Daily brief for 2018-10-11

ASIA

1. Cybersecurity Authorities Issue Alert About Publicly Available Hacking Tools
2. AA18-284A: Publicly Available Tools Seen in Cyber Incidents Worldwide
3. What would happen if an attack interrupted a country’s power supply?
4. Reaper Group Uses New Malware to Deploy RAT
5. Threats in the Netherlands

WORLD

6. Exaramel Malware Links Industroyer ICS malware and NotPetya wiper
7. Cybersecurity Authorities Issue Alert About Publicly Available Hacking Tools
8. The Reality of Self-Driving Cars and the Regulatory Hurdles
9. Adaptable, All-in-One Android Trojan Shows the Future of Malware
10. Talos: Android trojan resembling Play Store installs sophisticated spyware
11. AA18-284A: Publicly Available Tools Seen in Cyber Incidents Worldwide
12. The EU and the US have investigated on data breaches on the Google+
13. Researchers link tools used in NotPetya and Ukraine grid hacks
14. What would happen if an attack interrupted a country’s power supply?
15. Cops Arrest Infamous SIM Swapper Who Allegedly Stole $14 Million in Cryptocurrency
16. Reaper Group Uses New Malware to Deploy RAT
17. Worker perks flinger Sodexo pulls Engage website after malware smackdown
18. Defending Against Business Email Compromise Attacks
19. Heathrow Airport, the busiest airport in the United Kingdom, has been fined £120,000 (about $158,173) following a data breach caused
20. Microsoft October Patch Tuesday fixed Win32k privilege vulnerability that used in targeted attacks
21. Threats in the Netherlands
22. New Gallmaker APT group eschews malware in cyber espionage campaigns
23. Italian Police Finally Identified 25-Year-old Italian Hacker who have Defaced NASA Websites
24. GPlayed Trojan - .Net playing with Google Market
25. Ghostdns Attack Compromised Over 100K Routers
26. Canada-Based Restaurant Chain Hit with Malware Attack

ATTACKS

27. The BEC List: Helping Thwart Business Email Compromise through Collaboration
28. Personal data for coffee. What’s the risk? | Avast
29. California Bill Increases Default Password Security
30. The EU and the US have investigated on data breaches on the Google+
31. FitMetrix user data exposed via passwordless ElasticSearch server cluster
32. Apple has formed a partnership with lyrics database provider Genius
33. Cofense Report Reveals 10 Percent of User-Reported Emails Across Key Industries are Malicious, Over Half Tied to Credential Phishing
34. Hackers launched #phishing attacks against @netflix users via malicious sites with TLS certificates. Learn how hackers mimic popular websites to
35. Defending Against Business Email Compromise Attacks
36. Heathrow Airport, the busiest airport in the United Kingdom, has been fined £120,000 (about $158,173) following a data breach caused
37. Palo Alto Networks Uncovers Flash Updater Cryptojacking Campaign
38. Gemalto reports that 4.6 billion record leaked in the first half of 2018
39. A new database with information on every shooting at a school in the last 50 years is now available publicly
40. New Gallmaker APT group eschews malware in cyber espionage campaigns
41. Ghostdns Attack Compromised Over 100K Routers
42. A simple videocall could compromise your WhatsApp account
43. Mingis on Tech: Data breaches and the rise of 'surveillance capitalism'
44. Mingis on Tech: Data breaches in a world of 'surveillance capitalism'
45. Avast 2019: Extends Artificial Intelligence Technology to Block Advanced Phishing Attacks for Enhanced Consumer Security
46. AVG 2019 now includes enhanced phishing threat detection

THREATS

47. Exaramel Malware Links Industroyer ICS malware and NotPetya wiper
48. Multiple Vulnerabilities Dicovered In RouterOS That Affected MikroTik Routers
49. GPlayed Android Trojan Can Wipe Your Device, Steal Data, Make Calls, Send SMS
50. Senate seeks internal memo on Google+ vulnerability
51. XMRig Cryptocurrency Miner Camouflages Itself as a Flash Updater
52. Slow disclosure of Google+ flaw draws attention of senators
53. Hackers Exploit Drupalgeddon2 to Install Backdoor
54. PoC Code Available for Microsoft Edge Remote Code Execution Bug
55. Adaptable, All-in-One Android Trojan Shows the Future of Malware
56. Talos: Android trojan resembling Play Store installs sophisticated spyware
57. Most Malware Arrives Via Email
58. .@Google Firebase's lack of #DatabaseSecurity and inadequate #BackendDevelopment led to #DataLeaks and vulnerabilities, including HospitalGown. Learn more about this
59. Cops Arrest Infamous SIM Swapper Who Stole Crypto Currency
60. Network Time Protocol Bugs Sting Juniper Operating System
61. Juniper Networks provides dozens of fix for vulnerabilities in Junos OS
62. Audit Finds No Critical Flaws in Firefox Update System
63. Fake Adobe Flash Updates Hide Malicious Crypto Miners
64. [SingCERT] Alert on 12 Critical Microsoft Vulnerabilities for October 2018 Patch Tuesday
65. Cops Arrest Infamous SIM Swapper Who Allegedly Stole $14 Million in Cryptocurrency
66. .@TrendMicro researchers discovered a malicious #ChromeExtension spreading #malware. Learn more with expert @lewisnic.
67. GPlayed trojan – .Net playing with Google Market
68. Cryptomining malware discovered masquerading as Flash updates
69. This cryptojacking mining malware pretends to be a Flash update
70. Fake Flash Updaters Push Cryptocurrency Miners
71. Hackers Abusing Legitimate Googlebot Services to Inject Cryptomining Malware
72. Reaper Group Uses New Malware to Deploy RAT
73. Cofense Report Reveals 10 Percent of User-Reported Emails Across Key Industries are Malicious, Over Half Tied to Credential Phishing
74. Exaramel Malware Reinforces Link Between Industroyer and NotPetya
75. A patched #MikroTik router vulnerability amps up severity rating as @TenableSecurity researchers find new potential exploits with more critical consequences.
76. New TeleBots backdoor: First evidence linking Industroyer to NotPetya
77. New TeleBots backdoor: First evidence linking Industroyer to NotPetya
78. New Android Trojan Gplayed Adapts to Attacker's Needs
79. Juniper fixes 30+ vulnerabilities in its routing, switching devices
80. Researchers from @alienvault found a new #cryptocurrency mining malware -- dubbed #MassMiner -- that infects systems across the web. Learn
81. Adobe patches critical flaws in many of its software offerings
82. Update now! Microsoft fixes 49 bugs, 12 are critical
83. Hackers launched #phishing attacks against @netflix users via malicious sites with TLS certificates. Learn how hackers mimic popular websites to
84. Qihoo 360’s precise analysis of ransomware for September
85. Costly cryptojacking overtakes ransomware in the enterprise threat stakes
86. Crypto-mining malware poses as Flash updates
87. All WhatsApp Users Must Update: Zero Day Bug Found in WhatsApp
88. Who needs custom malware? 'Govt-backed' Gallmaker spy crew uses off-the-shelf wares
89. Worker perks flinger Sodexo pulls Engage website after malware smackdown
90. VMware issues advisory for a DoS vulnerability
91. .@TenableSecurity found new exploits of an already patched #MikroTik router vulnerability that could enable hackers to launch #RemoteCode execution attacks.
92. New Backdoor Ties NotPetya and Industroyer to TeleBots Group
93. Juniper Patches Serious Flaws in Junos OS
94. Microsoft October Patch Tuesday fixed Win32k privilege vulnerability that used in targeted attacks
95. .@FarsightSecInc's @paulvixie says his company's new research into domain name lifespans and causes of death shows the need for new
96. "Help! I have a #computer worm..oh wait is it a computer #virus?" These terms are often used interchangeably, but have
97. The attached file promptly infects Peter’s laptop with the RAT, remote access trojan. It only takes about an hour from
98. New Gallmaker APT group eschews malware in cyber espionage campaigns
99. GPlayed Trojan - .Net playing with Google Market
100. Dublin Information Sec: Protect your firm from 'Gold Rush' #cryptocurrency scammers: https://www.independent.ie/business/dublin-information-sec/dublin-information-sec-protect-your-firm-from-gold-rush-cryptocurrency-scammers-37286913.html … ( via @jimmychappell )
101. Canada-Based Restaurant Chain Hit with Malware Attack
102. Hackers Use Hijacked Email Address To Send Malware as a Reply to Existing Email Thread
103. JSRAT – Secret Command and Control Channel Backdoor to Control Victims Machine Using JavaScript
104. Four Critical Flaws Patched In Adobe Digital Edition
105. How to Defeat Malicious Everything as-a-Service

CRIME

106. The BEC List: Helping Thwart Business Email Compromise through Collaboration
107. PoC Code Available for Microsoft Edge Remote Code Execution Bug
108. The EU and the US have investigated on data breaches on the Google+
109. Cops Arrest Infamous SIM Swapper Who Allegedly Stole $14 Million in Cryptocurrency
110. Cofense Report Reveals 10 Percent of User-Reported Emails Across Key Industries are Malicious, Over Half Tied to Credential Phishing
111. Defending Against Business Email Compromise Attacks
112. Gemalto reports that 4.6 billion record leaked in the first half of 2018
113. Threats in the Netherlands

POLITICS

114. What would happen if an attack interrupted a country’s power supply?
115. Cops Arrest Infamous SIM Swapper Who Allegedly Stole $14 Million in Cryptocurrency
116. Who needs custom malware? 'Govt-backed' Gallmaker spy crew uses off-the-shelf wares
117. Threats in the Netherlands
118. New Gallmaker APT group eschews malware in cyber espionage campaigns
119. Italian Police Finally Identified 25-Year-old Italian Hacker who have Defaced NASA Websites
120. A simple videocall could compromise your WhatsApp account
121. Avast 2019: Extends Artificial Intelligence Technology to Block Advanced Phishing Attacks for Enhanced Consumer Security
122. JSRAT – Secret Command and Control Channel Backdoor to Control Victims Machine Using JavaScript