Oct 10, 2018

Daily brief for 2018-10-09

ASIA

  1. Panda Banker Trojan becomes part of Emotet threat distribution platform
  2. DHS issued an alert on attacks aimed at Managed Service Providers
  3. Police Warned that Phishing Text Messages are Used to Target the Bank Customers

WORLD

  1. How to Evade Expensive Phishing Filters with One Simple Trick
  2. Panda Banker Trojan becomes part of Emotet threat distribution platform
  3. APT28 group return to covert intelligence gathering ops in Europe and South America.
  4. Sony Bravia Smart TVs affected by a critical vulnerability
  5. DHS issued an alert on attacks aimed at Managed Service Providers
  6. The Magecart Seal of Approval: Card-Skimming Group Executes Scaled Supply Chain Attack on Shopper Approved
  7. Hackers breach customer rating tool used on over 7,000 websites
  8. Magecart group compromises customer ratings tool, affecting 'hundreds' of online stores
  9. New Magecart hack detected at Shopper Approved
  10. Phishing Campaign uses Hijacked Emails to Deliver URSNIF by Replying to Ongoing Threads
  11. Vulnerability Spotlight: VMWare Workstation DoS Vulnerability
  12. Phishing attacks use Azure Blob storage to simulate Microsoft
  13. Weak IOT passwords outlawed in California
  14. ​Gemalto reports 4.6 billion record breaches in the first half of 2018
  15. Sunsets for Google Plus after Reports of Data Breach
  16. Critical vulnerability in Sony Bravia Smart TV

ATTACKS

  1. How to Evade Expensive Phishing Filters with One Simple Trick
  2. URSNIF Phishing Campaign Spreads Malware by Replying to Existing E-mail Threads
  3. Heathrow Fined For USB Stick Data Breach
  4. Google+ Users, Upset Over Data Leak, Sue Google
  5. New Cloud VPS Provider with Built-In DDoS Protection and Anti-Virus | SkySilk Cloud Services
  6. Over nine million cameras and DVRs open to APTs, botnet herders, and voyeurs
  7. Google+ will shut down after leaking info of 500k accounts
  8. Amazon acknowledges that the company’s employees leaked user information to the seller
  9. Upgrade Your Threat Intelligence Program Part 5: Take Down Fraud Campaigns & Cyber Scams
  10. With a few keystrokes, Number One used the admin/admin login to siphon all the email addresses, names and titles of
  11. Magecart group compromises customer ratings tool, affecting 'hundreds' of online stores
  12. Google: We're giving you more control over what personal data apps can use
  13. As a way to inch forward in the battle of default passwords, California has passed a law that will make
  14. Garmin's Navionics exposed data belonging to thousands of customers
  15. Phishing Campaign uses Hijacked Emails to Deliver URSNIF by Replying to Ongoing Threads
  16. Google+ shut down after bug exposed user data
  17. Over 4.5 Billion Records Breached in H1 2018, Finds Report
  18. Google+ Shuts Down Following Undisclosed Data Breach
  19. Phishing attacks use Azure Blob storage to simulate Microsoft
  20. The end of Google+: Low usage and an API bug that exposed user data
  21. 33,000 Accounting Inbox Credentials Exposed Online: BEC Made Easy. Read the full blog here:
  22. Weak IOT passwords outlawed in California
  23. California’s ban on weak default passwords isn’t going to fix IoT security
  24. Magecart Group Compromises Plugin Used in Thousands of Stores, Makes Rookie Mistake
  25. Heathrow Airport fined £120,000 over USB data breach debacle
  26. "Application control bypass techniques are a big thing that is happening right now - - 80% to 85% of compromises
  27. New IoT botnet “hide and seek” variants target Android devices
  28. For @5ean5ullivan, a security adviser at cyber firm F-Secure, a campaign’s cyber protections boil down to education — making sure
  29. Google has made the decision to shut down much of its #GooglePlus social network following the disclosure of vulnerable data.
  30. Hacked #Fortnite accounts and rent-a-botnet being pushed on
  31. ​Gemalto reports 4.6 billion record breaches in the first half of 2018
  32. Police Warned that Phishing Text Messages are Used to Target the Bank Customers
  33. Hackers Targeting Instagram Accounts of Influential Profiles for Ransom in a Recent Campaign
  34. one more reason to not use Facebook login everywhere, no matter how convenient it is.
  35. Sunsets for Google Plus after Reports of Data Breach
  36. Google Announced Google+ Shut down, Following Security Breach That Exposed 500,000 Users Accounts
  37. Using web phishing, criminals have managed to steal $3.7 million (251 million rubles), which is 6% more than in the
  38. Oh no, looks like we can't trust our data with Google either "Google hid major Google+ security flaw that exposed
  39. Cryptojacking campaign targets add-ons for popular streaming app Kodi

THREATS

  1. Cryptomining dethrones ransomware as 2018’s top threat - Webroot
  2. Microsoft patches 0-day Windows flaw under attack
  3. Microsoft Patches Zero-Day Under Active Attack by APT
  4. VMware Workstation, Fusion, and ESXi Affected by DoS Vulnerability, No Patch Yet
  5. Microsoft Patches Windows Zero-Day Exploited by 'FruityArmor' Group
  6. Microsoft October 2018 Patch Tuesday fixes zero-day exploited by FruityArmor APT
  7. Vulnerability Spotlight: VMWare Workstation DoS Vulnerability
  8. Microsoft Patch Tuesday — October 18: Vulnerability disclosures and Snort coverage
  9. Slideshow: Intel from Virus Bulletin 2018
  10. Vulnerability in the Intel Unified Shader compiler for the Intel Graphics Accelerator
  11. Git Gets Patched for Newly Found Flaw
  12. Block puzzle games laced with malware | Avast
  13. How does #FacexWorm #malware use @Facebook Messenger to spread? Learn more about this new malware with expert @lewisnic.
  14. URSNIF Phishing Campaign Spreads Malware by Replying to Existing E-mail Threads
  15. The @USAgov is rolling out #2FA authentication for officers managing .gov domains, but experts say #GoogleAuthenticator might not be the
  16. Panda Banker Trojan becomes part of Emotet threat distribution platform
  17. New Cloud VPS Provider with Built-In DDoS Protection and Anti-Virus | SkySilk Cloud Services
  18. Microsoft October 2018 Patch Tuesday Fixes 12 Critical Vulnerabilities
  19. Sony Bravia Smart TVs affected by a critical vulnerability
  20. How does #MassMiner #malware infect systems across the web?
  21. Hackers breach customer rating tool used on over 7,000 websites
  22. The government domain registrar -- DotGov -- began rolling out two-factor #authentication for officials managing .gov domains in order to
  23. Magecart group compromises customer ratings tool, affecting 'hundreds' of online stores
  24. Apple fixes iOS 12 passcode bypass vulnerabilities
  25. Vulnerability Spotlight: VMWare Workstation DoS Vulnerability
  26. Proofpoint: One month out from deadline, half of agency domains are #DMARC compliant http://ow.ly/3SRI50iYi41 via CyberScoopNews
  27. Microsoft October Patch Tuesday Fixes 12 Critical Vulnerabilities
  28. Microsoft Patch Tuesday — October 18: Vulnerability disclosures and Snort coverage
  29. Sophos recently discovered a #Samsam extortion code that performs whole-company attacks through a variety of vulnerability exploits. Discover how this
  30. Google+ shut down after bug exposed user data
  31. Vulnerability in the Intel Unified Shader compiler for the Intel Graphics Accelerator
  32. Adobe Releases Security Patch Updates for 11 Vulnerabilities
  33. New Domains: A Wide-Open Playing Field for Cybercrime
  34. The end of Google+: Low usage and an API bug that exposed user data
  35. TOP 10 PHP Vulnerability Scanners
  36. RIP Google Plus: Shutdown announced after API bug exposes 500,000 users' details
  37. Active Workload Protection on Amazon EKS and AWS Fargate
  38. On our new #CyberSauna podcast: Find out how F-Secure's @nxsolle and Pasi Saarinen discovered a flaw that allows attackers to get
  39. Critical vulnerability in Sony Bravia Smart TV
  40. Oh no, looks like we can't trust our data with Google either "Google hid major Google+ security flaw that exposed
  41. #Ransomware Survival Guide: 10 things to know before, during, and after an attack:

CRIME

  1. Cryptomining dethrones ransomware as 2018’s top threat - Webroot
  2. How to Evade Expensive Phishing Filters with One Simple Trick
  3. DHS issued an alert on attacks aimed at Managed Service Providers
  4. The Magecart Seal of Approval: Card-Skimming Group Executes Scaled Supply Chain Attack on Shopper Approved
  5. Magecart group compromises customer ratings tool, affecting 'hundreds' of online stores
  6. Phishing Campaign uses Hijacked Emails to Deliver URSNIF by Replying to Ongoing Threads
  7. Sophos recently discovered a #Samsam extortion code that performs whole-company attacks through a variety of vulnerability exploits. Discover how this
  8. New Domains: A Wide-Open Playing Field for Cybercrime
  9. 33,000 Accounting Inbox Credentials Exposed Online: BEC Made Easy. Read the full blog here:
  10. Magecart Group Compromises Plugin Used in Thousands of Stores, Makes Rookie Mistake
  11. Police Warned that Phishing Text Messages are Used to Target the Bank Customers

POLITICS

  1. APT28 group return to covert intelligence gathering ops in Europe and South America.
  2. DHS issued an alert on attacks aimed at Managed Service Providers
at
Labels: