.

Risks & Warnings

Join us next week for the next edition of Nightfall’s Weekly InfoSec Roundup!

Nightfall Mini Logo

Getting started is easy

Start protecting your data with a 5 minute agentless install.

Get a demo