Oct 18, 2018

Daily brief for 2018-10-17

ASIA

  1. AISA 2018: Japan's journey from a cryptocurrency hack to better regulation
  2. New research highlights Vietnamese group's custom hacking tools
  3. Meet GreyEnergy, the newest hacking group hitting Ukraine’s power grid
  4. WhiteSource raises $35 million for open source flaw detection platform
  5. Top 5 Publicly Accessible Hacking Tools You Can Download Today
  6. WTB: MuddyWater Expands Operations
  7. Git RCE Vulnerability (CVE-2018-17456)Security Advisory

WORLD

  1. LuminosityLink RAT Author Sentenced to 30 Months in Prison
  2. MartyMcFly Malware: new Cyber-Espionage Campaign targeting Italian Naval Industry
  3. 'GreyEnergy' Cyberspies Target Ukraine, Poland
  4. 3 Years After Attacks on Ukraine Power Grid, BlackEnergy Successor Poses Growing Threat
  5. Information of 396K Users Exposed in Facepunch Data Breach
  6. 35 Million US Voter Registration Records Found for Sale on Dark Web
  7. Podcast: A Utility Ransomware Attack, Post-Hurricane
  8. How Office 365 learned to reel in phish
  9. Meet GreyEnergy, the newest hacking group hitting Ukraine’s power grid
  10. 35 million US voter records up for sale on the dark web
  11. Who is to blame for the majority of data breaches?
  12. Attackers identified in the pre-espionage stage of CNI attack
  13. SEO Poisoning Campaign Targeting U.S. Midterm Election Keywords
  14. 35 million voter records from 19 US states for sale
  15. Insult to injury: Malware menace soaks water-logged utility ravaged by Hurricane Florence
  16. WTB: MuddyWater Expands Operations
  17. US Voter Records for Sale on Hacker Forum
  18. GreyEnergy group targeting critical infrastructure with espionage
  19. Brazil expert discovers Oracle flaw that allows massive DDoS attacks
  20. Millions of US Voter Records for Sale
  21. 35 Million U.S Voter Records Selling in Popular Dark web Hacking Forum from $150 USD to $12,500 USD
  22. Russian Hackers Attack Specialist in Customer Review Tied to Innumerable Websites
  23. A crippling ransomware attack hit a water utility in the aftermath of Hurricane Florence
  24. Sony has solved the crash of PS4 receiving malicious message
  25. Vulnerability in voting machines has not been corrected after 11 years

ATTACKS

  1. Tumblr Patches Security Issue that Would Leak Emails, Hashed-Salted Passwords
  2. MartyMcFly Malware: new Cyber-Espionage Campaign targeting Italian Naval Industry
  3. Redis 5.0 release, High-performance key-value database
  4. Information of 396K Users Exposed in Facepunch Data Breach
  5. 35 Million US Voter Registration Records Found for Sale on Dark Web
  6. FBI Releases Document with Measures for Defending Against Payroll Phishing Scams
  7. How Office 365 learned to reel in phish
  8. Another Phishing Scam is Appearing in Small Business Inboxes
  9. Phishers target book publishers in new campaign
  10. Pentagon Disclosed Data Breach At Department Of Defense Affecting 30,000 Workers
  11. Is this the simple solution to password re-use?
  12. 35 million US voter records up for sale on the dark web
  13. Who is to blame for the majority of data breaches?
  14. Public Cloud Phishing
  15. Learn how hackers used TLS certificates to launch @netflix #phishing attacks from expert Michael Cobb of @thehairyITdog
  16. GreyEnergy: New malware campaign targets critical infrastructure companies
  17. Tumblr Patches A Flaw That Could Have Exposed Users’ Account Info
  18. Anthem pays out record $16m over data breach
  19. SEO Poisoning Campaign Targeting U.S. Midterm Election Keywords
  20. "Attackers have expanded [phishing attacks] significantly into SMS and social media, and are displaying a preference for targeting personal email
  21. .@Google Firebase #DatabaseSecurity proved insufficient when bypassed by hackers to leak data. Learn more about this #SecurityFlaw from expert Michael
  22. 35 million voter records from 19 US states for sale
  23. Alphabet in the soup for keeping quiet about Google+ data leak bug
  24. Anthem Mega-Breach: Record $16 Million HIPAA Settlement
  25. US Voter Records for Sale on Hacker Forum
  26. Millions of US Voter Records for Sale
  27. 35 Million U.S Voter Records Selling in Popular Dark web Hacking Forum from $150 USD to $12,500 USD
  28. Faculties and Staff of Chapman got Affected by the ‘Critical’ Phishing Attack
  29. LibSSH Flaw Allows Hackers to Take Over Servers Without Password
  30. Travel data for about 30,000 individuals was exposed in a Pentagon #DataBreach and experts expect that the information could be

THREATS

  1. AISA 2018: Japan's journey from a cryptocurrency hack to better regulation
  2. Cisco Patches Remotely Exploitable High Risk Security Bugs in Multiple Products
  3. Libssh Vulnerability Exposes Servers to Attacks
  4. Chrome 70 Updates Sign-In Options, Patches 23 Flaws
  5. VoiceOver iOS 12 Bug Creates Lock Screen Bypass Exposing User Photos
  6. LuminosityLink RAT Author Sentenced to 30 Months in Prison
  7. MartyMcFly Malware: new Cyber-Espionage Campaign targeting Italian Naval Industry
  8. Tumblr discloses vulnerability but says 'no evidence that this bug was abused'
  9. Oracle Fixes 301 Flaws in October Critical Patch Update
  10. Podcast: A Utility Ransomware Attack, Post-Hurricane
  11. Serious SSH bug lets crooks log in just by asking nicely
  12. Oracle Patched Over 300 Vulnerabilities in Its Q3 2018 Critical Patch Update
  13. LibSSH Flaw Leaves Thousands Of Servers At Risk Of Hijacking
  14. .@alienvault researchers recently discovered #MassMiner, a #cryptocurrency mining #malware that has the ability to infect systems across the web. Discover
  15. CVE-2018-10933: Libssh Server Side Authentication Bypass Vulnerability Alert
  16. Thousands of servers easy to hack due to a LibSSH Flaw
  17. Take a Bite out of the Vulnerability Remediation Backlog with InsightVM
  18. How Blockchain Is Making it Easier for Fintech Companies to Scale Up
  19. WhiteSource raises $35 million for open source flaw detection platform
  20. CVE-2018-3211: Java Usage Tracker Local Elevation of Privilege on Windows
  21. Oracle CPU October 2018: 301 vulnerabilities patched
  22. A hacker who used fake advertisements placed on local newspaper websites to spread malware has been sentenced to 33 months
  23. Thousands Of Servers Vulnerable To Hacking Due To libssh Flaw
  24. Im Interview erläutert Georgeta Toth, Regional Director bei dem Security-Spezialisten #Proofpoint, den Einfluss der Crypto-Mining-#Malware auf Endgeräte in Unternehmen.
  25. GreyEnergy: New malware campaign targets critical infrastructure companies
  26. Critical Vulnerabilities Allow Takeover of D-Link Routers
  27. Tumblr Patches A Flaw That Could Have Exposed Users’ Account Info
  28. Remote Code Implantation Flaw Found in Medtronic Cardiac Programmers
  29. Insult to injury: Malware menace soaks water-logged utility ravaged by Hurricane Florence
  30. Alphabet in the soup for keeping quiet about Google+ data leak bug
  31. Hacker: I'm logged in. New LibSSH Vulnerability: OK! I believe you.
  32. Brazil expert discovers Oracle flaw that allows massive DDoS attacks
  33. Endpoint security solutions challenged by zero-day and fileless attacks
  34. VMware addressed Code Execution Flaw in its ESXi, Workstation, and Fusion products
  35. Flaws in Branch.io Affected Over 685 Million Users
  36. How does #FacexWorm #malware use @Facebook Messenger to spread? Learn more about this new malware with expert @lewisnic.
  37. Ransomware attack hits North Carolina water utility following hurricane
  38. Android Apps claim to mine unminable cryptocurrency, just show ads
  39. #GroupIB has estimated that cryptocurrency exchanges suffered a total loss of $882 mln due to targeted attacks in 2017 and
  40. New GreyEnergy Malware Targets ICS, Tied with BlackEnergy and TeleBots
  41. Security flaw in libssh leaves thousands of servers at risk of hijacking
  42. How does #MassMiner #malware infect systems across the web?
  43. A crippling ransomware attack hit a water utility in the aftermath of Hurricane Florence
  44. Oracle patches 301 vulnerabilities, including 46 with a 9.8+ severity rating
  45. VMware Patches Code Execution Flaw in Virtual Graphics Card
  46. Avast scores high in malware protection | Avast
  47. CVE-2018-3245: Weblogic Remote Code Execution Vulnerability Alert
  48. Oracle releases Critical Patch Update Advisory – October 2018: fix 301 security bugs
  49. Git RCE Vulnerability (CVE-2018-17456)Security Advisory
  50. Sony has solved the crash of PS4 receiving malicious message
  51. LibSSH Flaw Allows Hackers to Take Over Servers Without Password
  52. Abandoned Tweet Counter Hijacked With Malicious Script
  53. 21-year-old Hacker Sentenced to 30 Months Prison for Creating Popular Hacking Tool LumunosityLink RAT
  54. Vulnerability in voting machines has not been corrected after 11 years
  55. Vulnerability in Apple VoiceOver allows hackers access to user photos
  56. Google Chrome 70.0.3538.67 releases: fix multiple high-risk vulnerabilities
  57. The attackers learn that due to the complexity and fluctuations of the pulping process, any changes could take up to
  58. The Qihoo @360CoreSec team found a @Microsoft vulnerability -- named Double Kill -- that affects applications through #MicrosoftOffice documents. Learn

CRIME

  1. LuminosityLink RAT Author Sentenced to 30 Months in Prison
  2. Information of 396K Users Exposed in Facepunch Data Breach
  3. FBI Releases Document with Measures for Defending Against Payroll Phishing Scams
  4. Another Phishing Scam is Appearing in Small Business Inboxes
  5. Meet GreyEnergy, the newest hacking group hitting Ukraine’s power grid
  6. Who is to blame for the majority of data breaches?
  7. How Blockchain Is Making it Easier for Fintech Companies to Scale Up
  8. A hacker who used fake advertisements placed on local newspaper websites to spread malware has been sentenced to 33 months
  9. SEO Poisoning Campaign Targeting U.S. Midterm Election Keywords
  10. WTB: MuddyWater Expands Operations
  11. Millions of US Voter Records for Sale
  12. Abandoned Tweet Counter Hijacked With Malicious Script
  13. 21-year-old Hacker Sentenced to 30 Months Prison for Creating Popular Hacking Tool LumunosityLink RAT
  14. Vulnerability in Apple VoiceOver allows hackers access to user photos

POLITICS

  1. Cisco Patches Remotely Exploitable High Risk Security Bugs in Multiple Products
  2. MartyMcFly Malware: new Cyber-Espionage Campaign targeting Italian Naval Industry
  3. 'GreyEnergy' Cyberspies Target Ukraine, Poland
  4. New research highlights Vietnamese group's custom hacking tools
  5. Meet GreyEnergy, the newest hacking group hitting Ukraine’s power grid
  6. GreyEnergy: New malware campaign targets critical infrastructure companies
  7. Attackers identified in the pre-espionage stage of CNI attack
  8. SEO Poisoning Campaign Targeting U.S. Midterm Election Keywords
  9. GreyEnergy group targeting critical infrastructure with espionage
  10. A crippling ransomware attack hit a water utility in the aftermath of Hurricane Florence
  11. Vulnerability in voting machines has not been corrected after 11 years
at
Labels: