Oct 31, 2018

APT report for 2018-10-30

TRANSNATIONAL / UNKNOWN

  1. Treat or Trick? Six Dangerous Digital Threats Dressed up As Irresistible Treats

CHINA

  1. MadoMiner Part 2 - Mask

INDIA

Nil

NORTH KOREA

Nil

PAKISTAN

Nil

VIETNAM

Nil

IRAN

Nil

IRAQ

Nil

LEBANON

Nil

PALESTINE

Nil

SAUDI ARABIA

Nil

SYRIA

Nil

TURKEY

Nil

UNITED ARAB EMIRATES

Nil

YEMEN

Nil

RUSSIA

Nil

SERBIA

Nil

UKRAINE

Nil
at
Labels:

Platform report for 2018-10-30

WINDOWS

  1. Fallout Exploit Kit Releases the Kraken Ransomware on Its Victims
  2. Kraken Cryptor Ransomware Gains Popularity Among Cybercriminals
  3. Apple Fixes Creepy FaceTime Vulnerability, Crash Bug in macOS, and More
  4. Zero-day Windows Deletebug: How to squash this ‘low-quality' pest
  5. Ransomware Threat Continues: How Infections Take Place
  6. Windows Zero-Day Vulnerability Disclosed
  7. Treat or Trick? Six Dangerous Digital Threats Dressed up As Irresistible Treats
  8. The analysis of the attack which uses Excel 4.0 macro to avoid antivirus software detection
  9. MadoMiner Part 2 - Mask
  10. Windows 10 Bug Let UWP Apps Access All Files Without Users' Consent
  11. Feature to attach video to Word files could be used to send malicious code

LINUX

  1. CVE-2018-15688: systemd remote code execution vulnerability affects Linux machines
  2. An Update on the jQuery-File-Upload Vulnerability
  3. Libssh Vulnerability Leaves Servers Open to Unauthorized Access
  4. Demonbot targets cloud servers for DDoS attacks
  5. New Botnet That Targets Cloud Servers for DDoS Attacks
  6. Multiple Linux distributions affected by new vulnerability

UNIX

  1. Multiple Linux distributions affected by new vulnerability

ANDROID

  1. Malicious Apps Removed From Google Play Store
  2. Treat or Trick? Six Dangerous Digital Threats Dressed up As Irresistible Treats
  3. Cell Phone Security and Heads of State
  4. Prominent #malspam #Nymaim campaign with #BankBot #Anubis for Android UA. APK's dropped from hxxp://pobierz48[.]tk/ SHA256: e0d17f4ff0196c6527f8aa47b3ef220d0f4e712805f99d38a0804f3ea9506ece @ThreatFabric @virqdroid @LukasStefanko @
  5. Another #BianLian Android banking #Trojan in #GooglePlay showing his other face by dropping #RedAlert v2.1 CC @Bank_Security @

IOS

  1. Apple Fixes Creepy FaceTime Vulnerability, Crash Bug in macOS, and More
  2. Cell Phone Security and Heads of State

MACOS

  1. Apple Fixes Creepy FaceTime Vulnerability, Crash Bug in macOS, and More
  2. macOS Cryptomining Malware on the Rise
at
Labels:

Threat report for 2018-10-30

DATA BREACH & DATA LOSS

  1. How database hacks could impact elections and voters' fears
  2. Girl Scouts data breach exposed personal information of 2,800 members
  3. How database hacks could impact elections and voters' fears
  4. Parties Seek to Settle Yahoo Data Breach Class Action for $50M
  5. Center for Internet Security looks to expand threat sharing program to political campaigns
  6. Internet-Exposed HMIs Put Energy, Water Facilities at Risk: Report
  7. New SamSam ransomware campaign aims at targets across the US
  8. An Update on the jQuery-File-Upload Vulnerability
  9. Millions of Voter Records Up for Sale Ahead of the US Midterm Elections
  10. Prominent #malspam #Nymaim campaign with #BankBot #Anubis for Android UA. APK's dropped from hxxp://pobierz48[.]tk/ SHA256: e0d17f4ff0196c6527f8aa47b3ef220d0f4e712805f99d38a0804f3ea9506ece @ThreatFabric @virqdroid @LukasStefanko @
  11. Disrupting the Flow: Exposed and Vulnerable Water and Energy Infrastructures
  12. Thousands of critical energy and water systems exposed online for anyone to exploit
  13. If it's only able to leak data at 15 bits per hour, is #NetSpectre a serious threat? Learn more about
  14. An email hack affecting the Girl Scouts of Orange County, Calif. may have compromised the personal data of 2,800 members
  15. La tua azienda รจ davvero preparata in caso di data breach?
  16. By me @Forbes: 81.5M Voter Records For Sale On Dark Web Ahead Of Midterm Elections
  17. Compression File Formats of the past Come Haunting in Spam Campaigns
  18. Biggest data breach penalties for 2018
  19. New McAfee Report Reveals Data in the Cloud More Exposed Than Organizations Think

DENIAL-OF-SERVICE

  1. Judge Ordered Man to Pay $8 Million for Launching a DDoS Attack Against Rutgers
  2. Demonbot targets cloud servers for DDoS attacks
  3. New Botnet That Targets Cloud Servers for DDoS Attacks
  4. Anonymous knocks out Gabon government sites with DoS attack
  5. Prominent #malspam #Nymaim campaign with #BankBot #Anubis for Android UA. APK's dropped from hxxp://pobierz48[.]tk/ SHA256: e0d17f4ff0196c6527f8aa47b3ef220d0f4e712805f99d38a0804f3ea9506ece @ThreatFabric @virqdroid @LukasStefanko @

MALVERTISING

Nil

PHISHING

  1. 4 tips to keep safe when phishing for treats this Halloween
  2. AI-Facilitated Product Aims to Stop Spear-Phishing Attacks
  3. INKY emerges from stealth with email spoofing, phishing protection service
  4. Is it a Phish? Halloween Edition
  5. There are plenty of different types of phishing attacks, but they all rely on the same basic mechanism: exploiting human
  6. Report on Phishing Attack Shows Microsoft, Paypal as well as Netflix as the Top Targets
  7. Cofense Triggers its Increased Phishing Defense Services

WEB DEFACEMENT

Nil

BOTNET

  1. Bushido Botnet Offered as MaaS
  2. New Botnet That Targets Cloud Servers for DDoS Attacks
  3. The author of the Mirai botnet gets six months of house arrest
  4. The Russian built #VPNFilter #botnet was previously taken down after 500,000 routers were infected. However, recently it attempted a comeback.
  5. Recently discovered DemonBot Botnet targets Hadoop servers

RANSOMWARE

  1. Fallout Exploit Kit Releases the Kraken Ransomware on Its Victims
  2. Kraken Cryptor Ransomware Gains Popularity Among Cybercriminals
  3. SamSam ransomware group has hit 67 organizations in 2018, researchers say
  4. Ransomware Threat Continues: How Infections Take Place
  5. New SamSam ransomware campaign aims at targets across the US
  6. GandCrab: The Most Popular Multi-Million Dollar Ransomware of the Year
  7. SamSam: Targeted Ransomware Attacks Continue
  8. Threat Report: Jaff Ransomware Causes Havoc
  9. CommonRansom Ransomware Demands RDP Access to Decrypt Files

CRYPTOMINING & CRYPTOCURRENCIES

  1. Fallout Exploit Kit Releases the Kraken Ransomware on Its Victims
  2. Kraken Cryptor Ransomware Gains Popularity Among Cybercriminals
  3. Bitcoin Dealer Who Operated Unlicensed Bitcoin Exchange Faces Five Years in Jail
  4. Kraken Resurfaces From the Deep Web
  5. macOS Cryptomining Malware on the Rise
  6. 3 Reasons Enterprises Are Moving to Decentralized Blockchain Applications
  7. Widely Used Cryptocurrency App Launching 2 Different Powerful Backdoor on Mac Users

MALWARE

  1. Malware Targeting Smartphones via Three DSP Providers
  2. GPlayed Trojan's Baby Brother Is After Your Bank Account
  3. macOS Cryptomining Malware on the Rise
  4. Malware Infection at USGS Traced to Employee’s Habit of Viewing Adult Content
  5. Malicious Apps Removed From Google Play Store
  6. .@FireEye security researchers claimed the Russian government was 'most likely' behind the #Triton #Malware attack on an industrial control system
  7. Employee Watched Porn at Work via 9000 Web pages Drops Malware on U.S Government Network
  8. A fed visited 9,000 porn sites, infecting government networks with Russian malware
  9. GPlayed Trojan's baby brother is after your bank account
  10. Nastiest malware of 2018: Top attack payloads wreaking havoc
  11. Snakes in the grass! Malicious code slithers into Python PyPI repository
  12. The analysis of the attack which uses Excel 4.0 macro to avoid antivirus software detection
  13. Prominent #malspam #Nymaim campaign with #BankBot #Anubis for Android UA. APK's dropped from hxxp://pobierz48[.]tk/ SHA256: e0d17f4ff0196c6527f8aa47b3ef220d0f4e712805f99d38a0804f3ea9506ece @ThreatFabric @virqdroid @LukasStefanko @
  14. How to Be Protected from Malicious Message Crashing PS4 Console
  15. Another #BianLian Android banking #Trojan in #GooglePlay showing his other face by dropping #RedAlert v2.1 CC @Bank_Security @
  16. Widely Used Cryptocurrency App Launching 2 Different Powerful Backdoor on Mac Users
  17. Attackers getting better at quickly generating countless versions of existing #malware #antivirus @MariaKorolov -
  18. Malicious hackers and their interest in bypassing CAPTCHA
  19. Feature to attach video to Word files could be used to send malicious code
  20. Most Important Security Tools and Resources For Security Researcher and Malware Analyst
  21. A good insight for Europeans on the process of the US mid-term elections and whether or it they are hackable

EXPLOIT

  1. Fallout Exploit Kit Releases the Kraken Ransomware on Its Victims
  2. Thousands of critical energy and water systems exposed online for anyone to exploit

VULNERABILITY

  1. Apple Fixes Creepy FaceTime Vulnerability, Crash Bug in macOS, and More
  2. Talos Vulnerability Discovery Year in Review – 2018
  3. CVE-2018-15688: systemd remote code execution vulnerability affects Linux machines
  4. A #RemoteCodeExecution flaw in @Cisco Webex -- called WebExec -- could be an easy vector for insider attacks, and the
  5. Zero-day Windows Deletebug: How to squash this ‘low-quality' pest
  6. Microsoft Office Vulnerability Found, Check Point Research To The Rescue
  7. An Update on the jQuery-File-Upload Vulnerability
  8. Libssh Vulnerability Leaves Servers Open to Unauthorized Access
  9. Windows Zero-Day Vulnerability Disclosed
  10. .@Siemens SICLOCK central plant clocks were recently found to be affected by several vulnerabilities, some of which have been rated
  11. Talos Vulnerability Discovery Year in Review - 2018
  12. 92% of External Web Apps Have Exploitable Security Flaws or Weaknesses: Report
  13. Windows 10 Bug Let UWP Apps Access All Files Without Users' Consent
  14. Unpatched MS Word Flaw Could Allow Hackers to Infect Your Computer
  15. Multiple Linux distributions affected by new vulnerability
  16. Spring Framework 5.1.2 releases: bugs fix
at
Labels:

Region brief for 2018-10-30

ASIA

  1. Fallout Exploit Kit Releases the Kraken Ransomware on Its Victims
  2. Kraken Cryptor Ransomware Gains Popularity Among Cybercriminals
  3. Parties Seek to Settle Yahoo Data Breach Class Action for $50M
  4. macOS Cryptomining Malware on the Rise
  5. Ransomware Threat Continues: How Infections Take Place
  6. .@FireEye security researchers claimed the Russian government was 'most likely' behind the #Triton #Malware attack on an industrial control system
  7. Cell Phone Security and Heads of State
  8. Disrupting the Flow: Exposed and Vulnerable Water and Energy Infrastructures

OCEANIA

Nil

NORTH AMERICA

  1. Kraken Cryptor Ransomware Gains Popularity Among Cybercriminals
  2. Girl Scouts data breach exposed personal information of 2,800 members
  3. SamSam ransomware group has hit 67 organizations in 2018, researchers say
  4. Parties Seek to Settle Yahoo Data Breach Class Action for $50M
  5. Bitcoin Dealer Who Operated Unlicensed Bitcoin Exchange Faces Five Years in Jail
  6. Malware Targeting Smartphones via Three DSP Providers
  7. macOS Cryptomining Malware on the Rise
  8. Malware Infection at USGS Traced to Employee’s Habit of Viewing Adult Content
  9. Ransomware Threat Continues: How Infections Take Place
  10. New SamSam ransomware campaign aims at targets across the US
  11. Employee Watched Porn at Work via 9000 Web pages Drops Malware on U.S Government Network
  12. Treat or Trick? Six Dangerous Digital Threats Dressed up As Irresistible Treats
  13. SamSam: Targeted Ransomware Attacks Continue
  14. Is it a Phish? Halloween Edition
  15. Threat Report: Jaff Ransomware Causes Havoc
  16. Cell Phone Security and Heads of State
  17. Millions of Voter Records Up for Sale Ahead of the US Midterm Elections
  18. There are plenty of different types of phishing attacks, but they all rely on the same basic mechanism: exploiting human
  19. 92% of External Web Apps Have Exploitable Security Flaws or Weaknesses: Report
  20. Disrupting the Flow: Exposed and Vulnerable Water and Energy Infrastructures
  21. The author of the Mirai botnet gets six months of house arrest
  22. A good insight for Europeans on the process of the US mid-term elections and whether or it they are hackable

SOUTH AMERICA

  1. Fallout Exploit Kit Releases the Kraken Ransomware on Its Victims
  2. Kraken Cryptor Ransomware Gains Popularity Among Cybercriminals
  3. Ransomware Threat Continues: How Infections Take Place

EUROPE

  1. Fallout Exploit Kit Releases the Kraken Ransomware on Its Victims
  2. Kraken Cryptor Ransomware Gains Popularity Among Cybercriminals
  3. .@FireEye security researchers claimed the Russian government was 'most likely' behind the #Triton #Malware attack on an industrial control system
  4. Treat or Trick? Six Dangerous Digital Threats Dressed up As Irresistible Treats
  5. A fed visited 9,000 porn sites, infecting government networks with Russian malware
  6. Threat Report: Jaff Ransomware Causes Havoc
  7. Cell Phone Security and Heads of State
  8. Disrupting the Flow: Exposed and Vulnerable Water and Energy Infrastructures
  9. The author of the Mirai botnet gets six months of house arrest
  10. The Russian built #VPNFilter #botnet was previously taken down after 500,000 routers were infected. However, recently it attempted a comeback.

AFRICA

  1. Cell Phone Security and Heads of State
  2. Anonymous knocks out Gabon government sites with DoS attack
at
Labels:

Sector brief for 2018-10-30

HEALTHCARE

  1. SamSam ransomware group has hit 67 organizations in 2018, researchers say
  2. Is it a Phish? Halloween Edition
  3. An email hack affecting the Girl Scouts of Orange County, Calif. may have compromised the personal data of 2,800 members

TRANSPORT

  1. Spring Framework 5.1.2 releases: bugs fix

BANKING & FINANCE

  1. Fallout Exploit Kit Releases the Kraken Ransomware on Its Victims
  2. Kraken Cryptor Ransomware Gains Popularity Among Cybercriminals
  3. Parties Seek to Settle Yahoo Data Breach Class Action for $50M
  4. Bitcoin Dealer Who Operated Unlicensed Bitcoin Exchange Faces Five Years in Jail
  5. GPlayed Trojan's Baby Brother Is After Your Bank Account
  6. Ransomware Threat Continues: How Infections Take Place
  7. GandCrab: The Most Popular Multi-Million Dollar Ransomware of the Year
  8. Treat or Trick? Six Dangerous Digital Threats Dressed up As Irresistible Treats
  9. GPlayed Trojan's baby brother is after your bank account
  10. Nastiest malware of 2018: Top attack payloads wreaking havoc
  11. Threat Report: Jaff Ransomware Causes Havoc
  12. CommonRansom Ransomware Demands RDP Access to Decrypt Files
  13. Another #BianLian Android banking #Trojan in #GooglePlay showing his other face by dropping #RedAlert v2.1 CC @Bank_Security @

INFORMATION & TELECOMMUNICATION

  1. Fallout Exploit Kit Releases the Kraken Ransomware on Its Victims
  2. macOS Cryptomining Malware on the Rise
  3. Zero-day Windows Deletebug: How to squash this ‘low-quality' pest
  4. Ransomware Threat Continues: How Infections Take Place
  5. INKY emerges from stealth with email spoofing, phishing protection service
  6. Is it a Phish? Halloween Edition
  7. MadoMiner Part 2 - Mask
  8. Prominent #malspam #Nymaim campaign with #BankBot #Anubis for Android UA. APK's dropped from hxxp://pobierz48[.]tk/ SHA256: e0d17f4ff0196c6527f8aa47b3ef220d0f4e712805f99d38a0804f3ea9506ece @ThreatFabric @virqdroid @LukasStefanko @
  9. Disrupting the Flow: Exposed and Vulnerable Water and Energy Infrastructures
  10. An email hack affecting the Girl Scouts of Orange County, Calif. may have compromised the personal data of 2,800 members
  11. Another #BianLian Android banking #Trojan in #GooglePlay showing his other face by dropping #RedAlert v2.1 CC @Bank_Security @
  12. Multiple Linux distributions affected by new vulnerability
  13. Feature to attach video to Word files could be used to send malicious code
  14. New McAfee Report Reveals Data in the Cloud More Exposed Than Organizations Think
  15. A good insight for Europeans on the process of the US mid-term elections and whether or it they are hackable

FOOD

Nil

WATER

  1. Disrupting the Flow: Exposed and Vulnerable Water and Energy Infrastructures

ENERGY

  1. Internet-Exposed HMIs Put Energy, Water Facilities at Risk: Report
  2. Cell Phone Security and Heads of State
  3. Disrupting the Flow: Exposed and Vulnerable Water and Energy Infrastructures
  4. Thousands of critical energy and water systems exposed online for anyone to exploit

GOVERNMENT & PUBLIC SERVICE

  1. How database hacks could impact elections and voters' fears
  2. How database hacks could impact elections and voters' fears
  3. Center for Internet Security looks to expand threat sharing program to political campaigns
  4. Ransomware Threat Continues: How Infections Take Place
  5. .@FireEye security researchers claimed the Russian government was 'most likely' behind the #Triton #Malware attack on an industrial control system
  6. Employee Watched Porn at Work via 9000 Web pages Drops Malware on U.S Government Network
  7. A fed visited 9,000 porn sites, infecting government networks with Russian malware
  8. Cell Phone Security and Heads of State
  9. Millions of Voter Records Up for Sale Ahead of the US Midterm Elections
  10. Anonymous knocks out Gabon government sites with DoS attack
  11. The author of the Mirai botnet gets six months of house arrest
  12. By me @Forbes: 81.5M Voter Records For Sale On Dark Web Ahead Of Midterm Elections
  13. A good insight for Europeans on the process of the US mid-term elections and whether or it they are hackable
at
Labels:

Daily brief for 2018-10-30

ASIA

  1. Fallout Exploit Kit Releases the Kraken Ransomware on Its Victims
  2. Kraken Cryptor Ransomware Gains Popularity Among Cybercriminals
  3. Parties Seek to Settle Yahoo Data Breach Class Action for $50M
  4. macOS Cryptomining Malware on the Rise
  5. Ransomware Threat Continues: How Infections Take Place
  6. .@FireEye security researchers claimed the Russian government was 'most likely' behind the #Triton #Malware attack on an industrial control system
  7. Cell Phone Security and Heads of State
  8. Disrupting the Flow: Exposed and Vulnerable Water and Energy Infrastructures

WORLD

  1. Fallout Exploit Kit Releases the Kraken Ransomware on Its Victims
  2. Kraken Cryptor Ransomware Gains Popularity Among Cybercriminals
  3. Girl Scouts data breach exposed personal information of 2,800 members
  4. SamSam ransomware group has hit 67 organizations in 2018, researchers say
  5. Parties Seek to Settle Yahoo Data Breach Class Action for $50M
  6. Bitcoin Dealer Who Operated Unlicensed Bitcoin Exchange Faces Five Years in Jail
  7. Malware Targeting Smartphones via Three DSP Providers
  8. macOS Cryptomining Malware on the Rise
  9. Malware Infection at USGS Traced to Employee’s Habit of Viewing Adult Content
  10. Ransomware Threat Continues: How Infections Take Place
  11. New SamSam ransomware campaign aims at targets across the US
  12. .@FireEye security researchers claimed the Russian government was 'most likely' behind the #Triton #Malware attack on an industrial control system
  13. Employee Watched Porn at Work via 9000 Web pages Drops Malware on U.S Government Network
  14. Treat or Trick? Six Dangerous Digital Threats Dressed up As Irresistible Treats
  15. SamSam: Targeted Ransomware Attacks Continue
  16. Is it a Phish? Halloween Edition
  17. A fed visited 9,000 porn sites, infecting government networks with Russian malware
  18. Threat Report: Jaff Ransomware Causes Havoc
  19. Cell Phone Security and Heads of State
  20. Millions of Voter Records Up for Sale Ahead of the US Midterm Elections
  21. There are plenty of different types of phishing attacks, but they all rely on the same basic mechanism: exploiting human
  22. 92% of External Web Apps Have Exploitable Security Flaws or Weaknesses: Report
  23. Anonymous knocks out Gabon government sites with DoS attack
  24. Disrupting the Flow: Exposed and Vulnerable Water and Energy Infrastructures
  25. The author of the Mirai botnet gets six months of house arrest
  26. The Russian built #VPNFilter #botnet was previously taken down after 500,000 routers were infected. However, recently it attempted a comeback.
  27. A good insight for Europeans on the process of the US mid-term elections and whether or it they are hackable

ATTACKS

  1. 4 tips to keep safe when phishing for treats this Halloween
  2. How database hacks could impact elections and voters' fears
  3. Girl Scouts data breach exposed personal information of 2,800 members
  4. How database hacks could impact elections and voters' fears
  5. Parties Seek to Settle Yahoo Data Breach Class Action for $50M
  6. Center for Internet Security looks to expand threat sharing program to political campaigns
  7. AI-Facilitated Product Aims to Stop Spear-Phishing Attacks
  8. Internet-Exposed HMIs Put Energy, Water Facilities at Risk: Report
  9. New SamSam ransomware campaign aims at targets across the US
  10. An Update on the jQuery-File-Upload Vulnerability
  11. INKY emerges from stealth with email spoofing, phishing protection service
  12. Is it a Phish? Halloween Edition
  13. Millions of Voter Records Up for Sale Ahead of the US Midterm Elections
  14. There are plenty of different types of phishing attacks, but they all rely on the same basic mechanism: exploiting human
  15. Prominent #malspam #Nymaim campaign with #BankBot #Anubis for Android UA. APK's dropped from hxxp://pobierz48[.]tk/ SHA256: e0d17f4ff0196c6527f8aa47b3ef220d0f4e712805f99d38a0804f3ea9506ece @ThreatFabric @virqdroid @LukasStefanko @
  16. Disrupting the Flow: Exposed and Vulnerable Water and Energy Infrastructures
  17. Thousands of critical energy and water systems exposed online for anyone to exploit
  18. If it's only able to leak data at 15 bits per hour, is #NetSpectre a serious threat? Learn more about
  19. An email hack affecting the Girl Scouts of Orange County, Calif. may have compromised the personal data of 2,800 members
  20. La tua azienda รจ davvero preparata in caso di data breach?
  21. By me @Forbes: 81.5M Voter Records For Sale On Dark Web Ahead Of Midterm Elections
  22. Compression File Formats of the past Come Haunting in Spam Campaigns
  23. Report on Phishing Attack Shows Microsoft, Paypal as well as Netflix as the Top Targets
  24. Cofense Triggers its Increased Phishing Defense Services
  25. Biggest data breach penalties for 2018
  26. New McAfee Report Reveals Data in the Cloud More Exposed Than Organizations Think

THREATS

  1. Fallout Exploit Kit Releases the Kraken Ransomware on Its Victims
  2. Kraken Cryptor Ransomware Gains Popularity Among Cybercriminals
  3. SamSam ransomware group has hit 67 organizations in 2018, researchers say
  4. Apple Fixes Creepy FaceTime Vulnerability, Crash Bug in macOS, and More
  5. Talos Vulnerability Discovery Year in Review – 2018
  6. Bitcoin Dealer Who Operated Unlicensed Bitcoin Exchange Faces Five Years in Jail
  7. Kraken Resurfaces From the Deep Web
  8. Malware Targeting Smartphones via Three DSP Providers
  9. GPlayed Trojan's Baby Brother Is After Your Bank Account
  10. macOS Cryptomining Malware on the Rise
  11. CVE-2018-15688: systemd remote code execution vulnerability affects Linux machines
  12. A #RemoteCodeExecution flaw in @Cisco Webex -- called WebExec -- could be an easy vector for insider attacks, and the
  13. Zero-day Windows Deletebug: How to squash this ‘low-quality' pest
  14. Microsoft Office Vulnerability Found, Check Point Research To The Rescue
  15. Malware Infection at USGS Traced to Employee’s Habit of Viewing Adult Content
  16. Ransomware Threat Continues: How Infections Take Place
  17. New SamSam ransomware campaign aims at targets across the US
  18. An Update on the jQuery-File-Upload Vulnerability
  19. Libssh Vulnerability Leaves Servers Open to Unauthorized Access
  20. Windows Zero-Day Vulnerability Disclosed
  21. Malicious Apps Removed From Google Play Store
  22. .@FireEye security researchers claimed the Russian government was 'most likely' behind the #Triton #Malware attack on an industrial control system
  23. Employee Watched Porn at Work via 9000 Web pages Drops Malware on U.S Government Network
  24. GandCrab: The Most Popular Multi-Million Dollar Ransomware of the Year
  25. SamSam: Targeted Ransomware Attacks Continue
  26. A fed visited 9,000 porn sites, infecting government networks with Russian malware
  27. GPlayed Trojan's baby brother is after your bank account
  28. .@Siemens SICLOCK central plant clocks were recently found to be affected by several vulnerabilities, some of which have been rated
  29. Nastiest malware of 2018: Top attack payloads wreaking havoc
  30. Threat Report: Jaff Ransomware Causes Havoc
  31. Snakes in the grass! Malicious code slithers into Python PyPI repository
  32. CommonRansom Ransomware Demands RDP Access to Decrypt Files
  33. Talos Vulnerability Discovery Year in Review - 2018
  34. The analysis of the attack which uses Excel 4.0 macro to avoid antivirus software detection
  35. 92% of External Web Apps Have Exploitable Security Flaws or Weaknesses: Report
  36. Prominent #malspam #Nymaim campaign with #BankBot #Anubis for Android UA. APK's dropped from hxxp://pobierz48[.]tk/ SHA256: e0d17f4ff0196c6527f8aa47b3ef220d0f4e712805f99d38a0804f3ea9506ece @ThreatFabric @virqdroid @LukasStefanko @
  37. 3 Reasons Enterprises Are Moving to Decentralized Blockchain Applications
  38. How to Be Protected from Malicious Message Crashing PS4 Console
  39. Windows 10 Bug Let UWP Apps Access All Files Without Users' Consent
  40. Another #BianLian Android banking #Trojan in #GooglePlay showing his other face by dropping #RedAlert v2.1 CC @Bank_Security @
  41. Widely Used Cryptocurrency App Launching 2 Different Powerful Backdoor on Mac Users
  42. Attackers getting better at quickly generating countless versions of existing #malware #antivirus @MariaKorolov -
  43. Unpatched MS Word Flaw Could Allow Hackers to Infect Your Computer
  44. Multiple Linux distributions affected by new vulnerability
  45. Malicious hackers and their interest in bypassing CAPTCHA
  46. Feature to attach video to Word files could be used to send malicious code
  47. Spring Framework 5.1.2 releases: bugs fix
  48. Most Important Security Tools and Resources For Security Researcher and Malware Analyst
  49. A good insight for Europeans on the process of the US mid-term elections and whether or it they are hackable

CRIME

  1. 4 tips to keep safe when phishing for treats this Halloween
  2. Fallout Exploit Kit Releases the Kraken Ransomware on Its Victims
  3. Kraken Cryptor Ransomware Gains Popularity Among Cybercriminals
  4. Parties Seek to Settle Yahoo Data Breach Class Action for $50M
  5. Bitcoin Dealer Who Operated Unlicensed Bitcoin Exchange Faces Five Years in Jail
  6. Malware Targeting Smartphones via Three DSP Providers
  7. macOS Cryptomining Malware on the Rise
  8. Judge Ordered Man to Pay $8 Million for Launching a DDoS Attack Against Rutgers
  9. AI-Facilitated Product Aims to Stop Spear-Phishing Attacks
  10. Ransomware Threat Continues: How Infections Take Place
  11. Treat or Trick? Six Dangerous Digital Threats Dressed up As Irresistible Treats
  12. INKY emerges from stealth with email spoofing, phishing protection service
  13. Is it a Phish? Halloween Edition
  14. Bushido Botnet Offered as MaaS
  15. 3 Reasons Enterprises Are Moving to Decentralized Blockchain Applications
  16. The author of the Mirai botnet gets six months of house arrest
  17. Malicious hackers and their interest in bypassing CAPTCHA
  18. New McAfee Report Reveals Data in the Cloud More Exposed Than Organizations Think
  19. Spring Framework 5.1.2 releases: bugs fix

POLITICS

  1. How database hacks could impact elections and voters' fears
  2. How database hacks could impact elections and voters' fears
  3. SamSam ransomware group has hit 67 organizations in 2018, researchers say
  4. Center for Internet Security looks to expand threat sharing program to political campaigns
  5. Cell Phone Security and Heads of State
  6. Anonymous knocks out Gabon government sites with DoS attack
at
Labels:

Oct 30, 2018

APT report for 2018-10-29

TRANSNATIONAL / UNKNOWN

  1. Here's how to defend your enterprise from Magecart
  2. Breaking News: Securonix Threat Research: British Airways Breach
  3. Magecart Exploits Zero Day Vulnerabilities
  4. 'Narwhal Spider' group's spam campaign targets Japanese recipients with URLZone malware

CHINA

  1. Understanding mass data fragmentation

INDIA

Nil

NORTH KOREA

Nil

PAKISTAN

Nil

VIETNAM

Nil

IRAN

Nil

IRAQ

Nil

LEBANON

Nil

PALESTINE

Nil

SAUDI ARABIA

Nil

SYRIA

Nil

TURKEY

Nil

UNITED ARAB EMIRATES

Nil

YEMEN

Nil

RUSSIA

Nil

SERBIA

Nil

UKRAINE

  1. Cobalt Gang targets banks and financial service providers by sneaking PDFs past staff
at
Labels:

Platform report for 2018-10-29

WINDOWS

  1. SandboxEscaper expert is back and disclosed a new Windows Zero-Day
  2. Remote Denial of Service Vulnerability Patched in Squid Proxy Cache Server
  3. Downloading Google Chrome via Microsoft Edge Endangered by Malware
  4. X.Org Flaw Exposes Unix-Like OSes to Attacks
  5. Windows 10 UWP Bug Could Give Malicious Devs Access To All Your Files
  6. If your company uses Windows 10, watch out: there are new vulnerabilities about
  7. Advanced Malware Protection Affected by Bug That Can Inhibit Intrusion Detection
  8. Windows 10 UWP bug could give malicious devs access to all your files
  9. Windows 10 Bug Allowed UWP Apps Full Access to File System
  10. sLoad and Ramnit Campaign Against UK and Italy
  11. Malware That Accompanies Google Chrome Download Detected
  12. Same Old yet Brand-new: New File Types Emerge in Malware Spam Attachments
  13. Cisco patched a command injection vulnerability in Webex Meetings
  14. Microsoft Bing Delivered Dangerous Malware When You Try to Download Google Chrome

LINUX

  1. Remote Denial of Service Vulnerability Patched in Squid Proxy Cache Server
  2. X.Org Flaw Allows Privilege Escalation in Linux Systems
  3. X.Org Flaw Exposes Unix-Like OSes to Attacks
  4. Serious Vulnerability Discovered In X.Org Server Affects Major Linux and BSD Variants
  5. Systemd flaw could cause the crash or hijack of vulnerable Linux machines
  6. Cisco patched a command injection vulnerability in Webex Meetings

UNIX

  1. X.org Bug Bites OpenBSD And Other Big Operating Systems

ANDROID

  1. Beware! Downloader Malware Disguised as Game Apps Found On Google Play with More Than 51,100 Installations

IOS

  1. Leaked: iOS 12.1 will be released on October 30th

MACOS

  1. Mac CryptoCurrency Price Tracker Caught Installing Backdoors
  2. Mac cryptocurrency ticker app installs backdoors
  3. Remote Denial of Service Vulnerability Patched in Squid Proxy Cache Server
at
Labels:

Threat report for 2018-10-29

DATA BREACH & DATA LOSS

  1. Girl Scouts Issues Data Breach Warning to 2,800 Members
  2. Cathay Pacific Suffers World’s Largest Airline Data Breach
  3. sLoad and Ramnit Campaign Against UK and Italy
  4. Secret Service Confirms Focus on Email Compromise Cybercrimes Worth $12 Billion
  5. Girl Scouts Alerted to Possible Data Breach
  6. 'Narwhal Spider' group's spam campaign targets Japanese recipients with URLZone malware
  7. DDoS and ransomware tools for starter and experienced cybercriminals exposed
  8. Biggest Manufacturing Data Breaches of the 21st Century
  9. The Worst Data Breach till Now 2018, and What It Means
  10. Crooks continue to abuse exposed Docker APIs for Cryptojacking
  11. IoT users uncertain if personal data is shared across multiple devices
  12. Hackers Breach System of Healthcare.Gov Exposing Personal Data of 75,000 Users
  13. Hackers steal personal data of up to 9.4 million Cathay Pacific passengers
  14. Leaked: iOS 12.1 will be released on October 30th
  15. 33,000 Accounting Inbox Credentials Exposed Online: BEC Made Easy | Read the details here:

DENIAL-OF-SERVICE

  1. Remote Denial of Service Vulnerability Patched in Squid Proxy Cache Server
  2. Man Ordered to Pay $8.6 Million for Launching DDoS Attacks against Rutgers University
  3. Mirai Author Gets House Arrest for DDoS Attacks on University
  4. DDoS and ransomware tools for starter and experienced cybercriminals exposed

MALVERTISING

Nil

PHISHING

  1. Phishing spikes as private health continues to be most breached sector in Australia
  2. Nation-State Phishing: A Country-Sized Catch
  3. A new phishing report reveals Microsoft, Paypal, and Netflix are among the top brands impersonated by phishing attacks. Attackers tend to
  4. This is getting worse and worse. And is going to normalize and lead to much more successful phishing through SMS
  5. League of Legends Gamers Targeted by Phishing Scam | Avast
  6. What can we do to tackle today’s phishing epidemic?
  7. Das Geschรคft mit gestohlenen Login-Daten von Privatnutzern und Unternehmensanwendern boomt. US-Journalist Brian Krebs beziffert die "Ausbeute" bei mehreren 100.000 US-Dollar
  8. 19% still save their password on a piece of paper
  9. Vulnerability In Microsoft Word Online Video Feature Allows for Phishing

WEB DEFACEMENT

  1. Future Investment Initiative Conference Website, Defaced, Now Restored

BOTNET

  1. Mirai Botnet Operator Ordered to Pay $8.6 Million
  2. ‘DemonBot' Botnet Targets Hadoop Servers
  3. Rise of the Bots

RANSOMWARE

  1. The Ransomware Attack on a North Carolina Water Utility May Not Have Been What it Seemed
  2. Ransomware and the enterprise: A new white paper
  3. DDoS and ransomware tools for starter and experienced cybercriminals exposed
  4. #Antivirus SW alone can't stop new #malware or #ransomware. by @MariaKorolov -
  5. Have you ever wondered why #ransomware attacks happen on the Friday before a long weekend? We've teamed up with @SentinelOne

CRYPTOMINING & CRYPTOCURRENCIES

  1. Mac CryptoCurrency Price Tracker Caught Installing Backdoors
  2. Mac cryptocurrency ticker app installs backdoors
  3. Call of Duty players caught up in cryptocurrency theft racket
  4. Cyber-criminals exploit misconfigured container to deliver cryptominer
  5. Crooks continue to abuse exposed Docker APIs for Cryptojacking
  6. Revolutionary Blockchain 3.0 Under CSE Platform

MALWARE

  1. Videos and MS Office documents - ingredients for a malware attack
  2. Word documents seemingly carrying videos can deliver malicious code instead
  3. Downloading Google Chrome via Microsoft Edge Endangered by Malware
  4. Windows 10 UWP Bug Could Give Malicious Devs Access To All Your Files
  5. Advanced Malware Protection Affected by Bug That Can Inhibit Intrusion Detection
  6. Windows 10 UWP bug could give malicious devs access to all your files
  7. Malware That Accompanies Google Chrome Download Detected
  8. 'Narwhal Spider' group's spam campaign targets Japanese recipients with URLZone malware
  9. Vulnerability found in Sophos anti-malware product
  10. Privacy concerns cooling #InternetOfThings adoption in US & Europe, with consumers concerned about #DataLeaks, malware and product security (via @FSecure)
  11. Same Old yet Brand-new: New File Types Emerge in Malware Spam Attachments
  12. #Antivirus SW alone can't stop new #malware or #ransomware. by @MariaKorolov -
  13. Beware! Downloader Malware Disguised as Game Apps Found On Google Play with More Than 51,100 Installations
  14. Microsoft Bing Delivered Dangerous Malware When You Try to Download Google Chrome

EXPLOIT

  1. Researchers exploit Microsoft Word through embedded video
  2. Cyber-criminals exploit misconfigured container to deliver cryptominer
  3. Our adventures at @thezdi Pwn2Own Desktop 2018 for Apple Safari exploit whitepaper (https://labs.mwrinfosecurity.com/assets/BlogFiles/apple-safari-pwn2own-vuln-write-up-2018-10-29-final.pdf …) and @t2.fi slides release (https://labs.mwrinfosecurity.com/assets/BlogFiles/mwri-t2-big-game-fuzzing-pwn2own-safari-final.pdf …)

VULNERABILITY

  1. SandboxEscaper expert is back and disclosed a new Windows Zero-Day
  2. IoT Flaw Allows Hijacking of Connected Construction Cranes
  3. Remote Denial of Service Vulnerability Patched in Squid Proxy Cache Server
  4. X.Org Flaw Allows Privilege Escalation in Linux Systems
  5. X.Org Flaw Exposes Unix-Like OSes to Attacks
  6. Windows 10 UWP Bug Could Give Malicious Devs Access To All Your Files
  7. X.org Bug Bites OpenBSD And Other Big Operating Systems
  8. If your company uses Windows 10, watch out: there are new vulnerabilities about
  9. Advanced Malware Protection Affected by Bug That Can Inhibit Intrusion Detection
  10. Logical Bug in Microsoft Word's 'Online Video' Allows Code Execution
  11. Windows 10 UWP bug could give malicious devs access to all your files
  12. Windows 10 Bug Allowed UWP Apps Full Access to File System
  13. Magecart Exploits Zero Day Vulnerabilities
  14. Serious Vulnerability Discovered In X.Org Server Affects Major Linux and BSD Variants
  15. Security Vulnerability in Internet-Connected Construction Cranes
  16. Systemd flaw could cause the crash or hijack of vulnerable Linux machines
  17. Pentagon’s big audit will inspect for cybersecurity flaws, comptroller says
  18. Vulnerability found in Sophos anti-malware product
  19. Flaws in brain stimulation tech could let hackers erase or hold memories for ransom
  20. Cisco patched a command injection vulnerability in Webex Meetings
  21. Vulnerability In Microsoft Word Online Video Feature Allows for Phishing
at
Labels:

Region brief for 2018-10-29

ASIA

  1. Future Investment Initiative Conference Website, Defaced, Now Restored
  2. Cathay Pacific Suffers World’s Largest Airline Data Breach
  3. Serious Vulnerability Discovered In X.Org Server Affects Major Linux and BSD Variants
  4. 'Narwhal Spider' group's spam campaign targets Japanese recipients with URLZone malware
  5. Same Old yet Brand-new: New File Types Emerge in Malware Spam Attachments
  6. Revolutionary Blockchain 3.0 Under CSE Platform
  7. Leaked: iOS 12.1 will be released on October 30th

OCEANIA

  1. Phishing spikes as private health continues to be most breached sector in Australia

NORTH AMERICA

  1. Future Investment Initiative Conference Website, Defaced, Now Restored
  2. Cathay Pacific Suffers World’s Largest Airline Data Breach
  3. Understanding mass data fragmentation
  4. Secret Service Confirms Focus on Email Compromise Cybercrimes Worth $12 Billion
  5. Man Ordered to Pay $8.6 Million for Launching DDoS Attacks against Rutgers University
  6. Security Vulnerability in Internet-Connected Construction Cranes
  7. Girl Scouts Alerted to Possible Data Breach
  8. What can we do to tackle today’s phishing epidemic?
  9. Privacy concerns cooling #InternetOfThings adoption in US & Europe, with consumers concerned about #DataLeaks, malware and product security (via @FSecure)
  10. Das Geschรคft mit gestohlenen Login-Daten von Privatnutzern und Unternehmensanwendern boomt. US-Journalist Brian Krebs beziffert die "Ausbeute" bei mehreren 100.000 US-Dollar
  11. The Worst Data Breach till Now 2018, and What It Means
  12. Same Old yet Brand-new: New File Types Emerge in Malware Spam Attachments
  13. Cisco patched a command injection vulnerability in Webex Meetings
  14. Leaked: iOS 12.1 will be released on October 30th

SOUTH AMERICA

Nil

EUROPE

  1. Here's how to defend your enterprise from Magecart
  2. Breaking News: Securonix Threat Research: British Airways Breach
  3. Cathay Pacific Suffers World’s Largest Airline Data Breach
  4. sLoad and Ramnit Campaign Against UK and Italy
  5. Magecart Exploits Zero Day Vulnerabilities
  6. What can we do to tackle today’s phishing epidemic?
  7. The Worst Data Breach till Now 2018, and What It Means
  8. Same Old yet Brand-new: New File Types Emerge in Malware Spam Attachments

AFRICA

Nil
at
Labels:
Subscribe to: Posts (Atom)