Sep 21, 2018

Daily brief for 2018-09-20

ASIA

  1. Hundreds of Indian Government Websites Hit with Cryptojacking Malware
  2. The public's trust, politics and race, and dignity for the LGBT community: MP Murali Pillai goes On the Record
  3. China Arrests Suspect for Customer Data Leak at Accor Partner

WORLD

  1. A worrying future for the next generation?
  2. US authorities Have Pardoned Authors of Mirai Ransomware in Return For Government “Cooperation”
  3. Book Review: Malware Data Science
  4. New Magecart victims ABS-CBN and Newegg are just the tip of the iceberg
  5. Magecart Strikes Again, Siphoning Payment Info from Newegg
  6. Wyden: Tech company has told multiple senators of foreign hacking attempts
  7. Data commissioner fines Equifax £500,000 for US data breach affecting UK customers
  8. LG V40 ThinQ Alleged Specifications Sheet Leaked; Reveals 8GB RAM Model With a 6.4-Inch Display, but No Triple-Rear-Camera
  9. UK organisations’ email accounts used in mass phishing campaigns
  10. Newegg Inc. Suffers Hack, Credit Card Data Stolen
  11. This Russian botnet mimics your click to prevent Android device factory resets
  12. 7GB of Medical Data Publicly Exposed Thanks to Misconfigured AWS S3 Bucket
  13. US State Department confirms data breach to unclassified email system
  14. HMRC Tax Refund Scam via Phishing Campaign
  15. Threats posed by using RATs in ICS
  16. NewEgg Network is attacked by hackers
  17. Privacy advocates have failed to engage on My Health Record
  18. UK Regulator Fines Equifax £500,000 Over 2017 Data Breach
  19. Magecart cybercrime group stole customers’ credit cards from Newegg electronics retailer
  20. GovPayNow Leak of 14M+ Records The All Time Low in Processing
  21. Latest Hacking News Podcast
  22. Card Data-Scraping Magecart Code Found on Newegg
  23. Newegg hacked: The new victim of Magecart malware
  24. Mirai botnet developers collaborate with the FBI
  25. Western Digital My Cloud vulnerability, let’s hacker gives full access
  26. US Signal partners with Cloudflare to deliver DDoS protection service

ATTACKS

  1. 14 million customer records exposed in GovPayNow leak
  2. State Department email breach leaks employee PII
  3. Magecart data breach possibly avoidable -magecart-data-breach-possibly-avoidable/ …
  4. Adams County clerk resigns over role in data breach
  5. Snap! Adobe patches, sneaky Android botnets, Alexa invasion, robot skins
  6. Account Takeover Attacks Become a Phishing Fave
  7. ICO to Fine Equifax £500,000 for 2017 Data Breach   via
  8. Account Takeover Attacks Result in Phishing Scams  pic.twitter.com/hR2kSqlpCN
  9. Malicious Login Attempts Spike in Finance, Retail  pic.twitter.com/OQPWqymDRB
  10. Account Takeover Attacks Result in Phishing Scams -magazine.com/news/account-takeover-attacks-result-in?utm_source=twitterfeed&utm_medium=twitter …
  11. Malicious Login Attempts Spike in Finance, Retail -magazine.com/news/malicious-login-attempts-spike-in?utm_source=twitterfeed&utm_medium=twitter …
  12. The makers of the Mirai IoT-hijacking botnet are sentenced   via
  13. 3 Drivers Behind the Increasing Frequency of DDoS Attacks
  14. New XBash malware combines features from ransomware, cryptocurrency miners, botnets, and worms
  15. Pegasus spyware spotted in 45 countries, many with questionable human rights records
  16. Account Takeover Attacks Become a Phishing Fave
  17. : The 3 people suspected of the have escaped jail after agreeing to provide “substantial assistance” to the in ongoing cases. Read more about this story here:   .twitter.com/Yzb9wM7KzU
  18. State Department: Some Employee Info Possibly Exposed in Security Incident   via
  19. This breach is a great example of how CT logs can be useful as an early indicator of an ongoing attack campaign. Orgs should be monitoring CT for certificates issued to look-alike domains to improve their situational awareness. -magazine.com/news/magecart-skimmed-newegg-cards/ …
  20. 3 Drivers Behind the Increasing Frequency of DDoS Attacks
  21. Data commissioner fines Equifax £500,000 for US data breach affecting UK customers
  22. Newegg Electronic Retailers Suffered a Data Breach and Hackers Stole Customers Credit Card Data
  23. LG V40 ThinQ Alleged Specifications Sheet Leaked; Reveals 8GB RAM Model With a 6.4-Inch Display, but No Triple-Rear-Camera
  24. : malware detections have soared 273% since 2017 according to new stats from . The most popular way to spread is brute-forcing of passwords, used in 93% of detected attacks. Read more here:   .twitter.com/Ct8Z7qckRC
  25. ICO to Fine Equifax £500,000 for 2017 Data Breach   via
  26. UK organisations’ email accounts used in mass phishing campaigns
  27. Threat Spotlight: Barracuda study finds account takeover incidents widespread, most commonly used for phishing campaigns
  28. Hackers Uploaded Fake Apps into Google Play Store to Steal Credit card details and Login Credentials
  29. This Russian botnet mimics your click to prevent Android device factory resets
  30. 7GB of Medical Data Publicly Exposed Thanks to Misconfigured AWS S3 Bucket
  31. The public's trust, politics and race, and dignity for the LGBT community: MP Murali Pillai goes On the Record
  32. FBI wants to keep “helpful” Mirai botnet authors around
  33. US State Department confirms data breach to unclassified email system
  34. Researcher discovers buffer overflow vulnerability in Microsoft's JET Database Engine
  35. HMRC Tax Refund Scam via Phishing Campaign
  36. China Arrests Suspect for Customer Data Leak at Accor Partner
  37. Phishing finance apps make way back into Google Play
  38. State Department Email Breach Exposed Personal Data Of Employees
  39. Equifax fined £500,000 over customer data breach
  40. The makers of the Mirai IoT-hijacking botnet are sentenced   via
  41. Privacy advocates have failed to engage on My Health Record
  42. UK Regulator Fines Equifax £500,000 Over 2017 Data Breach
  43. Manipulation tactics that you fall for in phishing attacks
  44. GovPayNow Leak of 14M+ Records The All Time Low in Processing
  45. Mirai botnet developers collaborate with the FBI
  46. State Department: Some Employee Info Possibly Exposed in Security Incident   via
  47. Identifying botnets before an attack: The new DARPA challenge
  48. US Signal partners with Cloudflare to deliver DDoS protection service

