Sep 22, 2018

Threat report for 2018-09-21

DATA BREACH

  1. What Are Honeywords? Password Protection for Database Breaches
  2. Snap! Microsoft database flaw, internet to split? Plus, asteroid probed
  3. Twitter Flaw Exposed Direct Messages To External Developers
  4. Twitter Flaw Exposed Direct Messages To External Developers
  5. Twitter API bug leaked private data to other accounts
  6. The @aberdeengroup analyzed the likelihood and business impact of #phishing attacks based on lost productivity of 1,000 users with a confirmed #databreach of between 100k - 1m records, for 10 different industries. Download the @cyreninc #whitepaper here
  7. Independence Blue Cross Breach Exposed 17K Records
  8. Independence Blue Cross Breach Exposed 17K Records  …
  9. Newegg leaked credit card information for more than a month
  10. ZDI Shares Details of Microsoft JET Database Zero-Day
  11. Fully 61 percent of ASX100 exposed as email fraud gets personal
  12. Pegasus spyware spotted in 45 countries, many with questionable human rights records
  13. ICO to Fine Equifax £500,000 for 2017 Data Breach   via @DMBisson #GDPR #databreach
  14. Adams County clerk resigns over role in data breach
  15. SC Media September Product Reviews: Threat Intelligence Recorded Future l
  16. 0Day Windows JET Database Vulnerability disclosed by Zero Day Initiative
  17. Who ate all the PII? Not the blockchain, thankfully
  18. Tick-tock, tick-tock. Oh, that's just the sound of compromised logins waiting to ruin your day
  19. Equifax IT staff had to rerun hackers' database queries to work out what was nicked – audit
  20. Veeam holds its hands up, admits database leak was plain 'complacency'
  21. Back up a minute: Veeam database config snafu exposed millions of customer records
  22. Law firm seeking leak victims to launch £500m suit at British Airways
  23. #SecurityNews: The Information Commissioner’s Office (ICO) has fined #Equifax £500K after the 2017 #databreach. For the 2nd time the #ICO has issued a max fine after the credit agency exposed data on 15 million UK customers. Read more here:   #
  24. SingHealth data breach reveals several 'inadequate' security measures
  25. Cisco releases fixes for remote code execution flaws in Webex Network Recording Player
  26. ICO Slaps Equifax with Maximum Fine for the 2017 Data Breach
  27. Cisco fixes Remote Code Execution flaws in Webex Network Recording Player
  28. MageCart Hacked Customers’ In NewEgg Credit Card Data Breach
  29. ZDI Exposed Unpatched Microsoft RCE Zero-day Flaw in Public After it Crossed the 120 Days Deadline
  30. ICO to Fine Equifax £500,000 for 2017 Data Breach   via @DMBisson #databreach #GDPR
  31. Magecart’s Next Attack Resulted In ABS-CBN Data Breach
  32. £500k fine for Equifax 2017 data breach

DENIAL-OF-SERVICE

  1. New Virobot Ransomware and Botnet Emerges
  2. New Virobot ransomware will also log keystrokes, add PC to a spam botnet
  3. Apache Struts and SonicWall Targeted by Mirai and Gafgyt Botnets
  4. Virobot Ransomware with Botnet Capability Breaks Through
  5. No, the Mirai botnet masters aren't going to jail. Why? 'Cos they help Feds nab cyber-crims
  6. ZombieBoy
  7. The makers of the Mirai IoT-hijacking botnet are sentenced   via @gcluley #DDoS #FBI
  8. Mirai Botnet Creators To Help Law Enforcement Agencies On Cybercrime Investigations
  9. The makers of the Mirai IoT-hijacking botnet are sentenced   via @gcluley #botnets #Mirai

MALVERTISING

  1. This blog post explores how #malvertising works and identifies key defense strategies for #businesses  … #malware #cyberattacks

DATA LEAK

Nothing to report

PHISHING

  1. What Are Honeywords? Password Protection for Database Breaches
  2. Spam or Phish? How to Tell the Difference Between a Marketing Email and a Malicious Spam Email
  3. Phishing finance apps make way back into Google Play
  4. The @aberdeengroup analyzed the likelihood and business impact of #phishing attacks based on lost productivity of 1,000 users with a confirmed #databreach of between 100k - 1m records, for 10 different industries. Download the @cyreninc #whitepaper here
  5. Securing industrial IoT passwords: For Pete's sake, engineers, don't all jump in at once
  6. Tick-tock, tick-tock. Oh, that's just the sound of compromised logins waiting to ruin your day
  7. Solid password practice on Capital One's site? Don't bank on it
  8. When is a patch not a patch? When it's for this McAfee password bug
  9. Warning issued as Netflix subscribers hit by phishing attack
  10. Security data reveals worldwide malicious login attempts are on the rise
  11. AD FS 2016 Password Change from non workplace joined devices
  12. The most used email subjects used in phishing attacks
  13. AdGuard resets all user passwords after credential stuffing attack

WEB DEFACEMENT

Nothing to report

MALWARE

  1. Brewery breach: Not even beer is safe from ransomware
  2. The Week in Ransomware – September 21st 2018 – Beer, Airports, & Dharma
  3. PMP®️ Domain Information & Overview
  4. Gamma, Bkp, & Monro Dharma Ransomware Variants Released in One Week
  5. Spam or Phish? How to Tell the Difference Between a Marketing Email and a Malicious Spam Email
  6. Romanian Citizen Admits Guilt in Police Department Ransomware Attack   via @DMBisson #police #ransomware
  7. Malware Disguised as Job Offers Distributed on Freelance Sites
  8. Romanian Hacker Pleads Guilty for Role in Inauguration Surveillance Ransomware
  9. Proofpoint: One month out from deadline, half of agency domains are #DMARC compliant   via CyberScoopNews #FinSec
  10. Delphi Packer Looks for Human Behavior Before Deploying Payload
  11. Delphi Packer Looks for Human Behavior Before Deploying Payload
  12. The Week in Ransomware - September 21st 2018 - Beer, Airports, & Dharma
  13. Operator of 'VirusTotal for criminals' gets 14-year prison sentence
  14. Gamma, Bkp, & Monro Dharma Ransomware Variants Released in One Week
  15. New Virobot Ransomware and Botnet Emerges
  16. Staying King Krab: GandCrab Malware Keeps a Step Ahead of Network Defenses
  17. Malware Disguised as Job Offers Distributed on Freelance Sites
  18. New Virobot ransomware will also log keystrokes, add PC to a spam botnet
  19. Security news: All-in-one malware out, GovPayNow drops the ball on security, and Newegg suffers a crack | Avast
  20. Romanian Hacker Pleads Guilty for Role in Inauguration Surveillance Ransomware
  21. Pegasus spyware spotted in 45 countries, many with questionable human rights records
  22. Discover how Tripwire Malware Detection... - Protects against zero-day exploits and other known threats. - Offers an enterprise view of suspicious malware objects across all monitored systems. - Protects from repeat #malware attacks. Learn more here:
  23. Legitimate RATs Pose Serious Risk to Industrial Systems
  24. Crooks turn to Delphi packers to evade malware detection
  25. This blog post explores how #malvertising works and identifies key defense strategies for #businesses  … #malware #cyberattacks
  26. Malware Businesses Blending the Legitimate and the Illegitimate
  27. Avoidable mistakes lead to iOS cryptomining attacks
  28. Romanian Citizen Admits Guilt in Police Department Ransomware Attack   via @DMBisson #ransomware #police
  29. Thousands of WordPress sites backdoored with malicious code
  30. Virobot Ransomware with Botnet Capability Breaks Through
  31. DMARC Fully Implemented on Two Thirds of U.S. Government Domains
  32. Guilty: The Romanian ransomware mastermind who infected Trump inauguration CCTV cams
  33. FDIC: Supervisory Approach to Payment Processing Relationships with Merchant Customers
  34. MassMiner Malware Targeting Web Servers
  35. Malware Analysis using Osquery Part 2
  36. Off-the-shelf RATs Targeting Pakistan
  37. Malware Analysis using Osquery Part 1
  38. Malicious Documents from Lazarus Group Targeting South Korea
  39. GZipDe: An Encrypted Downloader Serving Metasploit
  40. Satan Ransomware Spawns New Methods to Spread
  41. Woman Pleads Guilty to DC CCTV Ransomware Blitz
  42. Woman Pleads Guilty to DC CCTV Ransomware Blitz  …
  43. Report: Cryptomining malware detections up more than 459 percent since 2017
  44. The most dangerous mobile spyware, Pegasus that has infected 45 countries
  45. Security data reveals worldwide malicious login attempts are on the rise
  46. Why voice fraud rates continue to rise with no signs of slowing down

EXPLOIT

  1. Discover how Tripwire Malware Detection... - Protects against zero-day exploits and other known threats. - Offers an enterprise view of suspicious malware objects across all monitored systems. - Protects from repeat #malware attacks. Learn more here:
  2. Docker fave Alpine Linux suffers bug miscreants can exploit to poison containers
  3. New Hacker Exploits and How to Fight Them

VULNERABILITY

  1. Western Digital Releases Hotfix for My Cloud Auth Bypass Vulnerability
  2. Critical Vulnerability Found in Cisco Video Surveillance Manager
  3. Critical Vulnerability Found in Cisco Video Surveillance Manager
  4. Expert disclosed an unpatched zero-day flaw in all supported versions of Microsoft Windows
  5. Snap! Microsoft database flaw, internet to split? Plus, asteroid probed
  6. Bug allowing unlimited spiceups in "Answer Question" section
  7. Optional Cumulative Update KB4457139 for Windows 7 Released With Bug Fixes
  8. Twitter Flaw Exposed Direct Messages To External Developers
  9. Twitter Flaw Exposed Direct Messages To External Developers
  10. Twitter API bug leaked private data to other accounts
  11. Western Digital Releases Hotfix for My Cloud Auth Bypass Vulnerability
  12. Twitter notifies users about API bug that shared DMs with wrong devs
  13. Optional Cumulative Update KB4457139 for Windows 7 Released With Bug Fixes
  14. ZDI Shares Details of Microsoft JET Database Zero-Day
  15. Flaw in Western Digital My Cloud exposes the content to hackers
  16. Twitter Bug May Have Sent your Direct Messages to Twitter Developers As Well
  17. Unpatched Microsoft Zero-Day in JET Allows Remote Code-Execution
  18. Discover how Tripwire Malware Detection... - Protects against zero-day exploits and other known threats. - Offers an enterprise view of suspicious malware objects across all monitored systems. - Protects from repeat #malware attacks. Learn more here:
  19. Bitcoin flaw could have allowed dreaded 51% takeover
  20. 0Day Windows JET Database Vulnerability disclosed by Zero Day Initiative
  21. Microsoft's Jet crash: Zero-day flaw drops after deadline passes
  22. Patch for EE's 4G Wi-Fi mini modem nails local privilege escalation flaw
  23. 'I am admin' bug turns WD's My Cloud boxes into Everyone's Cloud
  24. Docker fave Alpine Linux suffers bug miscreants can exploit to poison containers
  25. When is a patch not a patch? When it's for this McAfee password bug
  26. More Details on an ActiveX Vulnerability Recently Used to Target Users in South Korea
  27. Researcher Discloses New Zero-Day Affecting All Versions of Windows
  28. Rockwell Automation Patches Severe Flaws in Communications Software
  29. Cisco releases fixes for remote code execution flaws in Webex Network Recording Player
  30. Google Cloud Service launches automatic scanning of container vulnerabilities to enhance cloud environment security
  31. CVE-2018-14829: Rockwell Automation Stack Overflow High Risk Vulnerability
  32. Adobe Addresses a Number of Critical Remote Execution Vulnerabilities
  33. Trend Micro Zero Day team discloses unpatched Microsoft Jet RCE vulnerability
  34. Singapore to offer bug bounty, set up Asean cybersecurity centre
  35. Cisco fixes Remote Code Execution flaws in Webex Network Recording Player
  36. ZDI Exposed Unpatched Microsoft RCE Zero-day Flaw in Public After it Crossed the 120 Days Deadline
  37. iOS Webkit flaw found that forces iPhone restart
  38. Flaw in 4GEE WiFi Modem Could Leave Your Computer Vulnerable
  39. Authentication Bypass Vulnerability Disclosed in Western Digital My Cloud NAS Devices
at
Labels: