Oct 19, 2018

Daily brief for 2018-10-18

ASIA

  1. Threat Report: BlackEnergy APT Group Becomes GreyEnergy
  2. GreyEnergy cyberespionage group targets Poland and Ukraine
  3. Tracking Tick Through Recent Campaigns Targeting East Asia
  4. Cyber Espionage Campaign Reuses Code from China's APT1
  5. Oceansalt cyberattack wave linked to defunct Chinese APT Comment Crew
  6. Oceansalt Linked To Defunct Chinese APT Comment Crew
  7. Group-IB: 14 cyber attacks on crypto exchanges resulted in a loss of $882 million
  8. Hacking Attacks On Cryptocurrency Exchanges Resulted in a Loss of $882 Million
  9. 'Operation Oceansalt' Reuses Code from Chinese Group APT1
  10. Oracle extends its thanks to Qihoo 360 for fixing the vulnerabilities of Weblogic
  11. Tracking Tick Through Recent Campaigns Targeting East Asia
  12. XBash Malware Security Advisory
  13. Operation Oceansalt research reveals cyber-attacks targeting South Korea, USA and Canada
  14. Targeted attacks on crypto exchanges resulted in a loss of $882 million
  15. The Equifax Hack Uploaded Files the Right Way
  16. Oceansalt cyberattack wave linked to defunct Chinese APT Comment Crew
  17. ‘Operation Oceansalt’ Delivers Wave After Wave
  18. New Reconnaissance Tool Uses Code from Eight-Year-Old Comment Crew Implant

WORLD

  1. Threat Report: BlackEnergy APT Group Becomes GreyEnergy
  2. Branch.io Flaws may have affected as many as 685 million individuals
  3. GreyEnergy cyberespionage group targets Poland and Ukraine
  4. 35 Million Records Of US Voters Data For Sale On The Dark Web
  5. Thousands of Neoflam Clients Had Their Data Leaked After Buying Frying Pans
  6. Cyber Espionage Campaign Reuses Code from China's APT1
  7. After an attempted comeback by the Russian built #VPNFilter #botnet, home #networkdevices are at risk. Learn how this #malware targets
  8. Apple to US users: Here's how you can now see what personal data we hold on you
  9. CVE-2018-8460: Exposing a Double Free in Internet Explorer for Code Execution
  10. New Pennsylvania Law Imposes Fine for Using Drones to Spy
  11. GreyEnergy Potential Successor of BlackEnergy
  12. Oceansalt cyberattack wave linked to defunct Chinese APT Comment Crew
  13. Crypto Mining Malware Runs on iPhone
  14. 'Operation Oceansalt' Reuses Code from Chinese Group APT1
  15. RAT author jailed for 30 months, ordered to hand over $725k worth of Bitcoin
  16. RAT author jailed for 30 months, ordered to hand over $725k worth of Bitcoin
  17. Apple to US users: Here's how you can now see what personal data we hold on you
  18. XBash Malware Security Advisory
  19. Anthem to pay record £12M for 2015 data breach
  20. The author of the LuminosityLink RAT sentenced to 30 Months in Prison
  21. Operation Oceansalt research reveals cyber-attacks targeting South Korea, USA and Canada
  22. Chaining three critical vulnerabilities allows takeover of D-Link routers
  23. Senate inquiry recommends locking down My Health Record by default
  24. ‘Operation Oceansalt’ Delivers Wave After Wave
  25. SEO pollution campaign affects web searches related to EU midterm elections
  26. New Reconnaissance Tool Uses Code from Eight-Year-Old Comment Crew Implant

ATTACKS

  1. 35 Million Records Of US Voters Data For Sale On The Dark Web
  2. Thousands of Neoflam Clients Had Their Data Leaked After Buying Frying Pans
  3. Tracking Tick Through Recent Campaigns Targeting East Asia
  4. Cyber Espionage Campaign Reuses Code from China's APT1
  5. The #NetSpectre vulnerability could enable a slow leak of data remotely via side channels. Expert Michael Cobb of @thehairyITdog explains
  6. Tumblr Privacy Bug Could Have Exposed Sensitive Account Data
  7. Apple to US users: Here's how you can now see what personal data we hold on you
  8. Open source web hosting software compromised with DDoS malware
  9. Anthem Settles with OCR for $16M for 2015 Data Breach
  10. The libssh “login with no password” bug – what you need to know [VIDEO]
  11. Card Factory Exposed Customers Photos Publicly Due To A Website Flaw
  12. Hackers can use legitimate #AdminTools to compromise networks. Learn more about "living off the land" attacks from expert Michael Cobb
  13. Tumblr patches bug that could have exposed user data
  14. 12.5 Million Email Archives Exposed - Why would #cybercriminals go to a #darkweb market and pay for access when they
  15. #NetSpectre exploits leak data remotely via side-channel attacks. Learn how to use #ThreatModeling to stop speculative execution from expert Ed
  16. Tracking Tick Through Recent Campaigns Targeting East Asia
  17. McAfee researchers uncover ‘significant’ espionage campaign
  18. Apple to US users: Here's how you can now see what personal data we hold on you
  19. Tumblr Fixes Security Bug that Leaked Private Account Info
  20. Tumblr fixed a #vulnerability that could have exposed sensitive account #data, including usernames/passwords and individual IP addresses. But the company
  21. The #TLBleed vulnerability uses @Intel's HTT chip feature to leak data. Learn about how hackers could use #malware to launch
  22. VestaCP compromised in a new supply-chain attack
  23. VestaCP compromised in a new supply-chain attack
  24. Anthem to pay record £12M for 2015 data breach
  25. Around 600 Computers of Anne Arundel County Public Library have been Exposed to Emotet Virus
  26. In the wake of numerous high-profile data breaches and privacy incidents, consumers are more aware and concerned than ever about
  27. Senate inquiry recommends locking down My Health Record by default
  28. Tumblr Vulnerability Exposed User Account Information
  29. The Equifax Hack Uploaded Files the Right Way
  30. Bug Trio Affecting Eight D-Link Models Leads to Full Compromise
  31. SEO pollution campaign affects web searches related to EU midterm elections

THREATS

  1. GitHub now warns devs about bugs that led to Equifax breach
  2. Flaws in telepresence robots allow hackers access to pictures, video feeds
  3. Fake Adobe Flash update hides cryptocurrency malware
  4. Branch.io Flaws may have affected as many as 685 million individuals
  5. Critical Remote Code Execution Vulnerabilities Patched by Drupal
  6. Code Execution Vulnerability Patched in Library Used by VLC, Other Media Players
  7. Flaws Open Telepresence Robots to Prying Eyes
  8. [SingCERT] Alert on Multiple Security Vulnerabilities in Oracle's Enterprise Products
  9. The #NetSpectre vulnerability could enable a slow leak of data remotely via side channels. Expert Michael Cobb of @thehairyITdog explains
  10. A newly disclosed #libSSH vulnerability could allow an attacker #AdminAccess to a server with little effort. By @MT_Heller
  11. After an attempted comeback by the Russian built #VPNFilter #botnet, home #networkdevices are at risk. Learn how this #malware targets
  12. Drupal addresses multiple critical flaws with latest release
  13. Tumblr Privacy Bug Could Have Exposed Sensitive Account Data
  14. CVE-2018-8460: Exposing a Double Free in Internet Explorer for Code Execution
  15. Open source web hosting software compromised with DDoS malware
  16. Wapiti – The Black Box Vulnerability Scanner for Web Applications
  17. Vulnerability Spotlight: Live Networks LIVE555 streaming media RTSPServer code execution vulnerability
  18. LuminosityLink Spyware Mastermind Gets 30 Months In The Clink
  19. Crooks are attempting to spread their cryptojacking malware to unsuspecting victims by disguising it as an update for Flash. The malicious
  20. Top 10 Blockchain Development Companies
  21. Crypto Mining Malware Runs on iPhone
  22. The libssh “login with no password” bug – what you need to know [VIDEO]
  23. Cryptocurrency Miners Hiding As Flash Updates
  24. GPlayed Trojan - .Net Playing with Google Market
  25. Card Factory Exposed Customers Photos Publicly Due To A Website Flaw
  26. How Shodan helps identify ICS cybersecurity vulnerabilities
  27. Cryptomining Malware Attacks On iPhones Grew By 400%
  28. Hacking Attacks On Cryptocurrency Exchanges Resulted in a Loss of $882 Million
  29. RAT author jailed for 30 months, ordered to hand over $725k worth of Bitcoin
  30. Oracle extends its thanks to Qihoo 360 for fixing the vulnerabilities of Weblogic
  31. RAT author jailed for 30 months, ordered to hand over $725k worth of Bitcoin
  32. Tumblr patches bug that could have exposed user data
  33. [SingCERT] Alert on Linksys E Series Routers Vulnerabilities (CVE-2018-3953, CVE-2018-3954, and CVE-2018-3955)
  34. Apache Access Vulnerability Could Affect Thousands of Applications
  35. LuminosityLink spyware mastermind gets 30 months in the clink, forfeits $725k in Bitcoin
  36. Last year, D-Link flubbed a router bug-fix, so it's back with total pwnage
  37. Party like it's 1989... SVGA code bug haunts VMware's house, lets guests flee to host OS
  38. Oracle Patches 301 Vulnerabilities in October Update
  39. Tumblr Fixes Security Bug that Leaked Private Account Info
  40. Ruby 2.4.5 released: 40 bug fixes
  41. Tumblr fixed a #vulnerability that could have exposed sensitive account #data, including usernames/passwords and individual IP addresses. But the company
  42. The #TLBleed vulnerability uses @Intel's HTT chip feature to leak data. Learn about how hackers could use #malware to launch
  43. XBash Malware Security Advisory
  44. New libSSH vulnerability gives root access to servers
  45. A 4-year-old #libSSH vulnerability can allow attackers to easily log in to servers with full administrative control, but it is
  46. The implications of the NetSpectre vulnerability
  47. Researcher Livestreams 51% Attack on Altcoin Blockchain
  48. The author of the LuminosityLink RAT sentenced to 30 Months in Prison
  49. #Shodan can be a helpful tool for security professionals to locate #ICSsecurity vulnerabilities. Expert Ernie Hayden explains how Shodan works
  50. Oracle security updates contains 45 critical-rated vulnerability
  51. A #libSSH vulnerability that went undisclosed for almost five years could allow an attacker easy #AdminAccess to servers, @0xAmit said
  52. Vulnerability Spotlight: Live Networks LIVE555 streaming media RTSPServer code execution vulnerability
  53. Stegware: How is #malware using #steganography techniques to avoid detection?
  54. Cryptojacking: A hidden cost for your company
  55. Chaining three critical vulnerabilities allows takeover of D-Link routers
  56. Around 600 Computers of Anne Arundel County Public Library have been Exposed to Emotet Virus
  57. Report: Cryptocurrency Exchanges Lost $882 Million to Hackers
  58. Tumblr Fixes Critical Security Bug That Exposes User Account Details
  59. In order to distribute the attack payload, the code needs to be downloaded onto the PLCs & safety controllers. This
  60. Tumblr Vulnerability Exposed User Account Information
  61. Bug Trio Affecting Eight D-Link Models Leads to Full Compromise
  62. 7 best practices for negotiating ransomware payments

CRIME

  1. Threat Report: BlackEnergy APT Group Becomes GreyEnergy
  2. GreyEnergy cyberespionage group targets Poland and Ukraine
  3. Thousands of Neoflam Clients Had Their Data Leaked After Buying Frying Pans
  4. New Pennsylvania Law Imposes Fine for Using Drones to Spy
  5. Group-IB: 14 cyber attacks on crypto exchanges resulted in a loss of $882 million
  6. Hacking Attacks On Cryptocurrency Exchanges Resulted in a Loss of $882 Million
  7. RAT author jailed for 30 months, ordered to hand over $725k worth of Bitcoin
  8. RAT author jailed for 30 months, ordered to hand over $725k worth of Bitcoin
  9. Tumblr patches bug that could have exposed user data
  10. 12.5 Million Email Archives Exposed - Why would #cybercriminals go to a #darkweb market and pay for access when they
  11. XBash Malware Security Advisory
  12. VestaCP compromised in a new supply-chain attack
  13. VestaCP compromised in a new supply-chain attack
  14. The author of the LuminosityLink RAT sentenced to 30 Months in Prison
  15. Targeted attacks on crypto exchanges resulted in a loss of $882 million
  16. 7 best practices for negotiating ransomware payments

POLITICS

  1. Threat Report: BlackEnergy APT Group Becomes GreyEnergy
  2. GreyEnergy cyberespionage group targets Poland and Ukraine
  3. New APT Could Signal Reemergence of Notorious Comment Crew
  4. Cyber Espionage Campaign Reuses Code from China's APT1
  5. New Pennsylvania Law Imposes Fine for Using Drones to Spy
  6. GreyEnergy Spy APT Mounts Sophisticated Effort Against Critical Infrastructure
  7. GreyEnergy Potential Successor of BlackEnergy
  8. Oceansalt cyberattack wave linked to defunct Chinese APT Comment Crew
  9. 'Operation Oceansalt' Reuses Code from Chinese Group APT1
  10. RAT author jailed for 30 months, ordered to hand over $725k worth of Bitcoin
  11. RAT author jailed for 30 months, ordered to hand over $725k worth of Bitcoin
  12. Tracking Tick Through Recent Campaigns Targeting East Asia
  13. McAfee researchers uncover ‘significant’ espionage campaign
  14. Operation Oceansalt research reveals cyber-attacks targeting South Korea, USA and Canada
  15. New Reconnaissance Tool Uses Code from Eight-Year-Old Comment Crew Implant
at
Labels: