Pirate Bay Spotted Hosting Monero Cryptocurrency Miner
A cryptocurrency miner surfaced on The Pirate Bay for a day over the weekend. Source: www.threatpost.com
Web Security
Thousands of Elasticsearch Servers Hijacked to Host PoS Malware
Over 4,000 insecure Elasticsearch servers have been hosting the point-of-sale malware Alina and JackPoS. Source: https://threatpost.com
Zerodium Offering $1M for Tor Browser Zero Days
Exploit acquisition vendor Zerodium said Wednesday it will pay up to $1M for an unknown Tor Browser zero day. Source: www.threatpost.com
Microsoft Patches .NET Zero Day Vulnerability in September Update
Microsoft fixes 25 critical vulnerabilities including one zero day under attack and one tied to the high-profile BlueBorne attack vector. Source: https://threatpost.com
Popular D-Link Router Riddled with Vulnerabilities
D-Link router model 850L has 10 vulnerabilities that could allow a hacker to gain remote access and control of device, according to researcher. Source: www.threatpost.com
Many Questions, Few Answers For Equifax Breach Victims
Victims of the massive Equifax breach may have to wait days to find out if they were impacted. Source: www.threatpost.com
Microsoft Won’t Fix Security Bypass Vulnerability in Edge
Microsoft is opting to stand pat and not fix a content security bypass vulnerability in its Edge browser, something researchers warn could potentially lead to the disclosure of confidential information. Source: www.threatpost.com
IDN Homograph Attack Spreading Betabot Backdoor
An IDN homograph attack leveraging Adobe’s brand has been discovered, with the malicious site spreading the Betabot backdoor Source: www.threatpost.com
Patch Released for Critical Apache Struts Bug
The Apache Software Foundation released a patch on Tuesday for a critical vulnerability impacting all versions of Struts since 2008. Source: www.threatpost.com
Four Million Time Warner Cable Records Left on Misconfigured AWS S3
600 gigabytes of information, including SQL database dumps, code, access logs, and customer information, belonging to BroadSoft and its client, TWC, was left online, accessible to anyone. Source: www.threatpost.com