Sector brief for 2018-10-24

HEALTHCARE

1. US government medical website was hacked that 75,000 personal data was stolen
2. Weekly Threat Briefing: HealthCare.gov Suffered Data Breach As Hackers Stole 75,000 Records
3. Drupal Remote Code Execution Vulnerability Threat Alert

TRANSPORT

4. CVE-2018-4338: Triggering an Information Disclosure on macOS Through a Broadcom AirPort Kext
5. Weekly Threat Briefing: HealthCare.gov Suffered Data Breach As Hackers Stole 75,000 Records
6. Securing Blockchain with Privileged Access Management

BANKING & FINANCE

7. Warning: More iOS Devices Are Infected by Cryptocurrency Mining Malware
8. Magecart hackers change tactic and target vulnerable Magento extensions
9. Cathay Pacific Hit by Data Leak Affecting 9.4M Passengers
10. FlawedAmmyy Remote Access Trojan
11. Meet Cryptojacking, the (not so) new kid on the block
12. Magecart Hackers Now Targeting Vulnerable Magento Extensions
13. sLoad Banking Trojan Downloader Displays Sophisticated Recon and Targeting
14. Exploit kits: fall 2018 review
15. Mac malware intercepts encrypted web traffic for ad injection
16. Malware Targeting Brazil Uses Legitimate Windows Components WMI and CertUtil as Part of its Routine
17. Phishing for knowledge
18. Magecart Attackers Exploit Magento Zero-Days
19. The risk to OT networks is real, and it’s dangerous for business leaders to ignore
20. Beyond Your Bank Account: Ten Astounding Finds Uncovered by Financial Malware
21. Russian Government-owned research institute linked to Triton attacks
22. Drupal Remote Code Execution Vulnerability Threat Alert
23. China asks blockchain-based service providers to control user information
24. A Digital Currency for Everyone: 5 Easy Way Steps to Follow for Buying Bitcoin

INFORMATION & TELECOMMUNICATION

25. Warning: More iOS Devices Are Infected by Cryptocurrency Mining Malware
26. Exploit for New Windows Zero-Day Published on Twitter
27. Meet Cryptojacking, the (not so) new kid on the block
28. Another Windows 0-day flaw has been published on Twitter
29. Beers with Talos EP40: BWT XL feat. SuperMicro, Giant Patches, and More Mobile Malware
30. SandboxEscaper expert is back and disclosed a new Windows Zero-Day
31. [SingCERT] Alert on Drupal Critical Vulnerabilities
32. A Windows 0day vulnerability was made public on Twitter
33. New Microsoft Windows Zero-Day Dropped on Twitter, Micropatch Available
34. Twitter User Discloses Second Microsoft Zero-Day
35. Malware Targeting Brazil Uses Legitimate Windows Components WMI and CertUtil as Part of its Routine
36. Need help managing supply chain risks? In this week's ShadowTalk episode, the team breaks it down into hardware, software
37. Pocket iNet ISP exposed 73GB of data including secret keys, plain text passwords
38. Phishing for knowledge
39. Magecart Attackers Exploit Magento Zero-Days
40. Join us, and @SentinelOne Nov 29, as we discuss fast acting #ransomware remediation, threat hunting, and #AI that stops incongruous
41. Good initiative. Would be even better if you would pay bounties for the bugs, too.
42. ISP Provider Exposed 73 Gigabytes of Highly Sensitive Data Including To The Internet
43. Office 365 for Business - from May to September - has been Recorded Lowest Phish Miss Rate Versus Rivals
44. Again Hacker Exposed New Microsoft Unpatched Zero-day Bug In Twitter With PoC
45. China asks blockchain-based service providers to control user information
46. Hacker Discloses New Windows Zero-Day Exploit On Twitter
47. NETSCOUT Takes Internet Scale Threat Protection to the Edge

FOOD

Nil

WATER

Nil

ENERGY

48. New Malware Targets Industrial Control Systems
49. Weekly Threat Briefing: HealthCare.gov Suffered Data Breach As Hackers Stole 75,000 Records
50. Deadly Malware That Attacked Saudi Industrial Plant Came From Russia
51. Drupal Remote Code Execution Vulnerability Threat Alert

GOVERNMENT & PUBLIC SERVICE

52. Russia Behind Triton Malware? A Cybersecurity Consulting Firm Confirms
53. Federal Legislation Enables Consumers to Obtain Security Freezes on Credit Reports Free of Charge
54. Yahoo to pay up to $85m to settle data breach lawsuit
55. Malware Targeting Brazil Uses Legitimate Windows Components WMI and CertUtil as Part of its Routine
56. US government medical website was hacked that 75,000 personal data was stolen
57. Weekly Threat Briefing: HealthCare.gov Suffered Data Breach As Hackers Stole 75,000 Records
58. Deadly Malware That Attacked Saudi Industrial Plant Came From Russia
59. Researchers: Russia is the initiator of ICS Attack Framework “TRITON” and Trisis
60. Russian Government-owned research institute linked to Triton attacks
61. Survey: Nearly Half of U.S. Adults Experienced a Data Breach in the Past Three Years
62. China asks blockchain-based service providers to control user information