Oct 27, 2018

Daily brief for 2018-10-26

ASIA

  1. GreyEnergy cyberespionage group targets Poland and Ukraine
  2. Facebook removes Iranian influence campaign as midterms near
  3. Exploits Block List Grows 50% Because of Spambot, Avalanche/Gamarue botnet
  4. CVE-2018-14665 privilege escalation flaw affects popular Linux distros
  5. 23-year-old woman charged with stealing $320,000 worth of cryptocurrency
  6. Tracking Tick Through Recent Campaigns Targeting East Asia
  7. .@FireEye #security researchers claimed the Russian government was 'most likely' behind the #Triton #malware attack on an industrial control system
  8. North Korea regime using and exploiting cryptocurrencies
  9. North Korea Backed Two Cryptocurrency Scams This Year, Says Report
  10. LIVE NETWORKS LIVE555 Streaming Media RTSP Server Remote Code Execution Vulnerability(CVE-2018-4013) Threat Alert
  11. New Privilege Escalation Flaw Affects Most Linux Distributions
  12. Operation Oceansalt
  13. Hackers attack Cathay Pacific
  14. China’s Alibaba Cloud Expands Enterprise Blockchain Offering to Global Markets
  15. Russian sabotage in Saudi petrochemicals

WORLD

  1. British Airways: additional 185,000 passengers may have been affected
  2. University DDoS attack leads to $8.6 million fine, house arrest for New Jersey man
  3. GreyEnergy cyberespionage group targets Poland and Ukraine
  4. British Airways: 185K Affected in Second Data Breach
  5. BA Website Hijacked by Magecart. Again. | Avast
  6. British Airways Data Breach Takes Off Again with 185K More Victims
  7. 23-year-old woman charged with stealing $320,000 worth of cryptocurrency
  8. 23-year-old woman charged with stealing $320,000 worth of cryptocurrency
  9. US Counters Russian Influence & Magecart Hacks Magento | Avast
  10. .@FireEye #security researchers claimed the Russian government was 'most likely' behind the #Triton #malware attack on an industrial control system
  11. BA website and data breach by Magecart deeper than first thought
  12. North Korea Backed Two Cryptocurrency Scams This Year, Says Report
  13. What a crane in the ass: Bug leaves construction machinery vulnerable to evil command injection
  14. No Place for Security as Cryptocurrency Skills Demand Soars
  15. BA Breach: An Extra 185K Customers Notified
  16. British Airways data breach worse than thought
  17. Experts presented BOTCHAIN, the first fully functional Botnet built upon the Bitcoin Protocol
  18. Hackers attack Cathay Pacific
  19. China’s Alibaba Cloud Expands Enterprise Blockchain Offering to Global Markets
  20. Second attack against British Airways is disclosed
  21. Russian sabotage in Saudi petrochemicals

ATTACKS

  1. ThreatList: 1 Out of 5 Would Ditch a Business After a Data Breach
  2. Facebook removes Iranian influence campaign as midterms near
  3. Bushido-Powered DDoS Service Whipped Up from Leaked Code
  4. British Airways: 185K Affected in Second Data Breach
  5. British Airways Data Breach Takes Off Again with 185K More Victims
  6. Microsoft bug makes phishing easy, says cybersecurity firm
  7. Settlement in Yahoo data breach leaves company to pay $50M
  8. Pocket iNET ISP Exposed 73GB of Sensitive Data On Misconfigured S3 Bucket
  9. Campaign 2018: New malware attacks target voters in key battleground states
  10. Cathay Pacific Hacked, Personal Data For 9.4 Million Passengers Compromised
  11. PhishX –Spear Phishing Tool for Capturing Credentials
  12. Tracking Tick Through Recent Campaigns Targeting East Asia
  13. Details of 9mil compromised in Cathay Pacific data leak
  14. Cathay Pacific Suffered Data Breach Affecting 9.4 Million Customers
  15. BA website and data breach by Magecart deeper than first thought
  16. Malicious actors attacked a back-end insurance system and the resulting @HealthCareGov #breach exposed an unknown amount of data on 75,000
  17. Cathay Pacific hack: Personal data of up to 9.4 million airline passengers laid bare
  18. Cathay Pacific Says 9.4 Million Affected by Data Breach
  19. A #ZeroDay in the popular #jQuery File Upload plugin could affect thousands of projects and the jQuery #plugin vulnerability may
  20. Airline Discovers Trove of Frequent Flyer Accounts Compromised and Posted for Sale Online:
  21. British Airways data breach worse than thought
  22. Spammers Behind Historic Data Breach Affecting Millions of Facebook Users
  23. Cathay Pacific Airways Confirm Data Breach of its Customers
  24. “Advanced attacks, spear-phishing and data breaches are the norm, instead of the exception. We need to address these issues with
  25. New Malware Abusing Two Legitimate Windows Files to Steal Victims Personal Data

THREATS

  1. Due to Misconfigured Component: DemonBot Malware Infects Multiple Apache Hadoop Servers
  2. PoC Attack Leverages Microsoft Office and YouTube to Deliver Malware
  3. CVE-2018-14665 privilege escalation flaw affects popular Linux distros
  4. Cloudflare WAF Bypass Vulnerability Discovered
  5. Code Execution Vulnerability Patched in Cross-Platform MKVToolNix Toolset
  6. The Week in Ransomware - October 26th 2018 - Decryptors, RaaS, and More
  7. Vulnerability Spotlight: Talos-2018-0694 – MKVToolNix mkvinfo read_one_element Code Execution Vulnerability
  8. ICMP Shell- Secret Command and Control Channel to Control Victims Machine Using Ping
  9. Microsoft bug makes phishing easy, says cybersecurity firm
  10. Scammers use old browser trick to create fake virus download
  11. A flaw in @Cisco Webex -- called WebExec -- can allow #RemoteCodeExecution. And while experts don't agree on how dangerous
  12. Campaign 2018: New malware attacks target voters in key battleground states
  13. 23-year-old woman charged with stealing $320,000 worth of cryptocurrency
  14. 23-year-old woman charged with stealing $320,000 worth of cryptocurrency
  15. Pentagon Expands Bug Bounty To Include Physical Systems
  16. WebExec vulnerability leaves Webex open to insider attacks
  17. DeepPhish: Simulating Malicious AI to Act Like an Adversary
  18. Trivial Bug in X.Org Gives Root Permission on Linux and BSD Systems
  19. .@FireEye #security researchers claimed the Russian government was 'most likely' behind the #Triton #malware attack on an industrial control system
  20. North Korea regime using and exploiting cryptocurrencies
  21. Researchers discovered a vulnerability in Cisco #Webex, called #WebExec, which allows local attackers to issue commands as privileged users. @iagox86
  22. Malicious actors attacked a back-end insurance system and the resulting @HealthCareGov #breach exposed an unknown amount of data on 75,000
  23. 3 Keys to Reducing the Threat of Ransomware
  24. Cisco patches command injection bug in Webex Meetings Desktop App for Windows
  25. North Korea Backed Two Cryptocurrency Scams This Year, Says Report
  26. CVE-2018-9206 was maliciously exploited that multiple websites were linked to the search page to jump to the betting site
  27. CVE-2018-14665: Xorg X Server privilege escalation vulnerabilities
  28. What a crane in the ass: Bug leaves construction machinery vulnerable to evil command injection
  29. An innovative partnership could help Cyber Command fight malware
  30. Researchers report vulnerability in Microsoft Word's online video feature
  31. A #ZeroDay in the popular #jQuery File Upload plugin could affect thousands of projects and the jQuery #plugin vulnerability may
  32. No Place for Security as Cryptocurrency Skills Demand Soars
  33. Vulnerability Spotlight: Talos-2018-0694 - MKVToolNix mkvinfo read_one_element Code Execution Vulnerability
  34. What Is Gridcoin and How Can It Advance Science?
  35. LIVE NETWORKS LIVE555 Streaming Media RTSP Server Remote Code Execution Vulnerability(CVE-2018-4013) Threat Alert
  36. Experts presented BOTCHAIN, the first fully functional Botnet built upon the Bitcoin Protocol
  37. New Privilege Escalation Flaw Affects Most Linux Distributions
  38. Top 5 Application Vulnerabilities: How to Prevent Risks
  39. 7 places to find threat intel beyond vulnerability databases
  40. New Malware Abusing Two Legitimate Windows Files to Steal Victims Personal Data
  41. China’s Alibaba Cloud Expands Enterprise Blockchain Offering to Global Markets
  42. Zero-day vulnerability in Windows allows privileges escalation
  43. How to become a Monero million(th)aire in just 20 minutes [PODCAST]

CRIME

  1. British Airways: additional 185,000 passengers may have been affected
  2. University DDoS attack leads to $8.6 million fine, house arrest for New Jersey man
  3. GreyEnergy cyberespionage group targets Poland and Ukraine
  4. BA Website Hijacked by Magecart. Again. | Avast
  5. Scammers use old browser trick to create fake virus download
  6. 23-year-old woman charged with stealing $320,000 worth of cryptocurrency
  7. 23-year-old woman charged with stealing $320,000 worth of cryptocurrency
  8. North Korea Backed Two Cryptocurrency Scams This Year, Says Report
  9. No Place for Security as Cryptocurrency Skills Demand Soars
  10. BA Breach: An Extra 185K Customers Notified
  11. Experts presented BOTCHAIN, the first fully functional Botnet built upon the Bitcoin Protocol
  12. Hackers attack Cathay Pacific
  13. Second attack against British Airways is disclosed
  14. Russian sabotage in Saudi petrochemicals

POLITICS

  1. GreyEnergy cyberespionage group targets Poland and Ukraine
  2. ICMP Shell- Secret Command and Control Channel to Control Victims Machine Using Ping
  3. Campaign 2018: New malware attacks target voters in key battleground states
  4. Tracking Tick Through Recent Campaigns Targeting East Asia
  5. US Counters Russian Influence & Magecart Hacks Magento | Avast
  6. Experts presented BOTCHAIN, the first fully functional Botnet built upon the Bitcoin Protocol
  7. Russian sabotage in Saudi petrochemicals
at
Labels: