Blog

Top Weekly Cyber News: April 8-13, 2019

Hi folks! You may find below the latest news about global incidents, threats and attacks handpicked by our super XM Cyber team of experts.
ThreatPost – North Korea’s Hidden Cobra Strikes U.S. Targets with HOPLIGHT
April 12
The custom malware is a spy tool and can also disrupt processes at U.S. assets. A never-before-seen spyware variant called HOPLIGHT is targeting U.S. companies and government agencies in active attacks, according to the U.S. Department of Homeland Security. [More]

FireEye Blog – TRITON Actor TTP Profile, Custom Attack Tools, Detections, and ATT&CK Mapping
April 10
FireEye can now confirm that we have uncovered and are responding to an additional intrusion by the attacker behind TRITON at a different critical infrastructure facility. [More]

The Hacker News – Security Flaws in WPA3 Protocol Let Attackers Hack Wifi Password
April 10
It has been close to just one year since the launch of next-generation Wi-Fi security standard WPA3 and researchers have unveiled several serious vulnerabilities in the wireless security protocol that could allow attackers to recover the password of the Wi-Fi network. [More]

Microsoft Blog– Analysis of a targeted attack exploiting the WinRAR CVE-2018-20250 vulnerability 
April 10
In early March, we discovered a cyberattack that used an exploit for CVE-2018-20250, an old WinRAR vulnerability disclosed just several weeks prior, and targeted organizations in the satellite and communications industry. [More]

MotherBoard – Researchers Uncover New Version of the Infamous Flame Malware
April 9
They also found evidence that Stuxnet has ties to another malware family. The discoveries were made using tools and techniques only available to researchers in recent years. [More]

ThreatPost – Link Routers Vulnerable to Zero-Day Buffer Overflow Attack 
April 8

Consumer router models allowed authenticated users to take unrestricted remote control over TL-WR940N and TL-WR941ND routers. Two models of TP-Link’s budget routers are vulnerable to zero-day flaws that allow attackers to take control of both. [More]

CPO Magazine – Largest Leak in History: Email Data Breach Exposes Over Two Billion Personal Records
April 8

The size and scope of data breaches continues to grow. The new world record has been set by email marketing service Verifications.io, thanks to some unsecured public-facing databases containing what appears to be just about all of their customer information. [More]

mxcyber

Find and fix the exposures that put your critical assets at risk with ultra-efficient remediation.

See what attackers see, so you can stop them from doing what attackers do.