Threat report for 2018-09-30

DATA BREACH

1. Experts comment on Facebook’s 50 million user credential leak
2. 40 million more likely affected by massive Facebook data leak - Bitdefender
3. Project Insecurity (@insecurity) researchers discovered certain #livechatsoftware that were leaking personal details of employee at several high-profile sites. Discover how
4. Telegram Leaks Public & Private IP Address While Making Calls
5. The United Nations (@UN) accidentally exposed sensitive information on public @trello boards, in the Jira app, and in #GoogleDocs and
6. 3 GOP senators doxed during Kavanaugh hearing
7. Uber has agreed to pay more than $140 Million for a data breach settlement

DENIAL-OF-SERVICE

Nothing to report

MALVERTISING

Nothing to report

PHISHING

8. Chegg forces password reset on 40 million users
9. Hackers are Selling Social Media Logins & Financial Details On Dark Web starting from £2
10. USBStealer – Password Hacking Tool For Windows Machine Applications to Perform Windows Penetration Testing

WEB DEFACEMENT

Nothing to report

MALWARE

11. GANDCRAB 5.0.1 Ransom Virus – How to Remove It and Restore Data
12. Week in review: First-ever UEFI rootkit, Apple DEP vulnerability, new tactics subvert traditional security measures
13. Apple DEP Authentication Flaw Leaves Devices Vulnerable To Malicious MDM Enrolling
14. Telegram Leaks Public & Private IP Address While Making Calls
15. #Android #Trojan: How is data being stolen from #messagingapps?
16. Docs reveal how Fruitfly Mac spyware initially spread
17. Cryptomining Malware Grows by 86% in Q2: McAfee Report
18. Facebook monetizes 2FA, Singapore monetizes hacker, and ransomware creeps monetize US Democrats
19. Security roundup: Facebook, ransomware, UEFI rootkit, Berners-Lee’s plan for new internet
20. Telegram exposes the IP address during a user call by default
21. #GoScanSSH: How does this #malware work and differ from others?
22. Xbash Malware Combines Many Malicious Functions in Worm
23. Discover how the #VPNFilter #malware works and affects users
24. Alphabet's Chronicle has given #VirusTotal a makeover. Find out what's in the new VirusTotal Enterprise offering. By @RobWright22
25. Improving core processes with next-generation mobile productivity solutions can bring power and cost efficiency gains. However, we must not lose
26. Malware in the Cloud: What You Need to Know
27. Beware !! USB Devices & Removable Media are Used to Inject Cryptocurrency Mining Malware

EXPLOIT

28. Facebook Ad Targeting Exploits Users’ 2FA Phone Numbers
29. FBI IC3 warns of cyber attacks exploiting Remote Desktop Protocol (RDP)

VULNERABILITY

30. Mutagen Astronomy – Linux Vulnerability Hits CentOS, Debian, and Red Hat Distros
31. Facebook Says Three Different Bugs Are Responsible For The Massive Account Hacks
32. Week in review: First-ever UEFI rootkit, Apple DEP vulnerability, new tactics subvert traditional security measures
33. Estonia sues Gemalto for 152M euros over flaws in citizen ID cards issued by the company
34. Apple DEP Authentication Flaw Leaves Devices Vulnerable To Malicious MDM Enrolling
35. #Cisco patches yet another hardcoded credentials flaw, this time in its video surveillance manager appliance; the latest vulnerability is at
36. Mojave Flaws Allow An Attacker To Bypass Full Disk Access Requirement
37. Election equipment vendors come under fire for #votingmachine security in the latest #DEFCON report, which details flaws -- one from
38. Cisco Multiple Security Vulnerabilities Alert
39. Zero-Day MacOS Mojave Privacy Bypass Bug Exposes Protected Files
40. A Top Facebook Bug Bounty Hunter Shares Their Insights on the Facebook Breach