Top Weekly Cyber News: May 20-25, 2019

Hi folks! You may find below the latest news about global incidents, threats and attacks handpicked by our super XM Cyber team of experts.
Wired – Snapchat Employees Reportedly Spied on Private Snaps
May 25
At Snap, like so many other consumer-focused platforms before it, the spying was coming from inside the house. Motherboard reports that according to former and current employees, Snapchat developed a tool called SnapLion to allow the company to access user accounts in order to comply with legitimate legal requests from law enforcement. [More]

Naked Security – Serious Security: Don’t let your SQL server attack you with ransomware
May 25
If crooks want to sneak into your system, they have quite a few choices. They could do some serious hacking, using vulnerabilities and exploits to bypass the security checks you already have in place and tricking your servers into running software they’re not supposed to. [More]

Krebs on Security – First American Financial Corp. Leaked Hundreds of Millions of Title Insurance Records
May 24
The Web site for Fortune 500 real estate title insurance giant First American Financial Corp. [NYSE:FAF] leaked hundreds of millions of documents related to mortgage deals going back to 2003, until notified this week by KrebsOnSecurity. [More]

Data Breach Today – Instagram Bans Social Media Company After Data Exposure
May 24
Instagram has revoked the access of an Indian social media marketing company following an investigation into how the personal details of some of its users ended up in an unprotected database online. [More]

Cyberscoop – Facebook scrubbed 2.2 billion fake accounts in the first quarter of 2019, a new high
May 23
Facebook says its disabled roughly 2.2 billion fake accounts in the first quarter of this year, a record number of removals that targeted spammers, propagandists and others working to exploit the social media platform. [More]

Peerlyst – Proactive detection content: CVE-2019-0708 vs ATT&CK, Sigma, Elastic and ArcSight
May 20
I think the most of security community has agreed that CVE-2019-0708 vulnerability is of critical priority to deal with. And while saying “patch your stuff!” feels like the first thing that one should think of, the memories of WannaCry and NotPetya are still fresh in my mind. [More]


Find and fix the exposures that put your critical assets at risk with ultra-efficient remediation.

See what attackers see, so you can stop them from doing what attackers do.