Top Weekly Cyber News: July 28-August 3, 2019

Hi folks! You may find below the latest news about global incidents, threats and attacks handpicked by our super XM Cyber team of experts.
TechCrunch – StockX was hacked, exposing millions of customers’ data
August 3
It wasn’t “system updates” as it claimed. StockX was mopping up after a data breach, TechCrunch can confirm. The fashion and sneaker trading platform pushed out a password reset email to its users on Thursday citing “system updates,” but left users confused and scrambling for answers. [More]

TechRaptor – E3 Vulnerability Leaks Personal Information For Over 2,000 Media Members
August 3
The private information of over 2,000 E3 2019 attendees who had a media badge has leaked online. The owners of E3, the Entertainment Software Association, had a page on their website linking to a spreadsheet file with the personal information of each journalist, YouTuber, streamer, developer, etc. It listed their full name, phone number, address, and other information as well. [More]

Fortune – After Capital One, Equifax, Marriott, and the Rest, Just Assume Your Data Has Been Hacked
August 3
What’s a data breach victim to do? Answer: Don’t let the leakages get you down. Do not give up hope. Stay vigilant—and take action. [More]

Security Affairs – DRAGONBLOOD flaws allow hacking WPA3 protected WiFi passwords
August 3
Dragonblood researchers found two new weaknesses in WPA3 protocol that could be exploited to hack WPA3 protected WiFi passwords. passwords. [More]

BleepingComputer – Ransom Note Replaces 2.1M Customer Records on Open MongoDB
August 2
Hackers on the prowl for unsecured databases found a publicly accessible MongoDB instance and replaced the almost 1.2 million sensitive records it stored with a ransom note. The hackers were quick to spot the database, which was completely unprotected; anyone with the right link could access its contents without any form of authentication. [More]

ThreatPost – Nation-State APTs Target U.S. Utilities With Dangerous Malware
August 2
Researchers spotted the never-before-seen LookBack malware being used in spearphishing campaigns against three U.S. utilities. Researchers believe that nation-state actors are behind several spearphishing campaigns targeting U.S. utility companies with a newly-identified malware, which has the capabilities to view system data and reboot machines. [More]

PCMag – Poshmark Tells Users to Reset Passwords After Data Breach
August 2
Stolen data includes the customer’s full name, gender, city, email address and linked social media profiles. Poshmark is warning customers to be on alert for phishing emails. [More]

CISOmag – Data breach exposed One Million Payment Card details in South Korea
August 2
Security researchers discovered that hackers have compromised more than one million payment card records and posted for sale on the Dark Web since May 29, 2019. A recent report, from cybersecurity firm Gemini Advisory, revealed that South Korea is the largest victim of the Card Present (CP) data theft in the entire Asia-Pacific (APAC) region. [More]

ThreatPost – Honda’s Security ‘Soft Spots’ Exposed in Unsecured Database
July 31
A researcher said that he found a Honda ElasticSearch database exposing 40GB of internal system and device data. An unsecured database belonging to Honda Motor Company was found leaking crucial information about its global systems, including which devices aren’t up-to-date or protected by security solutions. [More]

Health IT Security – 200 Million Devices Vulnerable to Remote Takeover Via VxWorks Flaw
July 31
Armis found 11 critical vulnerabilities in the VxWorks system, a platform found in 2 billion devices, including medical equipment and IoT devices; officials say patching will be long and difficult. [More]


Purple is the New Black


Find and fix the exposures that put your critical assets at risk with ultra-efficient remediation.

See what attackers see, so you can stop them from doing what attackers do.