THREATS

  1. Android bug bounty tops $3m in third year, but pay flattens out
  2. Facebook Bug Bounty opens to reward access token exposure
  3. US authorities Have Pardoned Authors of Mirai Ransomware in Return For Government “Cooperation”
  4. Bug hunters fail third year in a row to get top prize in Android hacking program
  5. Domain Joined Outlook 2016 Issues - 0x8004011D
  6. Report: Cryptomining malware detections up more than 459 percent since 2017
  7. Bad actors are sizing up systems via lightweight recon before attack, researchers at Proofpoint said:
  8. The rate at which new threats appear now requires a much greater reliance on threat intelligence. Learn more about its opportunities and challenges in our .  pic.twitter.com/bEh9MKP6nS
  9. Malicious Login Attempts Spike in Finance, Retail  pic.twitter.com/OQPWqymDRB
  10. Malicious Login Attempts Spike in Finance, Retail -magazine.com/news/malicious-login-attempts-spike-in?utm_source=twitterfeed&utm_medium=twitter …
  11. New XBash malware combines features from ransomware, cryptocurrency miners, botnets, and worms
  12. Pegasus spyware spotted in 45 countries, many with questionable human rights records
  13. Book Review: Malware Data Science
  14. Increased Use of a Delphi Packer to Evade Malware Classification
  15. Cisco Issues New Warning for 6-Month-Old Critical Bug in IOS XE
  16. Hundreds of Indian Government Websites Hit with Cryptojacking Malware
  17. This breach is a great example of how CT logs can be useful as an early indicator of an ongoing attack campaign. Orgs should be monitoring CT for certificates issued to look-alike domains to improve their situational awareness. -magazine.com/news/magecart-skimmed-newegg-cards/ …
  18. Mitigate Risk From Malicious and Accidental Insiders
  19. : malware detections have soared 273% since 2017 according to new stats from . The most popular way to spread is brute-forcing of passwords, used in 93% of detected attacks. Read more here:   .twitter.com/Ct8Z7qckRC
  20. Sustes Malware: CPU for Monero
  21. : Hackers say and have been the easiest attack vectors to exploit this year. 56% of said that social engineering is the fastest account seizing technique to use on them. Read more here:   .twitter.com/e5ogD8VYWT
  22. Guarding the Gate: Cybersecurity De-Mystified
  23. Researcher discovers buffer overflow vulnerability in Microsoft's JET Database Engine
  24. Interview with Daniel Stenberg: His thoughts on the Curl Bug Bounty Program
  25. Report: Cryptomining malware detections up more than 459 percent since 2017
  26. Threats posed by using RATs in ICS
  27. Western Digital goes quiet on unpatched MyCloud flaw
  28. CVE-2018-0150: Cisco IOS XE Software Static Credential Vulnerability
  29. Adobe releases patch out of schedule to squash critical code execution bug
  30. Cisco IOS XE Software Static Credential Vulnerability
  31. Report Reveals Widespread Use of Pegasus Spyware
  32. GovPayNow Leak of 14M+ Records The All Time Low in Processing
  33. Adobe issued a critical out-of-band patch to address CVE-2018-12848 Acrobat flaw
  34. Ubuntu Released Security Updates & Fixed Multiple Critical Vulnerabilities
  35. Evil Clone Attack – Hackers Injecting Crypto-mining Malware into Legitimate PDF Software
  36. Newegg hacked: The new victim of Magecart malware
  37. Vulnerability in My cloud devices exposes sensitive information
  38. Western Digital My Cloud vulnerability, let’s hacker gives full access
  39. Guarding the Gate: Cybersecurity De-Mystified
  40. How to detect and remove a virus from your Android phone | Avast

CRIME

  1. Report: Cryptomining malware detections up more than 459 percent since 2017
  2. The makers of the Mirai IoT-hijacking botnet are sentenced   via
  3. : The 3 people suspected of the have escaped jail after agreeing to provide “substantial assistance” to the in ongoing cases. Read more about this story here:   .twitter.com/Yzb9wM7KzU
  4. New Magecart victims ABS-CBN and Newegg are just the tip of the iceberg
  5. Magecart Strikes Again, Siphoning Payment Info from Newegg
  6. Newegg Electronic Retailers Suffered a Data Breach and Hackers Stole Customers Credit Card Data
  7. Newegg Inc. Suffers Hack, Credit Card Data Stolen
  8. Hackers Uploaded Fake Apps into Google Play Store to Steal Credit card details and Login Credentials
  9. 7GB of Medical Data Publicly Exposed Thanks to Misconfigured AWS S3 Bucket
  10. HMRC Tax Refund Scam via Phishing Campaign
  11. Report: Cryptomining malware detections up more than 459 percent since 2017
  12. NewEgg Network is attacked by hackers
  13. The makers of the Mirai IoT-hijacking botnet are sentenced   via
  14. Magecart cybercrime group stole customers’ credit cards from Newegg electronics retailer
  15. Manipulation tactics that you fall for in phishing attacks
  16. GovPayNow Leak of 14M+ Records The All Time Low in Processing
  17. Card Data-Scraping Magecart Code Found on Newegg
  18. Newegg hacked: The new victim of Magecart malware
  19. Mirai botnet developers collaborate with the FBI

POLITICS

  1. Wyden: Tech company has told multiple senators of foreign hacking attempts
  2. 7GB of Medical Data Publicly Exposed Thanks to Misconfigured AWS S3 Bucket
at
Labels: