Threat report for 2018-10-13

DATA BREACH & DATA LOSS

1. Pentagon Defense Department travel records data breach
2. A combination of #SecurityFlaws and inadequate back-end development of the @Google Firebase database led to #DataLeaks and #SecurityVulnerabilities including HospitalGown.
3. 'Only' 30 million accounts were compromised in Facebook hack
4. Researchers @proofpoint have been tracking a downloader dubbed #AdvisorsBot as a first-stage payload in campaigns since May 2018.
5. Facebook Clarifies Extent of Data Breach
6. An Assessment of Google's Data Leak
7. ArangoDB v3.3.18 releases: native multi-model database
8. Facebook Now Revealed Hackers Stolen 29 Million Facebook Users Personal Data
9. Microsoft Fix for Windows JET Database Bug Not Perfect, Micropatch Available
10. Breach of Pentagon travel records exposes defense personnel PII

DENIAL-OF-SERVICE

Nil

MALVERTISING

Nil

PHISHING

11. Hackers launched @netflix #phishing attacks by obtaining TLS certificates. Learn how hackers mimic popular websites to spoof users and steal
12. This skyscraper reminds me of those really long ANSI art BBS login screens. Cc: @sixteencolors @blocktronics @velikani

WEB DEFACEMENT

Nil

BOTNET

Nil

RANSOMWARE

13. [SingCERT] Updated Advisory on Ransomware
14. APT group called #TeleBots linked to #Industroyer #malware and #NotPetya #ransomware, according to @ESET researchers. By @MaddieBacon11

CRYPTOMINING & CRYPTOCURRENCIES

15. Criminals' Cryptocurrency Addiction Continues
16. .@alienvault researchers recently discovered #MassMiner, a #cryptocurrency mining #malware that has the ability to infect systems across the web. Discover
17. Cryptocurrency Miners trick the user through Fake Flash Updates
18. Blockchain and Healthcare in Today’s World

MALWARE

19. GPlayed – New Malware Posed as Google Play App to Spy & Steal Data From Your Entire Android Phone
20. Researchers @proofpoint have been tracking a downloader dubbed #AdvisorsBot as a first-stage payload in campaigns since May 2018.
21. .@alienvault researchers recently discovered #MassMiner, a #cryptocurrency mining #malware that has the ability to infect systems across the web. Discover
22. Hackers use Googlebot in mining malware attacks
23. Researchers at @TrendMicro found a new strain of #malware -- dubbed #FacexWorm -- that targets users through a malicious #ChromeExtension.
24. APT group called #TeleBots linked to #Industroyer #malware and #NotPetya #ransomware, according to @ESET researchers. By @MaddieBacon11

EXPLOIT

Nil

VULNERABILITY

25. Now this might be going out on a limb, but here's how a branch.io bug left '685 million' netizens open to website hacks
26. Review Shows Glaring Flaws In Xiongmai IoT Devices
27. Microsoft JET vulnerability still open to attacks, despite recent patch
28. DOM-based XSS Vulnerability Affected 685 Million Users of Tinder, Shopify, Western Union, and Imgur
29. A patched #MikroTik router vulnerability amps up severity rating as @TenableSecurity researchers find new potential exploits with more critical consequences.
30. Microsoft Fix for Windows JET Database Bug Not Perfect, Micropatch Available
31. Vulnerabilities affect Shopify, Tinder and many other sites