From Security Weekly Wiki
Jump to navigationJump to search


  1. Almost 800,000 SonicWall VPN appliances online are vulnerable to CVE-2020-5135
  2. Dickey's Barbecue Pit Investigating Possible Breach Affecting 3M Payment Cards
  3. New Emotet campaign uses a new ‘Windows Update’ attachment
  4. Albion Online game maker discloses data breach
  5. Discord desktop app vulnerability chain triggered remote code execution attacks
  6. US charges six Russian intelligence officers with hacking Ukraine, 2018 Olympics, and Skripal investigation
  7. VoIP Firm Broadvoice Leaks 350 Million Customer Records An unsecure, Elasticsearch database cluster belonging to Los Angeles, Calif.-based VOIP provider Broadvoice was found exposed online on Oct. 1 containing more than 275 million Broadvoice XBP customers' full names, identification numbers, phone numbers, and states and cities of residence.
  8. NSA Publishes List of Top Vulnerabilities Currently Targeted by Chinese NSA has released an in-depth report discussing the top 25 vulnerabilities that are currently being scanned, targeted, and exploited by Chinese state-sponsored hacking groups to gain access to targeted networks and steal sensitive information
  9. MobileIron Enterprise MDM Servers Under Attack from DDoS Gangs, Nation-States Threat actors have been spotted exploiting CVE-2020-15505, CVE-2020-15506, and CVE-2020-15507, which affects MobileIron MDM servers. CVE-2020-15505 allows for RCE and is a high risk vulnerability.
  10. Montreal's STM Public Transport System Hit by Ransomware Attack STM suffered a "RansomExx" ransomware attack on Oct. 19 that impacted its services and online systems and resulted in an outage of its customer support system, IT systems, and website.