Daily brief for 2018-10-09
ASIA
- Panda Banker Trojan becomes part of Emotet threat distribution platform
- DHS issued an alert on attacks aimed at Managed Service Providers
- Police Warned that Phishing Text Messages are Used to Target the Bank Customers
WORLD
- How to Evade Expensive Phishing Filters with One Simple Trick
- Panda Banker Trojan becomes part of Emotet threat distribution platform
- APT28 group return to covert intelligence gathering ops in Europe and South America.
- Sony Bravia Smart TVs affected by a critical vulnerability
- DHS issued an alert on attacks aimed at Managed Service Providers
- The Magecart Seal of Approval: Card-Skimming Group Executes Scaled Supply Chain Attack on Shopper Approved
- Hackers breach customer rating tool used on over 7,000 websites
- Magecart group compromises customer ratings tool, affecting 'hundreds' of online stores
- New Magecart hack detected at Shopper Approved
- Phishing Campaign uses Hijacked Emails to Deliver URSNIF by Replying to Ongoing Threads
- Vulnerability Spotlight: VMWare Workstation DoS Vulnerability
- Phishing attacks use Azure Blob storage to simulate Microsoft
- Weak IOT passwords outlawed in California
- Gemalto reports 4.6 billion record breaches in the first half of 2018
- Sunsets for Google Plus after Reports of Data Breach
- Critical vulnerability in Sony Bravia Smart TV
ATTACKS
- How to Evade Expensive Phishing Filters with One Simple Trick
- URSNIF Phishing Campaign Spreads Malware by Replying to Existing E-mail Threads
- Heathrow Fined For USB Stick Data Breach
- Google+ Users, Upset Over Data Leak, Sue Google
- New Cloud VPS Provider with Built-In DDoS Protection and Anti-Virus | SkySilk Cloud Services
- Over nine million cameras and DVRs open to APTs, botnet herders, and voyeurs
- Google+ will shut down after leaking info of 500k accounts
- Amazon acknowledges that the company’s employees leaked user information to the seller
- Upgrade Your Threat Intelligence Program Part 5: Take Down Fraud Campaigns & Cyber Scams
- With a few keystrokes, Number One used the admin/admin login to siphon all the email addresses, names and titles of
- Magecart group compromises customer ratings tool, affecting 'hundreds' of online stores
- Google: We're giving you more control over what personal data apps can use
- As a way to inch forward in the battle of default passwords, California has passed a law that will make
- Garmin's Navionics exposed data belonging to thousands of customers
- Phishing Campaign uses Hijacked Emails to Deliver URSNIF by Replying to Ongoing Threads
- Google+ shut down after bug exposed user data
- Over 4.5 Billion Records Breached in H1 2018, Finds Report
- Google+ Shuts Down Following Undisclosed Data Breach
- Phishing attacks use Azure Blob storage to simulate Microsoft
- The end of Google+: Low usage and an API bug that exposed user data
- 33,000 Accounting Inbox Credentials Exposed Online: BEC Made Easy. Read the full blog here:
- Weak IOT passwords outlawed in California
- California’s ban on weak default passwords isn’t going to fix IoT security
- Magecart Group Compromises Plugin Used in Thousands of Stores, Makes Rookie Mistake
- Heathrow Airport fined £120,000 over USB data breach debacle
- "Application control bypass techniques are a big thing that is happening right now - - 80% to 85% of compromises
- New IoT botnet “hide and seek” variants target Android devices
- For @5ean5ullivan, a security adviser at cyber firm F-Secure, a campaign’s cyber protections boil down to education — making sure
- Google has made the decision to shut down much of its #GooglePlus social network following the disclosure of vulnerable data.
- Hacked #Fortnite accounts and rent-a-botnet being pushed on
- Gemalto reports 4.6 billion record breaches in the first half of 2018
- Police Warned that Phishing Text Messages are Used to Target the Bank Customers
- Hackers Targeting Instagram Accounts of Influential Profiles for Ransom in a Recent Campaign
- one more reason to not use Facebook login everywhere, no matter how convenient it is.
- Sunsets for Google Plus after Reports of Data Breach
- Google Announced Google+ Shut down, Following Security Breach That Exposed 500,000 Users Accounts
- Using web phishing, criminals have managed to steal $3.7 million (251 million rubles), which is 6% more than in the
- Oh no, looks like we can't trust our data with Google either
"Google hid major Google+ security flaw that exposed
- Cryptojacking campaign targets add-ons for popular streaming app Kodi
THREATS
- Cryptomining dethrones ransomware as 2018’s top threat - Webroot
- Microsoft patches 0-day Windows flaw under attack
- Microsoft Patches Zero-Day Under Active Attack by APT
- VMware Workstation, Fusion, and ESXi Affected by DoS Vulnerability, No Patch Yet
- Microsoft Patches Windows Zero-Day Exploited by 'FruityArmor' Group
- Microsoft October 2018 Patch Tuesday fixes zero-day exploited by FruityArmor APT
- Vulnerability Spotlight: VMWare Workstation DoS Vulnerability
- Microsoft Patch Tuesday — October 18: Vulnerability disclosures and Snort coverage
- Slideshow: Intel from Virus Bulletin 2018
- Vulnerability in the Intel Unified Shader compiler for the Intel Graphics Accelerator
- Git Gets Patched for Newly Found Flaw
- Block puzzle games laced with malware | Avast
- How does #FacexWorm #malware use @Facebook Messenger to spread? Learn more about this new malware with expert @lewisnic.
- URSNIF Phishing Campaign Spreads Malware by Replying to Existing E-mail Threads
- The @USAgov is rolling out #2FA authentication for officers managing .gov domains, but experts say #GoogleAuthenticator might not be the
- Panda Banker Trojan becomes part of Emotet threat distribution platform
- New Cloud VPS Provider with Built-In DDoS Protection and Anti-Virus | SkySilk Cloud Services
- Microsoft October 2018 Patch Tuesday Fixes 12 Critical Vulnerabilities
- Sony Bravia Smart TVs affected by a critical vulnerability
- How does #MassMiner #malware infect systems across the web?
- Hackers breach customer rating tool used on over 7,000 websites
- The government domain registrar -- DotGov -- began rolling out two-factor #authentication for officials managing .gov domains in order to
- Magecart group compromises customer ratings tool, affecting 'hundreds' of online stores
- Apple fixes iOS 12 passcode bypass vulnerabilities
- Vulnerability Spotlight: VMWare Workstation DoS Vulnerability
- Proofpoint: One month out from deadline, half of agency domains are #DMARC compliant http://ow.ly/3SRI50iYi41 via CyberScoopNews
- Microsoft October Patch Tuesday Fixes 12 Critical Vulnerabilities
- Microsoft Patch Tuesday — October 18: Vulnerability disclosures and Snort coverage
- Sophos recently discovered a #Samsam extortion code that performs whole-company attacks through a variety of vulnerability exploits. Discover how this
- Google+ shut down after bug exposed user data
- Vulnerability in the Intel Unified Shader compiler for the Intel Graphics Accelerator
- Adobe Releases Security Patch Updates for 11 Vulnerabilities
- New Domains: A Wide-Open Playing Field for Cybercrime
- The end of Google+: Low usage and an API bug that exposed user data
- TOP 10 PHP Vulnerability Scanners
- RIP Google Plus: Shutdown announced after API bug exposes 500,000 users' details
- Active Workload Protection on Amazon EKS and AWS Fargate
- On our new #CyberSauna podcast:
Find out how F-Secure's @nxsolle and Pasi Saarinen discovered a flaw that allows attackers to get
- Critical vulnerability in Sony Bravia Smart TV
- Oh no, looks like we can't trust our data with Google either
"Google hid major Google+ security flaw that exposed
- #Ransomware Survival Guide: 10 things to know before, during, and after an attack:
CRIME
- Cryptomining dethrones ransomware as 2018’s top threat - Webroot
- How to Evade Expensive Phishing Filters with One Simple Trick
- DHS issued an alert on attacks aimed at Managed Service Providers
- The Magecart Seal of Approval: Card-Skimming Group Executes Scaled Supply Chain Attack on Shopper Approved
- Magecart group compromises customer ratings tool, affecting 'hundreds' of online stores
- Phishing Campaign uses Hijacked Emails to Deliver URSNIF by Replying to Ongoing Threads
- Sophos recently discovered a #Samsam extortion code that performs whole-company attacks through a variety of vulnerability exploits. Discover how this
- New Domains: A Wide-Open Playing Field for Cybercrime
- 33,000 Accounting Inbox Credentials Exposed Online: BEC Made Easy. Read the full blog here:
- Magecart Group Compromises Plugin Used in Thousands of Stores, Makes Rookie Mistake
- Police Warned that Phishing Text Messages are Used to Target the Bank Customers
POLITICS
- APT28 group return to covert intelligence gathering ops in Europe and South America.
- DHS issued an alert on attacks aimed at Managed Service Providers