Sep 25, 2018

Daily brief for 2018-09-24

ASIA

  1. Experts uncovered a new Adwind campaign aimed at Linux, Windows, and macOS systems
  2. Adwind RAT Scurries By AV Software With New DDE Variant

WORLD

  1. Pennsylvania Senate Democrats paid $700,000 to recover from ransomware attack
  2. macOS Mojave Privacy Bypass Flaw Allows Access to Protected Files
  3. Experts uncovered a new Adwind campaign aimed at Linux, Windows, and macOS systems
  4. Scottish Brewery Recovered from Ransomware Attack
  5. Yubico's latest authentication keys get the jump on a 'passwordless' future
  6. Scottish Brewery Recovered from Ransomware Attack  …
  7. U.S. General Service Administration Launches Bug Bounty Program
  8. Cybersecurity Has Become a Major Liability for Online Retailers
  9. US ISP RCN stores customer passwords in cleartext
  10. Operator of hackers' favorite malware scanning service gets 14 years in prison
  11. Black Rose Lucy Android malware mimics user's on-screen click
  12. Adwind RAT Scurries By AV Software With New DDE Variant
  13. Hacker Sentenced for Running “Scan4you” Malware Scanning Service
  14. Unraveling Emotet's Latest Macro Obfuscation
  15. #SecurityNews: Over 90% of US retail domains analyzed recently were found to be non-compliant with #PCI DSS. The sector also performed worst out of the 18 appraised. Read more about this here:   #compliance #cyberattack #
  16. Ransomware, Fileless Attacks and Cold Boot the Current Trend
  17. Virobot Malware Emerges
  18. Scottish brewery ransomware attack leverages job opening
  19. Arran Brewery Hits Massive Ransomware Attack – Warned Other Companies to Stay Safe

ATTACKS

  1. Microsoft goes password-free for Azure AD sign-in
  2. Cisco: We’ve killed another critical hard-coded root password bug, patch urgently
  3. Experts uncovered a new Adwind campaign aimed at Linux, Windows, and macOS systems
  4. Yubico's latest authentication keys get the jump on a 'passwordless' future
  5. New Adwind Campaign Targets Linux, Windows, and macOS
  6. US ISP RCN stores customer passwords in cleartext
  7. Zoho Suspended by Domain Registrar Over Phishy Emails
  8. [SingCERT] Alert on Cisco Video Surveillance Manager Default Password Vulnerability CVE-2018-15427
  9. Survey: Nearly one-third of breached companies reported job losses after data breach
  10. Breaking Chrome / Google account auto login (and tracking)
  11. 4 Things To Do To Get Your Smartphone Compromised
  12. Microsoft Deletes Passwords for Azure Active Directory Applications
  13. [SingCERT] Alert on Microsoft JET Database Engine Vulnerabilities CVE-2018-8392 and CVE-2018-8393
  14. It’s an active buyer’s market for DDoS-as-a-Service - NETSCOUT
  15. Tricky DoS Attack Crashes Mozilla Firefox
  16. Virobot Ransomware Logs Keystrokes and Adds PC to Spam Botnet
  17. Cisco: We've killed another critical hard-coded root password bug, patch urgently
  18. Cisco Removes Default Password From Video Surveillance Manager
  19. Credential Stuffing Attacks Are Reaching DDoS Proportions
  20. Freelance workers targeted in new malware campaign
  21. Viborot ransomware comes with a botnet
  22. Western Digital resolves year-old password bypass bug in My Cloud NAS devices
  23. Bug Exposed Direct Messages of Millions of Twitter Users
  24. A bug in Twitter Account Activity API exposed users messages to wrong developers
  25. Do you know who the biggest threat actors are? Check out this paper that shares our perspective on the key takeaways from the 2018 Verizon Data Breach Investigations Report. Get your copy here:   #DBIR #
  26. Pervasive email #security threats have dampened adoption of #cloud-based productivity tools: #survey   #BarracudaNetworks #phishing #Office365 #fraud #AI #
  27. Hackers Compromised Thousands of WordPress Sites and Redirects to Tech Support Scams

THREATS

  1. Hackers Use Cloud Hosting Services To Deliver Malware That Steals Cryptocurrency Wallet Details
  2. Pennsylvania Senate Democrats paid $700,000 to recover from ransomware attack
  3. macOS Mojave Privacy Bypass Flaw Allows Access to Protected Files
  4. Adwind RAT Scurries By AV Software With New DDE Variant
  5. Cisco: We’ve killed another critical hard-coded root password bug, patch urgently
  6. Join our LIVE Webcast with @SCMagazine on 9/25: #Cryptomining: The Next #Malware Attack >>> register now   <<<
  7. Scottish Brewery Recovered from Ransomware Attack
  8. Cybercriminals Target Kodi Media Player for Malware Distribution
  9. Scottish Brewery Recovered from Ransomware Attack  …
  10. U.S. General Service Administration Launches Bug Bounty Program
  11. Zoho Suspended by Domain Registrar Over Phishy Emails
  12. Operator of hackers' favorite malware scanning service gets 14 years in prison
  13. Cisco patches 'critical' credential bug in video surveillance software
  14. Black Rose Lucy Android malware mimics user's on-screen click
  15. Adwind RAT Scurries By AV Software With New DDE Variant
  16. [SingCERT] Alert on Cisco Video Surveillance Manager Default Password Vulnerability CVE-2018-15427
  17. Hacker Sentenced for Running “Scan4you” Malware Scanning Service
  18. Apple MacOS Mojave zero-day privacy bypass vulnerability revealed
  19. The MyCloud Auth Vulnerability Fixed by Western Digital with a Hotfix
  20. Blocking ransomware for free with honeypots
  21. Unraveling Emotet's Latest Macro Obfuscation
  22. [SingCERT] Alert on Microsoft JET Database Engine Vulnerabilities CVE-2018-8392 and CVE-2018-8393
  23. Adwind Trojan circumvents antivirus software to infect your PC
  24. Cisco Patches Critical Flaw in Cisco Video Surveillance Manager (VSM) Software
  25. #SecurityNews: Over 90% of US retail domains analyzed recently were found to be non-compliant with #PCI DSS. The sector also performed worst out of the 18 appraised. Read more about this here:   #compliance #cyberattack #
  26. Researchers warn of iTranslator man-in-the-middle malware
  27. New Bug Crashes Mozilla Firefox on Windows, Linux, and Mac Systems
  28. Virobot Ransomware Logs Keystrokes and Adds PC to Spam Botnet
  29. Cisco Patched Critical Vulnerability With Video Surveillance Manager Appliance
  30. [SingCERT] Alert on Critical Out-Of-Band Adobe Acrobat Vulnerability (CVE-2018-12848)
  31. Critical flaw affects Cisco Video Surveillance Manager
  32. Pennsylvania Senate Democrats paid $700,000 to recover from ransomware attack
  33. Ransomware, Fileless Attacks and Cold Boot the Current Trend
  34. macOS Mojave Privacy Bypass Flaw Allows Access to Protected Files
  35. Cisco: We've killed another critical hard-coded root password bug, patch urgently
  36. Virobot Malware Emerges
  37. Report: Microsoft misses disclosure deadline to patch RCE bug in JET
  38. Freelance workers targeted in new malware campaign
  39. Viborot ransomware comes with a botnet
  40. Scottish brewery ransomware attack leverages job opening
  41. Arran Brewery Hits Massive Ransomware Attack – Warned Other Companies to Stay Safe
  42. Western Digital resolves year-old password bypass bug in My Cloud NAS devices
  43. Cisco Patched Critical Vulnerability In Its Video Surveillance Manager Software
  44. Bug Exposed Direct Messages of Millions of Twitter Users
  45. A bug in Twitter Account Activity API exposed users messages to wrong developers
  46. Thousands of WordPress sites are infected with the malicious code

CRIME

  1. Pennsylvania Senate Democrats paid $700,000 to recover from ransomware attack
  2. Join our LIVE Webcast with @SCMagazine on 9/25: #Cryptomining: The Next #Malware Attack >>> register now   <<<
  3. Cybercriminals Target Kodi Media Player for Malware Distribution
  4. Cybersecurity Has Become a Major Liability for Online Retailers
  5. Operator of hackers' favorite malware scanning service gets 14 years in prison
  6. Hacker Sentenced for Running “Scan4you” Malware Scanning Service
  7. Unraveling Emotet's Latest Macro Obfuscation
  8. Ransomware, Fileless Attacks and Cold Boot the Current Trend
  9. Arran Brewery Hits Massive Ransomware Attack – Warned Other Companies to Stay Safe

POLITICS

  1. macOS Mojave Privacy Bypass Flaw Allows Access to Protected Files
at
Labels: