Daily brief for 2018-10-30
ASIA
- Fallout Exploit Kit Releases the Kraken Ransomware on Its Victims
- Kraken Cryptor Ransomware Gains Popularity Among Cybercriminals
- Parties Seek to Settle Yahoo Data Breach Class Action for $50M
- macOS Cryptomining Malware on the Rise
- Ransomware Threat Continues: How Infections Take Place
- .@FireEye security researchers claimed the Russian government was 'most likely' behind the #Triton #Malware attack on an industrial control system
- Cell Phone Security and Heads of State
- Disrupting the Flow: Exposed and Vulnerable Water and Energy Infrastructures
WORLD
- Fallout Exploit Kit Releases the Kraken Ransomware on Its Victims
- Kraken Cryptor Ransomware Gains Popularity Among Cybercriminals
- Girl Scouts data breach exposed personal information of 2,800 members
- SamSam ransomware group has hit 67 organizations in 2018, researchers say
- Parties Seek to Settle Yahoo Data Breach Class Action for $50M
- Bitcoin Dealer Who Operated Unlicensed Bitcoin Exchange Faces Five Years in Jail
- Malware Targeting Smartphones via Three DSP Providers
- macOS Cryptomining Malware on the Rise
- Malware Infection at USGS Traced to Employee’s Habit of Viewing Adult Content
- Ransomware Threat Continues: How Infections Take Place
- New SamSam ransomware campaign aims at targets across the US
- .@FireEye security researchers claimed the Russian government was 'most likely' behind the #Triton #Malware attack on an industrial control system
- Employee Watched Porn at Work via 9000 Web pages Drops Malware on U.S Government Network
- Treat or Trick? Six Dangerous Digital Threats Dressed up As Irresistible Treats
- SamSam: Targeted Ransomware Attacks Continue
- Is it a Phish? Halloween Edition
- A fed visited 9,000 porn sites, infecting government networks with Russian malware
- Threat Report: Jaff Ransomware Causes Havoc
- Cell Phone Security and Heads of State
- Millions of Voter Records Up for Sale Ahead of the US Midterm Elections
- There are plenty of different types of phishing attacks, but they all rely on the same basic mechanism: exploiting human
- 92% of External Web Apps Have Exploitable Security Flaws or Weaknesses: Report
- Anonymous knocks out Gabon government sites with DoS attack
- Disrupting the Flow: Exposed and Vulnerable Water and Energy Infrastructures
- The author of the Mirai botnet gets six months of house arrest
- The Russian built #VPNFilter #botnet was previously taken down after 500,000 routers were infected. However, recently it attempted a comeback.
- A good insight for Europeans on the process of the US mid-term elections and whether or it they are hackable
ATTACKS
- 4 tips to keep safe when phishing for treats this Halloween
- How database hacks could impact elections and voters' fears
- Girl Scouts data breach exposed personal information of 2,800 members
- How database hacks could impact elections and voters' fears
- Parties Seek to Settle Yahoo Data Breach Class Action for $50M
- Center for Internet Security looks to expand threat sharing program to political campaigns
- AI-Facilitated Product Aims to Stop Spear-Phishing Attacks
- Internet-Exposed HMIs Put Energy, Water Facilities at Risk: Report
- New SamSam ransomware campaign aims at targets across the US
- An Update on the jQuery-File-Upload Vulnerability
- INKY emerges from stealth with email spoofing, phishing protection service
- Is it a Phish? Halloween Edition
- Millions of Voter Records Up for Sale Ahead of the US Midterm Elections
- There are plenty of different types of phishing attacks, but they all rely on the same basic mechanism: exploiting human
- Prominent #malspam #Nymaim campaign with #BankBot #Anubis for Android UA.
APK's dropped from hxxp://pobierz48[.]tk/
SHA256: e0d17f4ff0196c6527f8aa47b3ef220d0f4e712805f99d38a0804f3ea9506ece
@ThreatFabric @virqdroid @LukasStefanko @
- Disrupting the Flow: Exposed and Vulnerable Water and Energy Infrastructures
- Thousands of critical energy and water systems exposed online for anyone to exploit
- If it's only able to leak data at 15 bits per hour, is #NetSpectre a serious threat? Learn more about
- An email hack affecting the Girl Scouts of Orange County, Calif. may have compromised the personal data of 2,800 members
- La tua azienda รจ davvero preparata in caso di data breach?
- By me @Forbes: 81.5M Voter Records For Sale On Dark Web Ahead Of Midterm Elections
- Compression File Formats of the past Come Haunting in Spam Campaigns
- Report on Phishing Attack Shows Microsoft, Paypal as well as Netflix as the Top Targets
- Cofense Triggers its Increased Phishing Defense Services
- Biggest data breach penalties for 2018
- New McAfee Report Reveals Data in the Cloud More Exposed Than Organizations Think
THREATS
- Fallout Exploit Kit Releases the Kraken Ransomware on Its Victims
- Kraken Cryptor Ransomware Gains Popularity Among Cybercriminals
- SamSam ransomware group has hit 67 organizations in 2018, researchers say
- Apple Fixes Creepy FaceTime Vulnerability, Crash Bug in macOS, and More
- Talos Vulnerability Discovery Year in Review – 2018
- Bitcoin Dealer Who Operated Unlicensed Bitcoin Exchange Faces Five Years in Jail
- Kraken Resurfaces From the Deep Web
- Malware Targeting Smartphones via Three DSP Providers
- GPlayed Trojan's Baby Brother Is After Your Bank Account
- macOS Cryptomining Malware on the Rise
- CVE-2018-15688: systemd remote code execution vulnerability affects Linux machines
- A #RemoteCodeExecution flaw in @Cisco Webex -- called WebExec -- could be an easy vector for insider attacks, and the
- Zero-day Windows Deletebug: How to squash this ‘low-quality' pest
- Microsoft Office Vulnerability Found, Check Point Research To The Rescue
- Malware Infection at USGS Traced to Employee’s Habit of Viewing Adult Content
- Ransomware Threat Continues: How Infections Take Place
- New SamSam ransomware campaign aims at targets across the US
- An Update on the jQuery-File-Upload Vulnerability
- Libssh Vulnerability Leaves Servers Open to Unauthorized Access
- Windows Zero-Day Vulnerability Disclosed
- Malicious Apps Removed From Google Play Store
- .@FireEye security researchers claimed the Russian government was 'most likely' behind the #Triton #Malware attack on an industrial control system
- Employee Watched Porn at Work via 9000 Web pages Drops Malware on U.S Government Network
- GandCrab: The Most Popular Multi-Million Dollar Ransomware of the Year
- SamSam: Targeted Ransomware Attacks Continue
- A fed visited 9,000 porn sites, infecting government networks with Russian malware
- GPlayed Trojan's baby brother is after your bank account
- .@Siemens SICLOCK central plant clocks were recently found to be affected by several vulnerabilities, some of which have been rated
- Nastiest malware of 2018: Top attack payloads wreaking havoc
- Threat Report: Jaff Ransomware Causes Havoc
- Snakes in the grass! Malicious code slithers into Python PyPI repository
- CommonRansom Ransomware Demands RDP Access to Decrypt Files
- Talos Vulnerability Discovery Year in Review - 2018
- The analysis of the attack which uses Excel 4.0 macro to avoid antivirus software detection
- 92% of External Web Apps Have Exploitable Security Flaws or Weaknesses: Report
- Prominent #malspam #Nymaim campaign with #BankBot #Anubis for Android UA.
APK's dropped from hxxp://pobierz48[.]tk/
SHA256: e0d17f4ff0196c6527f8aa47b3ef220d0f4e712805f99d38a0804f3ea9506ece
@ThreatFabric @virqdroid @LukasStefanko @
- 3 Reasons Enterprises Are Moving to Decentralized Blockchain Applications
- How to Be Protected from Malicious Message Crashing PS4 Console
- Windows 10 Bug Let UWP Apps Access All Files Without Users' Consent
- Another #BianLian Android banking #Trojan in #GooglePlay showing his other face by dropping #RedAlert v2.1
CC @Bank_Security @
- Widely Used Cryptocurrency App Launching 2 Different Powerful Backdoor on Mac Users
- Attackers getting better at quickly generating countless versions of existing #malware #antivirus @MariaKorolov -
- Unpatched MS Word Flaw Could Allow Hackers to Infect Your Computer
- Multiple Linux distributions affected by new vulnerability
- Malicious hackers and their interest in bypassing CAPTCHA
- Feature to attach video to Word files could be used to send malicious code
- Spring Framework 5.1.2 releases: bugs fix
- Most Important Security Tools and Resources For Security Researcher and Malware Analyst
- A good insight for Europeans on the process of the US mid-term elections and whether or it they are hackable
CRIME
- 4 tips to keep safe when phishing for treats this Halloween
- Fallout Exploit Kit Releases the Kraken Ransomware on Its Victims
- Kraken Cryptor Ransomware Gains Popularity Among Cybercriminals
- Parties Seek to Settle Yahoo Data Breach Class Action for $50M
- Bitcoin Dealer Who Operated Unlicensed Bitcoin Exchange Faces Five Years in Jail
- Malware Targeting Smartphones via Three DSP Providers
- macOS Cryptomining Malware on the Rise
- Judge Ordered Man to Pay $8 Million for Launching a DDoS Attack Against Rutgers
- AI-Facilitated Product Aims to Stop Spear-Phishing Attacks
- Ransomware Threat Continues: How Infections Take Place
- Treat or Trick? Six Dangerous Digital Threats Dressed up As Irresistible Treats
- INKY emerges from stealth with email spoofing, phishing protection service
- Is it a Phish? Halloween Edition
- Bushido Botnet Offered as MaaS
- 3 Reasons Enterprises Are Moving to Decentralized Blockchain Applications
- The author of the Mirai botnet gets six months of house arrest
- Malicious hackers and their interest in bypassing CAPTCHA
- New McAfee Report Reveals Data in the Cloud More Exposed Than Organizations Think
- Spring Framework 5.1.2 releases: bugs fix
POLITICS
- How database hacks could impact elections and voters' fears
- How database hacks could impact elections and voters' fears
- SamSam ransomware group has hit 67 organizations in 2018, researchers say
- Center for Internet Security looks to expand threat sharing program to political campaigns
- Cell Phone Security and Heads of State
- Anonymous knocks out Gabon government sites with DoS attack
