From Security Weekly Wiki
Jump to navigationJump to search


  1. Billions of Devices Vulnerable to New 'BLESA' Bluetooth Security Flaw Security flaw dubbed "Bluetooth Low Energy Spoofing Attack" (BLESA) (CVE-2020-9770) that affects devices running the Bluetooth Low Energy (BLE) protocol. While some vendors such as Apple have released vendor specific fixes, not all vendors are expected to release a fix for this vulnerability.
  2. DOJ Says Five Chinese Nationals Hacked into 100 U.S. Companies Members of APT41 whose activities are aligned with China's 5 year economic development plans.
  3. Even cybersecurity companies spill data and passwords It seems that cybersecurity companies suffer from the same password problems that other organizations have to deal with – in that some systems might just be forgotten about or they have simple passwords for some accounts.
  4. Travel Industry Giants Failed to Secure their Websites Despite High-Profile Data Breaches Major airlines and hotel chains have failed to secure their online platforms even after previous data breaches and cyber-attacks exposed information of millions of customers’ and drew fines from privacy regulators.
  5. CISA Warns Election-Related Entities to Be on Watch for Phishing Attacks In an insight piece published on September 10 link, CISA highlighted malicious actors’ preference for phishing attacks in their efforts to target political parties, think tanks and other entities that might be involved in an election.
  6. Leaky server exposes users of dating site network Leaky database from Mailfire taken down after discovery. The leaky database stored more than 882 GB of log files pertaining to push notifications sent via Mailfire's service, with the logs being updated in real-time, as new notifications were being sent out.
  7. Researchers Uncover 89 Zero-Days in CMS Platforms The team uncovered 89 zero-day vulnerabilities in platforms such as WordPress, Joomla, Drupal and Opencart — and their plugins.