Daily brief for 2018-10-22

ASIA

1. Saudi Future Investment Initiative website defaced by the hackers
2. Hackers Deface Website of Saudi Investment Forum
3. How a Canadian permanent resident and Saudi Arabian dissident was targeted with powerful spyware on Canadian soil
4. Rambus Vaultify Trade: Secure transaction and storage of crypto assets on blockchain
5. A week in security (October 15 – 21)
6. Oceansalt Attacks Infrastructure, Finance, Universities and Telecommunications
7. Enigmatic cyber espionage campaign revives source code from old foe APT1
8. WebLogic Remote Code Execution Vulnerability(CVE-2018-3245) Threat Alert
9. India’s First Cryptocurrency ATM To Buy and Sell Cryptocurrencies

WORLD

10. How a Canadian permanent resident and Saudi Arabian dissident was targeted with powerful spyware on Canadian soil
11. US Tops Global Malware C2 Distribution
12. A week in security (October 15 – 21)
13. Oceansalt Attacks Infrastructure, Finance, Universities and Telecommunications
14. Safeguarding the Nation’s Critical Infrastructure
15. New Ethics Guidance for Lawyers from the American Bar Association (ABA) Regarding Data Breach and Cyber-attack
16. The boom of fileless malware attacks: How can we fight it?
17. Criminals Hijacked Records of 75 000 Users from
18. The Russian built #VPNFilter #botnet was taken down by the @FBI after over 500,000 routers were infected. However, VPNFilter is
19. Enigmatic cyber espionage campaign revives source code from old foe APT1
20. iCloud Hacker Wants $175,000 Ransom to Be Paid In Bitcoin (BTC)
21. Repairnator bot finds software bugs, successfully submits patches
22. 75,000 HealthCare.gov Users Exposed, Personal Information Stolen
23. New APT GreyEnergy Found to Target EU Critical Systems, Linked to BlackEnergy
24. US Indicts Another Russian for Role in Info Warfare Campaign
25. Anthem in Record $16m HIPAA Settlement
26. Are you aware of #Canada's data breach regulations? Get up to speed on the #blog:

ATTACKS

27. CMS portal breach exposes 75,000 individuals' records
28. New Ethics Guidance for Lawyers from the American Bar Association (ABA) Regarding Data Breach and Cyber-attack
29. According to the report, researchers detected 33,568 email addresses of finance departments that had been exposed by third parties. Can
30. #NetSpectre leaks data remotely via side-channel attacks. Learn from expert Michael Cobb of @thehairyITdog why data from #microprocessors is not
31. Phishing Scheme Leverages Azure Blob Storage and Hurricane Michael
32. Criminals Hijacked Records of 75 000 Users from
33. Strict password policy could prevent credential reuse, paper suggests
34. A #ZeroDay in #jQuery File Upload could affect thousands of projects because the jQuery #plugin vulnerability has existed for eight
35. Enigmatic cyber espionage campaign revives source code from old foe APT1
36. 75,000 HealthCare.gov Users Exposed, Personal Information Stolen
37. US Indicts Another Russian for Role in Info Warfare Campaign
38. What are DMARC records and can they improve email security?
39. Anthem in Record $16m HIPAA Settlement
40. The Hunt - Our new data breach detection video looks like a Mission Impossible trailer. However, the threats are for
41. #NetSpectre exploits speculative execution to leak data remotely via side-channel attacks. Learn how this #SecurityVulnerability affects the #cloud from expert
42. The most interesting Internet-connected vehicle hacks on record
43. Web Hosting Software VestaCP Server Compromised With DDoS Malware
44. Find out how #TLBleed abuses @Intel's HTT chip feature to leak data via TLB
45. Natural Disaster Related Phishing Scam Abusing Microsoft Azure to Steal login Credentials & Credit Card Numbers
46. Are you aware of #Canada's data breach regulations? Get up to speed on the #blog:

THREATS

47. Cisco, F5 Networks Investigate libssh Vulnerability Impact
48. How to detect hardware-based server bugs
49. Flaw in Media Library Impacts VLC, Other Software
50. Libssh CVE-2018-10933 Scanners & Exploits Released - Apply Updates Now
51. How a Canadian permanent resident and Saudi Arabian dissident was targeted with powerful spyware on Canadian soil
52. Blockchain Security and Privacy
53. Recent Branch.io Patch Creates New XSS Flaw
54. Rambus Vaultify Trade: Secure transaction and storage of crypto assets on blockchain
55. US Tops Global Malware C2 Distribution
56. Signal Upgrade Process Leaves Unencrypted Messages on Disk
57. Gamma ransomware compromises data on 16,000 patients at California hernia institute
58. Critical Bug Impacts Live555 Media Streaming Libraries
59. A newly disclosed #libSSH vulnerability could allow an attacker #AdminAccess to a server with little effort. By @MT_Heller
60. Zero-day jQuery plugin vulnerability exploited for 3 years
61. .@alienvault researchers recently discovered #MassMiner, a #cryptocurrency mining #malware that has the ability to infect systems across the web. Discover
62. CVE-2018-4013: LIVE555 streaming media RTSP Server Remote Code Execution Vulnerability
63. The boom of fileless malware attacks: How can we fight it?
64. Ransomware: A cheat sheet for professionals
65. Popular website plugin harboured a serious 0-day for years
66. A #ZeroDay in #jQuery File Upload could affect thousands of projects because the jQuery #plugin vulnerability has existed for eight
67. It's OK, I'm verified - Libssh flaw allows attackers to bypass server authentication
68. Octopus Malware
69. iCloud Hacker Wants $175,000 Ransom to Be Paid In Bitcoin (BTC)
70. Repairnator bot finds software bugs, successfully submits patches
71. Drupal Patched Critical RCE Vulnerabilities In Drupal 7 and 8
72. Trade.io loses $7.5Mil worth of cryptocurrency in mysterious cold wallet hack
73. FreeRTOS flaws expose millions of IoT devices to cyber attacks
74. The latest variant of Satan ransomware is spreading in the wild
75. The .@iDefense Vulnerability Contributor Program (VCP) bug-bounty initiative continues to attract top contributors. Join them by submitting your 0-day for
76. Maker of LuminosityLink RAT gets 30 months in the clink
77. Introducing Infura: Connecting DApps With Ethereum Without Setting up Ethereum Nodes
78. Critical vulnerabilities on FreeRTOS expose many systems to attacks
79. WebLogic Remote Code Execution Vulnerability(CVE-2018-3245) Threat Alert
80. MPlayer and VLC media player affected by critical flaw CVE-2018-4013
81. Web Hosting Software VestaCP Server Compromised With DDoS Malware
82. Adding the EICAR string to your name as part of the visitor self-registration process is a bit of a faux
83. Business-minded hackers are testing blockchain technologies to secure their illegal operations. Here's what enterprises can learn from them:
84. Remote Code Execution Flaws Found in FreeRTOS - Popular OS for Embedded Systems
85. India’s First Cryptocurrency ATM To Buy and Sell Cryptocurrencies
86. Why does Windows 10 have many bugs?

CRIME

87. Blockchain Security and Privacy
88. Rambus Vaultify Trade: Secure transaction and storage of crypto assets on blockchain
89. A week in security (October 15 – 21)
90. Oceansalt Attacks Infrastructure, Finance, Universities and Telecommunications
91. The boom of fileless malware attacks: How can we fight it?
92. Phishing Scheme Leverages Azure Blob Storage and Hurricane Michael
93. iCloud Hacker Wants $175,000 Ransom to Be Paid In Bitcoin (BTC)
94. 75,000 HealthCare.gov Users Exposed, Personal Information Stolen
95. The latest variant of Satan ransomware is spreading in the wild
96. US Indicts Another Russian for Role in Info Warfare Campaign
97. Natural Disaster Related Phishing Scam Abusing Microsoft Azure to Steal login Credentials & Credit Card Numbers

POLITICS

98. Saudi Future Investment Initiative website defaced by the hackers
99. New Ethics Guidance for Lawyers from the American Bar Association (ABA) Regarding Data Breach and Cyber-attack
100. Enigmatic cyber espionage campaign revives source code from old foe APT1
101. Octopus Malware
102. New APT GreyEnergy Found to Target EU Critical Systems, Linked to BlackEnergy
103. US Indicts Another Russian for Role in Info Warfare Campaign