Daily brief for 2018-10-19

ASIA

1. Kaspersky says it detected infections with DarkPulsar, alleged NSA malware
2. The Week in Ransomware - October 19th 2018 - GandCrab, Birbware, and More
3. Chinese Hackers Use 'Datper' Trojan in Recent Campaign
4. Recent phishing campaign against the Office of the First Deputy Prime Minister - Kingdom of Bahrain. Targeting Aysha Bukhelli, spoofed
5. Secret Comment Crew Code Spotted in New Attack
6. Attackers behind Operation Oceansalt reuse code from Chinese Comment Crew
7. APT Group Uses Datper Malware To Launch Cyber Attack on Asia Countries by Executing Shell Commands

WORLD

8. Small or Big Business, Malware Hits Everyone
9. This Week in Security News: Apex One™ Release and Java Usage Tracker Flaws
10. Kaspersky says it detected infections with DarkPulsar, alleged NSA malware
11. GreyEnergy
12. Onslow County Utility Hit with Ransomware Attack
13. America’s First: US Leads in Global Malware C2 Distribution
14. AISA 2018: Hunting for phishing kits
15. In this week's Risk & Repeat podcast, editors discuss the #GAOreport on vulnerabilities and weaknesses in military weapons systems and
16. US Voter Leak Hits Tea Party Organization
17. Report: Cryptocurrency Exchanges Lost $882 Million to Hackers
18. Secret Comment Crew Code Spotted in New Attack
19. #GroupIB is a platinum sponsor @Gartner_inc Security & Risk Management Summit (Dubai, UAE, 22-23 October 2018) Visit us at Stand
20. Attackers behind Operation Oceansalt reuse code from Chinese Comment Crew
21. Today we're explaining #Canada's Data Breach Regulations on the #blog. Jet on over to find out if your organization complies
22. Inside Safari Extensions | Malware’s Golden Key to User Data
23. Business emails could represent a major security flaw for UK companies, after it was revealed millions of account details are
24. ADHA's non-process for releasing My Health Record data revealed
25. Three critical vulnerabilities can be chained to take full control of D-Link routers
26. Authorities seize properties of creators of “Infamous” cheat code, for GTA V
27. Canberra competence shines in day of PM domain lapses and tortured analogies
28. Lawfare editor on persistent DDoS attack: 'We wish they'd knock it off'

ATTACKS

29. AWS FreeRTOS Bugs Allow Compromise of IoT Devices
30. Campaign 2018: Artificial intelligence is automating attacks on political campaigns
31. Chinese Hackers Use 'Datper' Trojan in Recent Campaign
32. A Pentagon #DataBreach exposed data on at least 30,000 individuals, but other details about the incident are still scarce. By
33. Password and credit card-stealing Azorult malware adds new tricks
34. Campaign 2018: Artificial Intelligence Is Automating Attacks On Political Campaigns
35. New RTF-based Campaign Distributing Agent Tesla and Loki Malware
36. AISA 2018: Hunting for phishing kits
37. Did you know? Corporate email accounts can be compromised for as little as $150. Read more key findings from our
38. Hackers launched #phishing attacks against @netflix users via malicious sites with TLS certificates. Learn how hackers mimic popular websites to
39. US Voter Leak Hits Tea Party Organization
40. VestaCP users warned about possible server compromise
41. jQuery File Upload Plugin Vulnerable for 8 Years and Only Hackers Knew
42. Recent phishing campaign against the Office of the First Deputy Prime Minister - Kingdom of Bahrain. Targeting Aysha Bukhelli, spoofed
43. Campaign launched to protect ethical hackers in the Americas
44. #HurricaneMichael #phishing schemes leverage Azure blob storage to rake in credentials. http://ow.ly/J6m850js1sk via the @threatinsight research team.
45. The blogging site Tumblr has disclosed and fixed a security flaw that could have exposed sensitive account information.
46. Facepunch 2016 breach exposed 343,000 users
47. Today we're explaining #Canada's Data Breach Regulations on the #blog. Jet on over to find out if your organization complies
48. ADHA's non-process for releasing My Health Record data revealed
49. MikroTik routers targeted by cryptomining campaign | Avast
50. Vulnerability in Tumblr could have compromise users’ account data
51. Poor security practices and access to hacking services are making it easy for #cybercriminals to compromise business email, research reveals:

THREATS

52. libssh Vulnerability: Is WatchGuard Affected?
53. 0-Day in jQuery Plugin Impacts Thousands of Applications
54. Small or Big Business, Malware Hits Everyone
55. Fixing a CSRF Vulnerability
56. This Week in Security News: Apex One™ Release and Java Usage Tracker Flaws
57. AWS FreeRTOS Bugs Allow Compromise of IoT Devices
58. City Pays $2,000 in Computer Ransomware Attack
59. Drupal dev team fixed Remote Code Execution flaws in the popular CMS
60. Water Utility ONWASA Hit by Ransomware Attack
61. Madison County Computer Systems Face a Ransomware Attack
62. Kaspersky says it detected infections with DarkPulsar, alleged NSA malware
63. The Week in Ransomware - October 19th 2018 - GandCrab, Birbware, and More
64. Top 4 tips to avoid getting hit by ransomware
65. Flaw in Libssh Grants Admin Control to Servers
66. Chinese Hackers Use 'Datper' Trojan in Recent Campaign
67. FreeRTOS Vulnerabilities Expose Many Systems to Attacks
68. Linksys E Series Vulnerabilities
69. Password and credit card-stealing Azorult malware adds new tricks
70. SettingContent-ms can be Abused to Drop Complex DeepLink and Icon-based Payload
71. Google warns Apple: Missing bugs in your security bulletins are 'disincentive to patch'
72. Onslow County Utility Hit with Ransomware Attack
73. jQuery Zero-Day Was Exploited For At Least Three Years
74. New DDoS Malware Infects Open-Source Web Hosting Software
75. A Serious Security Flaw Found in LibSSH
76. America’s First: US Leads in Global Malware C2 Distribution
77. New RTF-based Campaign Distributing Agent Tesla and Loki Malware
78. In this week's Risk & Repeat podcast, editors discuss the #GAOreport on vulnerabilities and weaknesses in military weapons systems and
79. Splunk addressed several vulnerabilities in Enterprise and Light products
80. Hackers launched #phishing attacks against @netflix users via malicious sites with TLS certificates. Learn how hackers mimic popular websites to
81. Serious D-Link router security flaws may never be patched
82. Scams and flaws: Why we get duped
83. Report: Cryptocurrency Exchanges Lost $882 Million to Hackers
84. Remote Code Execution Flaws Patched in Drupal
85. The Golden Age of Malware
86. Tumblr bug bounty program detects flaw, no user info lost
87. LuminosityLink RAT author sentenced to 30 years in prison
88. .@Google Firebase's lack of #DatabaseSecurity and inadequate #BackendDevelopment led to #DataLeaks and vulnerabilities, including HospitalGown. Learn more about this
89. The blogging site Tumblr has disclosed and fixed a security flaw that could have exposed sensitive account information.
90. Critical Flaw Found in Streaming Library Used by VLC and Other Media Players
91. Drupal Remote Code Execution Vulnerability Alert
92. Inside Safari Extensions | Malware’s Golden Key to User Data
93. .@TrendMicro researchers discovered a malicious #ChromeExtension spreading #malware. Learn more with expert @lewisnic.
94. Business emails could represent a major security flaw for UK companies, after it was revealed millions of account details are
95. Splunk Patches Several Flaws in Enterprise, Light Products
96. ADHA's non-process for releasing My Health Record data revealed
97. MikroTik routers targeted by cryptomining campaign | Avast
98. APT Group Uses Datper Malware To Launch Cyber Attack on Asia Countries by Executing Shell Commands
99. Fraudster Targets Cryptocurrency Wallets with a Variety of Info Stealers
100. Vulnerability in Tumblr could have compromise users’ account data
101. Three critical vulnerabilities can be chained to take full control of D-Link routers
102. Zero-day in popular jQuery plugin actively exploited for at least three years
103. Tumblr serious vulnerability can reveal everyone information
104. Critical Flaws Found in Amazon FreeRTOS IoT Operating System
105. Canberra competence shines in day of PM domain lapses and tortured analogies

CRIME

106. NSA-Linked 'DarkPulsar' Exploit Tool Detailed
107. Small or Big Business, Malware Hits Everyone
108. Madison County Computer Systems Face a Ransomware Attack
109. America’s First: US Leads in Global Malware C2 Distribution
110. Did you know? Corporate email accounts can be compromised for as little as $150. Read more key findings from our
111. Scams and flaws: Why we get duped
112. #HurricaneMichael #phishing schemes leverage Azure blob storage to rake in credentials. http://ow.ly/J6m850js1sk via the @threatinsight research team.
113. Secret Comment Crew Code Spotted in New Attack
114. LuminosityLink RAT author sentenced to 30 years in prison
115. #GroupIB is a platinum sponsor @Gartner_inc Security & Risk Management Summit (Dubai, UAE, 22-23 October 2018) Visit us at Stand
116. "World-renowned cybersecurity unit #GroupIB is prepping to release its annual report on trends in hi-tech cybercrime...Group-IB expects the number of
117. Authorities seize properties of creators of “Infamous” cheat code, for GTA V

POLITICS

118. Chinese Hackers Use 'Datper' Trojan in Recent Campaign
119. GreyEnergy
120. US Voter Leak Hits Tea Party Organization
121. Secret Comment Crew Code Spotted in New Attack
122. LuminosityLink RAT author sentenced to 30 years in prison
123. Attackers behind Operation Oceansalt reuse code from Chinese Comment Crew
124. Latest Hacking News Podcast