Oct 16, 2018

Daily brief for 2018-10-15

ASIA

  1. Did Jamal Khashoggi’s Apple Watch record his murder at Saudi consulate? Probably not
  2. Octopus-infested seas of Central Asia

WORLD

  1. US voter records from 19 states sold on hacking forum
  2. Tens of Millions of U.S. Voter Records for Sale
  3. Pentagon Defense Department travel records data breach
  4. FDA Warns of Flaws in Medtronic Programmers
  5. New Gallmaker APT group eschews malware in cyber espionage campaigns
  6. Millions of Voter Records Found for Sale on the Dark Web
  7. Pentagon Employee Data Breach, An Eye-Opener
  8. Economist Nouriel Roubini: Blockchain and bitcoin are the world’s biggest scams
  9. TeleBots APT Group - Links to Industroyer, NotPetya and BlackEnergy
  10. September 2018’s Most Wanted Malware: Cryptomining Attacks Against Apple Devices On The Rise
  11. Iceland hit by Biggest Cyber Attack on Record
  12. Scottish Ambulance Service Exposed Employees’ Data Online
  13. Pentagon Staff Hit by Major Data Breach
  14. Russia-linked BlackEnergy backed new cyber attacks on Ukraine’s state bodies
  15. Pentagon Data Breach Exposes up to 30,000 Travel Records
  16. Un nouveau rapport montre que les attaques par ransomware ont diminué au premier semestre 2018. Les pirates se tournent vers
  17. Octopus-infested seas of Central Asia
  18. Iceland's largest phishing campaign imitated police
  19. Old dog, new tricks - Analysing new RTF-based campaign distributing Agent Tesla, Loki with PyREbox
  20. @ThreatFabric Gaetan van Diemen showed us the actual situation and future predictions of Mobile Banking Malware. Thx for that awesome
  21. Branch.io Flaws may have affected as many as 685 million individuals
  22. A Russian cyber vigilante is patching outdated MikroTik routers exposed online
  23. According to #GroupIB experts, online market for counterfeit goods in Russia has reached $1,5 billion, while the number of phishing
  24. Stopping Hidden Threats: How to Defend Against Fileless Attacks
  25. SpankChain hacker steals the virtual currency and returns stolen ethereum

ATTACKS

  1. Create an email phishing test to minimize attack vectors
  2. Facebook Hack Update – 30 Million Affected; More Details Exposed; No ID Protection
  3. Malware Campaign Distributes Data Stealer Trojan/RAT, Circumvents Anti-Malware
  4. Up to 35 Million 2018 Voter Records For Sale on Hacking Forum
  5. US voter records from 19 states sold on hacking forum
  6. Tens of Millions of U.S. Voter Records for Sale
  7. Pentagon Defense Department travel records data breach
  8. Did Jamal Khashoggi’s Apple Watch record his murder at Saudi consulate? Probably not
  9. New Gallmaker APT group eschews malware in cyber espionage campaigns
  10. Microsoft Incompletely Patches JET Database Vulnerability
  11. Old dog, new tricks – Analysing new RTF-based campaign distributing Agent Tesla, Loki with PyREbox
  12. Millions of Voter Records Found for Sale on the Dark Web
  13. Learn how we are using #MachineLearning to detect mobile #phishing attacks with @thepacketrat and @dyngnosis: https://okt.to/W29vsS @PhishingAi @arstechnica
  14. Learn how hackers launched #phishing attacks against @netflix users with expert Michael Cobb of @thehairyITdog
  15. Hackers could use emoji domains to spread phishing attacks
  16. Pentagon reveals cyber breach of travel records
  17. Pentagon Employee Data Breach, An Eye-Opener
  18. Facebook opens up about data breach details
  19. Facebook data breach: Victims will not be offered free identity theft protection
  20. A flaw in @Google Firebase #DatabaseSecurity allowed hackers to bypass security and leak data. Learn more about this #SecurityFlaw and
  21. Iceland hit by Biggest Cyber Attack on Record
  22. Scottish Ambulance Service Exposed Employees’ Data Online
  23. Pentagon Staff Hit by Major Data Breach
  24. FitMetrix data exposed on unprotected Elasticsearch servers
  25. Pentagon Data Breach Exposes up to 30,000 Travel Records
  26. Iceland's largest phishing campaign imitated police
  27. #Nymaim and #BankBot #Anubis PL campaign hxxp://przelewy24[.]ml/ hxxp://faktura24[.]cf/ SHA256: 4cb0b471a2132a747abf78214fbdbf0e8d7f44857996117bdbb266d42a277970 C2: bilagoong[.]tk @ThreatFabric @virqdroid @LukasStefanko
  28. Old dog, new tricks - Analysing new RTF-based campaign distributing Agent Tesla, Loki with PyREbox
  29. A Russian cyber vigilante is patching outdated MikroTik routers exposed online
  30. FitMetrix Unprotected Passwordless Database Exposed Millions of User​ Data
  31. Stringent password rules lower risk of personal data breaches
  32. Branch.io Flaws Exposed Tinder, Shopify, Yelp Users to XSS Attacks
  33. According to #GroupIB experts, online market for counterfeit goods in Russia has reached $1,5 billion, while the number of phishing
  34. Google to Encrypt Android Cloud Backups With Your Lock Screen Password

THREATS

  1. Small businesses repeatedly falling victim to ransomware - Kaspersky
  2. 400 Percent Increase in Cryptocurrency Mining Attacks Against iOS Devices
  3. Flash Updater Adds Cryptocurrency Miner
  4. Ransomware hits computer networks of North Carolina water utility
  5. Malware Campaign Distributes Data Stealer Trojan/RAT, Circumvents Anti-Malware
  6. FDA Warns of Flaws in Medtronic Programmers
  7. New Gallmaker APT group eschews malware in cyber espionage campaigns
  8. Microsoft Incompletely Patches JET Database Vulnerability
  9. Apple VoiceOver iOS Vulnerability Permits Hacker Access To User Photos
  10. .@TenableSecurity research finds new exploits of an already patched #MikroTik router vulnerability that could enable hackers to launch remote code
  11. iPhone a Growing Target of Crypto-Mining Attacks
  12. Octopus Trojan exploits Telegram ban fears to snag diplomatic targets across Asia
  13. Sony working on a fix for bug that's crashing PlayStation 4 consoles
  14. Economist Nouriel Roubini: Blockchain and bitcoin are the world’s biggest scams
  15. At the 2018 @RSAConference, researchers discussed the rise of stegware -- #malware that uses #steganography techniques to avoid detection. Learn
  16. Fake Adobe update really *does* update Flash (while also installing cryptominer)
  17. Apple VoiceOver iOS vulnerability permits hacker access to user photos
  18. Cryptomining Malware Infects Computers via Fake Adobe Updates
  19. September 2018’s Most Wanted Malware: Cryptomining Attacks Against Apple Devices On The Rise
  20. Fake Adobe update really *does* update Flash (while also installing cryptominer)
  21. Multiple Vulnerabilities Discovered in PHP Lead to Arbitrary Code Execution, DoS
  22. Details of Vulnerability in Google PDFium’s JBIG2 Revealed
  23. A flaw in @Google Firebase #DatabaseSecurity allowed hackers to bypass security and leak data. Learn more about this #SecurityFlaw and
  24. #Mobile #malware is on the rise. With mobile devices, hackers are able to access data far more sensitive than what
  25. Un nouveau rapport montre que les attaques par ransomware ont diminué au premier semestre 2018. Les pirates se tournent vers
  26. .@TrendMicro researchers discovered #FacexWorm, a #malware that uses a #ChromeExtension and @Facebook Messenger to spread. Learn which users are at
  27. 'Flash update' scam serves up legit software, but with a side of cryptominer
  28. How does the MnuBot banking Trojan use unusual C&C servers?
  29. How a #cryptocurrency mining #malware infects systems
  30. @ThreatFabric Gaetan van Diemen showed us the actual situation and future predictions of Mobile Banking Malware. Thx for that awesome
  31. Branch.io Flaws may have affected as many as 685 million individuals
  32. Godzilla Loader and the Long Tail of Malware
  33. Branch.io Flaws Exposed Tinder, Shopify, Yelp Users to XSS Attacks
  34. What are blockchain’s smart contracts? And how to secure them
  35. Android Apps Pretend to Mine Unmineable CryptoCurrencies to Just Show Ads
  36. SpankChain hacker steals the virtual currency and returns stolen ethereum
  37. Sony PS4 encounters malicious code attack and receives malicious messages

CRIME

  1. Online ads: a potential way in for XSS attacks
  2. Facebook data breach: Victims will not be offered free identity theft protection
  3. September 2018’s Most Wanted Malware: Cryptomining Attacks Against Apple Devices On The Rise
  4. Octopus-infested seas of Central Asia
  5. Iceland's largest phishing campaign imitated police
  6. 'Flash update' scam serves up legit software, but with a side of cryptominer
  7. Old dog, new tricks - Analysing new RTF-based campaign distributing Agent Tesla, Loki with PyREbox
  8. A Russian cyber vigilante is patching outdated MikroTik routers exposed online
  9. SpankChain hacker steals the virtual currency and returns stolen ethereum

POLITICS

  1. Pentagon Defense Department travel records data breach
  2. New Gallmaker APT group eschews malware in cyber espionage campaigns
  3. A week in security (October 8 – 14)
  4. Gallmaker - Threat Group Targeting Governments and Militaries
  5. Octopus-infested seas of Central Asia
  6. Old dog, new tricks - Analysing new RTF-based campaign distributing Agent Tesla, Loki with PyREbox
  7. A Russian cyber vigilante is patching outdated MikroTik routers exposed online
at
Labels: