Oct 13, 2018

Threat report for 2018-10-12

DATA BREACH & DATA LOSS

  1. Facebook Data Breach Update: attackers accessed data of 29 Million users
  2. Pentagon Reveals Cyber Breach of Travel Records
  3. NEW BETABOT CAMPAIGN UNDER THE MICROSCOPE
  4. Detecting Malicious Campaigns with Machine Learning
  5. Fitmetrix fitness software company may have exposed millions of customer records
  6. Fake browser update seeks to compromise more MikroTik routers
  7. Phishing Campaign uses Hijacked Emails to Deliver URSNIF by Replying to Ongoing Threads
  8. #TLBleed abuses @Intel's HTT chip feature to leak data and obtain sensitive memory information. Learn more about this new side-channel
  9. Mindbody’s FitMetrix leaked millions of Users’ Personal Details
  10. Is Google Sync a Vector for Data Breaches?
  11. Facebook Revises Data Breach Impact Downward, Provides New Details
  12. How #livechatsoftware leak personal #employeedata?
  13. ​Labor seeks updated My Health Record legislation to prevent privatisation

DENIAL-OF-SERVICE

  1. 'The Nuke Loop' is Fallout 76's endgame, lead designer explains
  2. UK's NCSC to monitor internet routing to stop DDoS and hijacks

MALVERTISING

Nil

PHISHING

  1. Threat Announcement: Phishing Sites Detected on Emoji Domains
  2. Phishing Campaign uses Hijacked Emails to Deliver URSNIF by Replying to Ongoing Threads
  3. An Examination of a Phishing Kit Dubbed Luis
  4. Do you know the top myths and facts of #mobile #phishing? If not, don't worry, we've compiled a list of
  5. Largest Cyber Attack Against Iceland Driven by Complex Phishing Scheme
  6. Spring Security With Radius Login

WEB DEFACEMENT

Nil

BOTNET

  1. Call of Duty: Black Ops 4 welcomes launch with new Blackout and Zombies trailers

RANSOMWARE

  1. The Week in Ransomware - October 12th 2018 - NotPetya, GandCrab, and More
  2. New @ESET research finds APT group dubbed #TeleBots was behind #Industroyer #malware attacks, #NotPetya #ransomware outbreaks, and a recent Exaramel
  3. GandCrab ransomware operators team up with crypter service
  4. GandCrab Ransomware Partners With Crypter Service
  5. This is how much the WannaCry ransomware attack cost the NHS

CRYPTOMINING & CRYPTOCURRENCIES

  1. Almost 12K MikroTik Routers Are Hunting Around for Cryptojacking Opportunities
  2. Three Industries That Blockchain Will Impact the Most
  3. Obfuscated JavaScript Cryptominer
  4. In 2008, @nokia dominated the mobile phone universe. Four years later, the company was on the verge of extinction. Discover
  5. 360 Total Security has intercepted more than 50,000 Clipboard Wallet Hijacker attacks, helping users recover over 40 million
  6. Cryptomining software is hidden as Flash update

MALWARE

  1. Detecting Malicious Campaigns with Machine Learning
  2. Fake Adobe Flash Updates Hide Malicious Crypto Miners
  3. .@ThreatFabric researchers uncovered an #Android malware, #MysteryBot, which uses overlay attacks to avoid detection. Learn how this #malware affects @Google's
  4. New @ESET research finds APT group dubbed #TeleBots was behind #Industroyer #malware attacks, #NotPetya #ransomware outbreaks, and a recent Exaramel
  5. Researchers at the 2018 @RSAConference discussed #stegware: @malware that uses #steganography. Discover how this works with expert @lewisnic.
  6. Hackers targeting Drupal vulnerabilities to install the Shellbot Backdoor
  7. Researchers at Cisco Talos (@TalosSecurity) recently discovered #GravityRAT, a remote access #Trojan. Discover how this RAT can check for
  8. GPlayed trojan seeks to play users out of their data
  9. This Trojan masquerades as Google Play to hide on your phone in plain sight
  10. Marion County Jail’s Reporting System Fall Prey to Virus Attack
  11. Some 10% of user-reported emails malicious
  12. ThreatFabric on stage @bsidesdelft talking about the evolution of
  13. Fortnite for Android Released, But Make Sure You Don't Download Malware

EXPLOIT

  1. PoC exploit for Windows Shell RCE released

VULNERABILITY

  1. Windows 10 October 2018 Update: Release – Halt – Bug Identified – Fix!
  2. FDA Issues Warning about Security Vulnerabilities in Pacemaker Programmers
  3. Microsoft Zero-Day Patch for JET Bug Incomplete, Claims Firm
  4. Proof-of-Concept Available for Edge Remote Code Execution Vulnerability
  5. Facebook States 30 Million People Affected by Last Month's "View As" Bug
  6. Learn how the #NetSpectre vulnerability affects the #cloud from expert Ed Moyle of @securitycurve.
  7. What's keeping the #CISO up at night? The vulnerabilities caused by third-party vendors, finds @forrester research. 65% of organizations say
  8. Micropatch Released to Correct Partially Fixed JET DB Engine RCE Vulnerability
  9. FDA warns users of cyber vulnerability in pacemaker programmers
  10. Ryan Kalember, Senior VP of #Cybersecurity Strategy at Proofpoint, discussing why humans are a company’s biggest cybersecurity vulnerability.
  11. Sony Patched Three Critical Vulnerabilities In Smart TV Bravia
  12. Hackers targeting Drupal vulnerabilities to install the Shellbot Backdoor
  13. Now, watch this... Network time protocol bugs sting Juniper operating system
  14. DOM-XSS Bug Affecting Tinder, Shopify, Yelp, and More
  15. Facebook's WhatsApp says it has fixed a video call security bug that let hackers hijack accounts.
  16. Vulnerability allows hijacking of software installed in macOS
  17. Senator asked Google to explain why the revealing of the Google+ vulnerability was postponed
  18. Proof-of-concept code published for Microsoft Edge remote code execution bug
at
Labels: