QuoScient’s Weekly Intelligence Bulletin for the week of 26 September – 03 October 2019 is now available! Please contact our sales team at firstname.lastname@example.org to subscribe today.
Find a summary below.
Reported Incidents Industry Impacted: Information Technology
Researchers at Context are attributing the latest data breach at Airbus, which resulted in unauthorized access to intellectual property, to a previously unreported threat actor group known as Avivore. Avivore is reportedly targeting assets in sectors such as aerospace and defense, automotive, energy, space, and satellite technology.
Vulnerabilities Industry Impacted: ANY, Information Technology
A joint team of researchers published a report detailing attacks they developed, dubbed PDFex, which could allow an attacker to break PDF encryption and signatures. Successful exploitation would allow the attacker to exfiltrate content or arbitrarily change the contents of the document without invalidating the signature.
Researchers at QAX A-TEAM discovered a new critical vulnerability in the popular message transfer agent Exim, which can result in threat actors launching a denial-of-service (DoS) or remote code execution attack (RCE). While the vendor does not report exploitation in the wild at the time of reporting, a proof-of-concept is publicly available for triggering the DoS condition.
Cyberattacks were rated as the second highest risk to doing business in the World Economic Forum’s (WEF) ”Regional Risks for Doing Business 2019” report.
05 October – North Korea and US to hold working-level talks about North Korea’s nuclear weapons.
08 October – Meet QuoScient at the it-sa IT-Security Fair in Nuremberg, Germany.