Oct 25, 2018

Daily brief for 2018-10-24

ASIA

  1. Cathay Pacific breach leaks personal data on 9.4 million people
  2. Democratic Fundraising Firm Leaks Voter Database, Clients, Fundraisers
  3. Cathay Pacific Hit by Data Leak Affecting 9.4M Passengers
  4. Russia Behind Triton Malware? A Cybersecurity Consulting Firm Confirms
  5. Exploit kits: fall 2018 review
  6. Russian Malware Used In An Attempt To Sabotage Saudi Petrol Plant
  7. Weekly Threat Briefing: HealthCare.gov Suffered Data Breach As Hackers Stole 75,000 Records
  8. Phishing for knowledge
  9. Deadly Malware That Attacked Saudi Industrial Plant Came From Russia
  10. Researchers: Russia is the initiator of ICS Attack Framework “TRITON” and Trisis
  11. South Korea Seems Chief Target of the ‘Operation Oceansalt’ Campaign
  12. Russian Government-owned research institute linked to Triton attacks
  13. FireEye: Russian Research Lab Aided the Development of TRITON Industrial Malware
  14. Drupal Remote Code Execution Vulnerability Threat Alert
  15. China asks blockchain-based service providers to control user information

WORLD

  1. ​Australian woman arrested over AU$450,000 Ripple theft
  2. Warning: More iOS Devices Are Infected by Cryptocurrency Mining Malware
  3. Hacker Guccifer, who exposed Clinton private email server, ready for US prison sentence
  4. Magecart hackers change tactic and target vulnerable Magento extensions
  5. Russia Behind Triton Malware? A Cybersecurity Consulting Firm Confirms
  6. Supermarket told it must compensate 100,000 workers after payroll data deliberately leaked by rogue employee
  7. New Malware Targets Industrial Control Systems
  8. Meet Cryptojacking, the (not so) new kid on the block
  9. Exploit kits: fall 2018 review
  10. Pocket iNet Leaves 73 GB of Sensitive Data Exposed
  11. Beers with Talos EP40: BWT XL feat. SuperMicro, Giant Patches, and More Mobile Malware
  12. Yahoo to pay up to $85m to settle data breach lawsuit
  13. Russian Malware Used In An Attempt To Sabotage Saudi Petrol Plant
  14. Apple's Tim Cook: Our personal data is 'weaponized against us' by you-know-who
  15. Malware Targeting Brazil Uses Legitimate Windows Components WMI and CertUtil as Part of its Routine
  16. US government medical website was hacked that 75,000 personal data was stolen
  17. "The resurgence of #VPNFilter #botnet appears to be limited to the Ukraine, but given the ease of infecting targeted systems,
  18. Morrisons supermarket: We're taking payroll leak liability fight to UK Supreme Court
  19. Pocket iNet ISP exposed 73GB of data including secret keys, plain text passwords
  20. Weekly Threat Briefing: HealthCare.gov Suffered Data Breach As Hackers Stole 75,000 Records
  21. Phishing for knowledge
  22. US Department of Defense Expands Bug Bounty Efforts
  23. Magecart Attackers Exploit Magento Zero-Days
  24. Join us, and @SentinelOne Nov 29, as we discuss fast acting #ransomware remediation, threat hunting, and #AI that stops incongruous
  25. Deadly Malware That Attacked Saudi Industrial Plant Came From Russia
  26. Researchers: Russia is the initiator of ICS Attack Framework “TRITON” and Trisis
  27. ISP Provider Exposed 73 Gigabytes of Highly Sensitive Data Including To The Internet
  28. South Korea Seems Chief Target of the ‘Operation Oceansalt’ Campaign
  29. Russian Government-owned research institute linked to Triton attacks
  30. FireEye: Russian Research Lab Aided the Development of TRITON Industrial Malware
  31. Survey: Nearly Half of U.S. Adults Experienced a Data Breach in the Past Three Years
  32. Marine diesel engines software developed by Auto Maskin has serious vulnerabilities
  33. China asks blockchain-based service providers to control user information

ATTACKS

  1. Cathay Pacific breach leaks personal data on 9.4 million people
  2. Cathay Pacific data breach hits 9.4 million people
  3. Hacker Guccifer, who exposed Clinton private email server, ready for US prison sentence
  4. Democratic Fundraising Firm Leaks Voter Database, Clients, Fundraisers
  5. Cathay Pacific Hit by Data Leak Affecting 9.4M Passengers
  6. Supermarket told it must compensate 100,000 workers after payroll data deliberately leaked by rogue employee
  7. Information-Stealing Malware Campaign Evades Anti-Virus Detection
  8. Cathay Pacific Suffers Data Breach Impacting 9.4 Million Passengers
  9. Pocket iNet Leaves 73 GB of Sensitive Data Exposed
  10. Yahoo to pay up to $85m to settle data breach lawsuit
  11. Tim Cook Blasts Weaponization Of Personal Data And Praises GDPR
  12. Pocket iNet Left All Of Its Corporate Passwords, Keys, And Data Exposed
  13. Apple's Tim Cook: Our personal data is 'weaponized against us' by you-know-who
  14. A #ZeroDay in #jQuery File Upload could affect thousands of projects because the jQuery #plugin vulnerability has existed for eight
  15. Phishing Attack Tip 1: Beware of Unsettling Content An email containing unsettling, startling, or urgent content that requires immediate action on
  16. Last year the @USAgov required agencies to implement #DMARC records and policies by October 2018. Learn just how hard DMARC
  17. Discover how #NetSpectre attacks leak data remotely via side-channels with Michael Cobb of @thehairyITdog.
  18. Yahoo Agrees to Pay $50 Million in Damages to Settle Data Breach Lawsuit
  19. Business Email Compromise: Gift Cards
  20. The Enduring Password Conundrum
  21. US government medical website was hacked that 75,000 personal data was stolen
  22. Morrisons supermarket: We're taking payroll leak liability fight to UK Supreme Court
  23. Pocket iNet ISP exposed 73GB of data including secret keys, plain text passwords
  24. Weekly Threat Briefing: HealthCare.gov Suffered Data Breach As Hackers Stole 75,000 Records
  25. Phishing for knowledge
  26. Phishing attacks: Why is email still such an easy target for hackers?
  27. Yahoo agrees to pay $50 million to settle data breach lawsuit
  28. My Health Record opt-outs now sit at over 1.1 million
  29. ISP Provider Exposed 73 Gigabytes of Highly Sensitive Data Including To The Internet
  30. South Korea Seems Chief Target of the ‘Operation Oceansalt’ Campaign
  31. Office 365 for Business - from May to September - has been Recorded Lowest Phish Miss Rate Versus Rivals
  32. Again Hacker Exposed New Microsoft Unpatched Zero-day Bug In Twitter With PoC
  33. Yahoo to pay at least $85m for data breach settlement
  34. Area 1 Security releases Pay-Per-Phish, the performance-based cybersecurity solution
  35. Survey: Nearly Half of U.S. Adults Experienced a Data Breach in the Past Three Years
  36. A recent @HealthCareGov #breach exposed unknown types of data on 75,000 people, but a lack of information in the disclosure

THREATS

  1. ​Australian woman arrested over AU$450,000 Ripple theft
  2. Warning: More iOS Devices Are Infected by Cryptocurrency Mining Malware
  3. Windows ‘Deletebug’ Zero-Day Allows Privilege Escalation, Destruction
  4. Russia Behind Triton Malware? A Cybersecurity Consulting Firm Confirms
  5. Vulnerabilities in Linksys Routers May Grant Attackers Full Control
  6. Information-Stealing Malware Campaign Evades Anti-Virus Detection
  7. New Malware Targets Industrial Control Systems
  8. FlawedAmmyy Remote Access Trojan
  9. Exploit for New Windows Zero-Day Published on Twitter
  10. Cisco Patches Local WebEx Vulnerability, Remotely Exploitable in AD Deployments
  11. Meet the malware which turns your smartphone into a mobile proxy
  12. CVE-2018-4338: Triggering an Information Disclosure on macOS Through a Broadcom AirPort Kext
  13. Meet Cryptojacking, the (not so) new kid on the block
  14. sLoad Banking Trojan Downloader Displays Sophisticated Recon and Targeting
  15. ThreatList: Ransomware, EKs and Trojans lead the Way in Q3 Malware Trends
  16. Another Windows 0-day flaw has been published on Twitter
  17. .@Siemens disclosed six SICLOCK flaws that were found within its central plant clocks. Discover why three flaws have been rated
  18. Beers with Talos EP40: BWT XL feat. SuperMicro, Giant Patches, and More Mobile Malware
  19. Mac malware intercepts encrypted web traffic for ad injection
  20. SandboxEscaper expert is back and disclosed a new Windows Zero-Day
  21. Pentagon Launches Continuous Bug Bounty Program
  22. Russian Malware Used In An Attempt To Sabotage Saudi Petrol Plant
  23. [SingCERT] Alert on Drupal Critical Vulnerabilities
  24. A Windows 0day vulnerability was made public on Twitter
  25. Organizations with strong DevSecOps find flaws 11x faster than those without
  26. New Microsoft Windows Zero-Day Dropped on Twitter, Micropatch Available
  27. A #ZeroDay in #jQuery File Upload could affect thousands of projects because the jQuery #plugin vulnerability has existed for eight
  28. Most enterprise vulnerabilities remain unpatched a month after discovery
  29. WizCase Found Critical Firmware Vulnerabilities In Leading NAS Devices
  30. New Windows Zero-Day Bug Helps Delete Any File, Exploit Available
  31. Twitter User Discloses Second Microsoft Zero-Day
  32. Malware Targeting Brazil Uses Legitimate Windows Components WMI and CertUtil as Part of its Routine
  33. Firefox 63 Released with Enhanced Tracking Protection and Fixes 14 Security Vulnerabilities
  34. Most applications 'suffer from information leakage bugs'
  35. DoD bug bounty program to expand to more sensitive systems
  36. LuminosityLink RAT author sentenced to 2.5 years in jail
  37. 3-year-old jQuery plugin vulnerability finally patched
  38. US Department of Defense Expands Bug Bounty Efforts
  39. The Qihoo @360CoreSec team found a @Microsoft vulnerability -- named Double Kill -- that affects applications through #MicrosoftOffice documents. Learn
  40. Join us, and @SentinelOne Nov 29, as we discuss fast acting #ransomware remediation, threat hunting, and #AI that stops incongruous
  41. Deadly Malware That Attacked Saudi Industrial Plant Came From Russia
  42. FBI: Call of Duty gamers helped steal $3.3 million in cryptocurrency hacking scheme
  43. Good initiative. Would be even better if you would pay bounties for the bugs, too.
  44. Learn about the #NetSpectre vulnerability and the benefits of #ThreatModeling for cloud deployments from expert Ed Moyle of @securitycurve.
  45. Crytojacking 101; why cryptojacking is bad for business
  46. A summer intern took a look at tinc VPN, they found some nice authentication bypass and message tampering flaws
  47. Beyond Your Bank Account: Ten Astounding Finds Uncovered by Financial Malware
  48. FireEye: Russian Research Lab Aided the Development of TRITON Industrial Malware
  49. Again Hacker Exposed New Microsoft Unpatched Zero-day Bug In Twitter With PoC
  50. How Microsoft's Controlled Folder Access can help stop ransomware
  51. Marine diesel engines software developed by Auto Maskin has serious vulnerabilities
  52. Drupal Remote Code Execution Vulnerability Threat Alert
  53. China asks blockchain-based service providers to control user information
  54. A Digital Currency for Everyone: 5 Easy Way Steps to Follow for Buying Bitcoin
  55. Hacker Discloses New Windows Zero-Day Exploit On Twitter
  56. Securing Blockchain with Privileged Access Management

CRIME

  1. ​Australian woman arrested over AU$450,000 Ripple theft
  2. Warning: More iOS Devices Are Infected by Cryptocurrency Mining Malware
  3. Hacker Guccifer, who exposed Clinton private email server, ready for US prison sentence
  4. Magecart hackers change tactic and target vulnerable Magento extensions
  5. Federal Legislation Enables Consumers to Obtain Security Freezes on Credit Reports Free of Charge
  6. Yahoo to pay up to $85m to settle data breach lawsuit
  7. Business Email Compromise: Gift Cards
  8. US government medical website was hacked that 75,000 personal data was stolen
  9. Morrisons supermarket: We're taking payroll leak liability fight to UK Supreme Court
  10. Weekly Threat Briefing: HealthCare.gov Suffered Data Breach As Hackers Stole 75,000 Records
  11. LuminosityLink RAT author sentenced to 2.5 years in jail
  12. Phishing for knowledge
  13. FBI: Call of Duty gamers helped steal $3.3 million in cryptocurrency hacking scheme
  14. Beyond Your Bank Account: Ten Astounding Finds Uncovered by Financial Malware
  15. Survey: Nearly Half of U.S. Adults Experienced a Data Breach in the Past Three Years
  16. China asks blockchain-based service providers to control user information
  17. Securing Blockchain with Privileged Access Management

POLITICS

  1. New Malware Targets Industrial Control Systems
  2. Meet Cryptojacking, the (not so) new kid on the block
  3. Russian Malware Used In An Attempt To Sabotage Saudi Petrol Plant
  4. Pocket iNet ISP exposed 73GB of data including secret keys, plain text passwords
  5. Weekly Threat Briefing: HealthCare.gov Suffered Data Breach As Hackers Stole 75,000 Records
  6. Phishing for knowledge
  7. Deadly Malware That Attacked Saudi Industrial Plant Came From Russia
  8. ISP Provider Exposed 73 Gigabytes of Highly Sensitive Data Including To The Internet
  9. South Korea Seems Chief Target of the ‘Operation Oceansalt’ Campaign
  10. Russian Government-owned research institute linked to Triton attacks
at
Labels: