Oct 6, 2018

Daily brief for 2018-10-05

ASIA

  1. Virus Bulletin 2018: Saudi Dissident Spyware Attack Belies Bigger Threat
  2. Trojans go after MS Office vulnerabilities and China hacks US hardware
  3. The Kronos banking trojan is back from the malware dustbin. After years of lying dormant, hackers have reworked the underlying
  4. DHS issued an alert on attacks aimed at Managed Service Providers
  5. VP Mike Pence slams Google over Chinese search engine project
  6. North Korean hacking operation behind SWIFT attacks

WORLD

  1. Virus Bulletin 2018: Saudi Dissident Spyware Attack Belies Bigger Threat
  2. Trojans go after MS Office vulnerabilities and China hacks US hardware
  3. Russian State-Sponsored Operations Begin to Overlap: Kaspersky
  4. California Is Making It Illegal for Devices to Have Shitty Default Passwords
  5. AirNaine Uses New ARS RAT Strain Named ZeroEvil Against Canadian Businesses
  6. Danabot Banking Malware Targets U.S. Organizations
  7. The Virus Bulletin conference returns home: VB2019 to take place in London
  8. Uncle Sam Charges Seven Russians With Fancy Bear Hack Sprees
  9. DanaBot Banking Trojan’s Journey to North America
  10. The Kronos banking trojan is back from the malware dustbin. After years of lying dormant, hackers have reworked the underlying
  11. The fur is not gonna fly: Uncle Sam charges seven Russians with Fancy Bear hack sprees
  12. UK pins 'reckless campaign of cyber attacks' on Russian military intelligence
  13. Experts warns of a new extortion campaign based on the Breach Compilation archive
  14. US users open 30% of phishing emails with 12% of those clicking on infected links or attachments. Prepare for 2019's
  15. Facebook Logins Available on the Dark Web for $2.60
  16. DHS issued an alert on attacks aimed at Managed Service Providers
  17. New research reveals the DanaBot banking Trojan is now targeting banks in the United States as well. The campaign attempts to
  18. Fake News Domains Spoof UK News Sites
  19. Russia's elite hacking unit has been silent, but busy
  20. Fin7 Hackers Breached US Chain Burgerville
  21. Fin7 Hackers Breached US Chain Burgerville

ATTACKS

  1. Sales intel firm Apollo data breach exposed more than 200 million contact records
  2. Facebook Found “No Evidence” Of Facebook Login Exploited To Access Linked Apps
  3. Fortnite gamers targeted by data theft malware
  4. Remove Ursnif Trojan (Purolator Phishing) Scam
  5. California Is Making It Illegal for Devices to Have Shitty Default Passwords
  6. Report: The bigger the company, the messier the password practices
  7. The most commonly used passwords in the world are... 1. 123456 2. password 3. 123456789 4. 12345678 5. 12345 6. qwerty
  8. Apollo hackers steal info from database of 200M contact
  9. Can the @Microsoft Authenticator really replace passwords in the enterprise? Microsoft says the answer is yes and proclaimed the password
  10. Security researchers @proofpoint recently uncovered new #DanaBot campaigns.
  11. Weak Passwords Banned In California From 2020
  12. New IoT legislation bans shared default passwords
  13. GhostDNS hijacking campaign steps up attacks on Brazilians; 100K+ devices compromised
  14. Smart TV kit featuring Google Home Mini and third-gen Chromecast leaks
  15. Hacked #Fortnite accounts and rent-a-botnet being pushed on Instagram
  16. UK pins 'reckless campaign of cyber attacks' on Russian military intelligence
  17. Experts warns of a new extortion campaign based on the Breach Compilation archive
  18. US users open 30% of phishing emails with 12% of those clicking on infected links or attachments. Prepare for 2019's
  19. Credential-Phishing Attempts Highest on Tuesdays
  20. Cryptomining malware steals Fortnite gamers' Bitcoins and personal data
  21. Credential-Phishing Attempts Highest on Tuesdays
  22. If you're thinking passwords, check out #CyberSauna episode #13: A Hacker's Take on Cracking & Protecting Your Creds
  23. Intel, AMD both claim server speed records
  24. FYI: "password" is the 2nd most popular password in the world. Can you guess the first?
  25. Facebook Logins Available on the Dark Web for $2.60
  26. Samsung predicts a return to record profits in Q3
  27. New research reveals the DanaBot banking Trojan is now targeting banks in the United States as well. The campaign attempts to
  28. Passware Kit: Forensic software recovers passwords for Bitcoin wallets

THREATS

  1. Adobe October Patch Update Fixed 86 Different Security Vulnerabilities
  2. Ransomware Recovery at the Taxpayers’ Expense
  3. Sony Smart TV Bug Allows Remote Access, Root Privileges
  4. Virus Bulletin 2018: Saudi Dissident Spyware Attack Belies Bigger Threat
  5. Unit 42 Vulnerability Research October 2018 Disclosures – Adobe
  6. Unit 42 Vulnerability Research October 2018 Disclosures – Adobe
  7. Facebook Found “No Evidence” Of Facebook Login Exploited To Access Linked Apps
  8. Fortnite gamers targeted by data theft malware
  9. D-Link Patches RCE Bugs in Wireless Access Point Gear
  10. VMware Releases Patches for Critical A/W Console Auth Bypass Vulnerability
  11. Remove Ursnif Trojan (Purolator Phishing) Scam
  12. 150 Bugs Found in the Hack the Marine Corps Challenge
  13. Trojans go after MS Office vulnerabilities and China hacks US hardware
  14. .@alienvault researchers recently discovered #MassMiner, a #cryptocurrency mining #malware that has the ability to infect systems across the web. Discover
  15. 150 Bugs Found in the Hack the Marine Corps Challenge
  16. Most Home Routers Are Full of Vulnerabilities
  17. Virus Bulletin 2018: Exposing the Social Media Fraud Ecosystem
  18. AirNaine Uses New ARS RAT Strain Named ZeroEvil Against Canadian Businesses
  19. Danabot Banking Malware Targets U.S. Organizations
  20. The Virus Bulletin conference returns home: VB2019 to take place in London
  21. Vulnerability Scanning vs. Penetration Testing: What's the Difference?
  22. Fileless malware: part deux
  23. Adobe update cleans up 86 bugs in Acrobat and Reader, many critical
  24. Missing Files, Bugs Reported After Windows 10 October 2018 Update
  25. Cisco Discovered Multiple Vulnerabilities In Atlantis Word Processor
  26. Advanced Persistent Threat Activity Exploiting Managed Service Providers
  27. Mozilla Resolves Critical Code Execution Flaw In Thunderbird
  28. Hackers fly under the radar for two years after infecting chiropractic clinic with malware
  29. DanaBot Banking Trojan’s Journey to North America
  30. Cisco patches critical flaws in DNA Center and Prime Infrastructure
  31. Virus Bulletin 2018: Supply chain hacking grows up
  32. Marine Corps bug bounty program finds 150 vulnerabilities
  33. The Kronos banking trojan is back from the malware dustbin. After years of lying dormant, hackers have reworked the underlying
  34. Mozilla resolves critical code execution flaw in Thunderbird email client
  35. Cisco Talos spotted 18 vulnerabilities in Foxit PDF Reader, 8 in Atlantis World Processor
  36. D-Link Patches Code Execution, XSS Flaws in Management Tool
  37. Cisco updates address 36 vulnerabilities, three critical
  38. Cryptomining malware steals Fortnite gamers' Bitcoins and personal data
  39. Vulnerability Scanning vs. Penetration Testing: What's the Difference?
  40. How does FacexWorm malware use Facebook Messenger to spread?
  41. Malicious remote admin tool seemingly linked to KONNI malware, North Korea
  42. #PulseNet: How does an improper #authentication flaw affect it?
  43. New research reveals the DanaBot banking Trojan is now targeting banks in the United States as well. The campaign attempts to
  44. .@FireEye researches discovered that the group behind #Sanny #malware attacks has made delivery method changes that put users at risk.
  45. Cisco Released Security Updates & Fixed 37 Vulnerabilities that Affected Cisco Products
  46. Fake News Domains Spoof UK News Sites
  47. Roaming Mantis Hacking Group Inject Web Crypto Mining for iOS Devices via Malicious Content Delivery System
  48. Top 5 Viruses of All Time by Security Expert Mikko Hyppönen
  49. CMake 3.12.3 releases: managing the build process of software
  50. Mozilla Patches Critical Vulnerability in Thunderbird 60.2.1

CRIME

  1. Fortnite gamers targeted by data theft malware
  2. Remove Ursnif Trojan (Purolator Phishing) Scam
  3. California Is Making It Illegal for Devices to Have Shitty Default Passwords
  4. AirNaine Uses New ARS RAT Strain Named ZeroEvil Against Canadian Businesses
  5. Danabot Banking Malware Targets U.S. Organizations
  6. Report: The bigger the company, the messier the password practices
  7. Hackers fly under the radar for two years after infecting chiropractic clinic with malware
  8. DanaBot Banking Trojan’s Journey to North America
  9. The Kronos banking trojan is back from the malware dustbin. After years of lying dormant, hackers have reworked the underlying
  10. Detecting Credit Card Skimmers
  11. The fur is not gonna fly: Uncle Sam charges seven Russians with Fancy Bear hack sprees
  12. Experts warns of a new extortion campaign based on the Breach Compilation archive
  13. Cryptomining malware steals Fortnite gamers' Bitcoins and personal data
  14. Facebook Logins Available on the Dark Web for $2.60
  15. DHS issued an alert on attacks aimed at Managed Service Providers
  16. New research reveals the DanaBot banking Trojan is now targeting banks in the United States as well. The campaign attempts to
  17. Roaming Mantis Hacking Group Inject Web Crypto Mining for iOS Devices via Malicious Content Delivery System
  18. Passware Kit: Forensic software recovers passwords for Bitcoin wallets
  19. North Korean hacking operation behind SWIFT attacks
  20. Lojax, the new threat developed by Fancy Bear

POLITICS

  1. Russian State-Sponsored Operations Begin to Overlap: Kaspersky
  2. Advanced Persistent Threat Activity Exploiting Managed Service Providers
  3. DHS issued an alert on attacks aimed at Managed Service Providers
at
Labels: