Oct 16, 2018

Threat report for 2018-10-15

DATA BREACH & DATA LOSS

  1. Facebook Hack Update – 30 Million Affected; More Details Exposed; No ID Protection
  2. Malware Campaign Distributes Data Stealer Trojan/RAT, Circumvents Anti-Malware
  3. Up to 35 Million 2018 Voter Records For Sale on Hacking Forum
  4. US voter records from 19 states sold on hacking forum
  5. Tens of Millions of U.S. Voter Records for Sale
  6. Pentagon Defense Department travel records data breach
  7. Did Jamal Khashoggi’s Apple Watch record his murder at Saudi consulate? Probably not
  8. New Gallmaker APT group eschews malware in cyber espionage campaigns
  9. Microsoft Incompletely Patches JET Database Vulnerability
  10. Old dog, new tricks – Analysing new RTF-based campaign distributing Agent Tesla, Loki with PyREbox
  11. Millions of Voter Records Found for Sale on the Dark Web
  12. Pentagon reveals cyber breach of travel records
  13. Pentagon Employee Data Breach, An Eye-Opener
  14. Facebook opens up about data breach details
  15. Facebook data breach: Victims will not be offered free identity theft protection
  16. A flaw in @Google Firebase #DatabaseSecurity allowed hackers to bypass security and leak data. Learn more about this #SecurityFlaw and
  17. Iceland hit by Biggest Cyber Attack on Record
  18. Scottish Ambulance Service Exposed Employees’ Data Online
  19. Pentagon Staff Hit by Major Data Breach
  20. FitMetrix data exposed on unprotected Elasticsearch servers
  21. Pentagon Data Breach Exposes up to 30,000 Travel Records
  22. Iceland's largest phishing campaign imitated police
  23. #Nymaim and #BankBot #Anubis PL campaign hxxp://przelewy24[.]ml/ hxxp://faktura24[.]cf/ SHA256: 4cb0b471a2132a747abf78214fbdbf0e8d7f44857996117bdbb266d42a277970 C2: bilagoong[.]tk @ThreatFabric @virqdroid @LukasStefanko
  24. Old dog, new tricks - Analysing new RTF-based campaign distributing Agent Tesla, Loki with PyREbox
  25. A Russian cyber vigilante is patching outdated MikroTik routers exposed online
  26. FitMetrix Unprotected Passwordless Database Exposed Millions of User​ Data
  27. Stringent password rules lower risk of personal data breaches
  28. Branch.io Flaws Exposed Tinder, Shopify, Yelp Users to XSS Attacks

DENIAL-OF-SERVICE

Nil

MALVERTISING

Nil

PHISHING

  1. Create an email phishing test to minimize attack vectors
  2. Learn how we are using #MachineLearning to detect mobile #phishing attacks with @thepacketrat and @dyngnosis: https://okt.to/W29vsS @PhishingAi @arstechnica
  3. Learn how hackers launched #phishing attacks against @netflix users with expert Michael Cobb of @thehairyITdog
  4. Hackers could use emoji domains to spread phishing attacks
  5. Iceland's largest phishing campaign imitated police
  6. Stringent password rules lower risk of personal data breaches
  7. According to #GroupIB experts, online market for counterfeit goods in Russia has reached $1,5 billion, while the number of phishing
  8. Google to Encrypt Android Cloud Backups With Your Lock Screen Password

WEB DEFACEMENT

Nil

BOTNET

Nil

RANSOMWARE

  1. Small businesses repeatedly falling victim to ransomware - Kaspersky
  2. Ransomware hits computer networks of North Carolina water utility
  3. Un nouveau rapport montre que les attaques par ransomware ont diminué au premier semestre 2018. Les pirates se tournent vers

CRYPTOMINING & CRYPTOCURRENCIES

  1. 400 Percent Increase in Cryptocurrency Mining Attacks Against iOS Devices
  2. Flash Updater Adds Cryptocurrency Miner
  3. iPhone a Growing Target of Crypto-Mining Attacks
  4. Economist Nouriel Roubini: Blockchain and bitcoin are the world’s biggest scams
  5. Fake Adobe update really *does* update Flash (while also installing cryptominer)
  6. Cryptomining Malware Infects Computers via Fake Adobe Updates
  7. September 2018’s Most Wanted Malware: Cryptomining Attacks Against Apple Devices On The Rise
  8. Fake Adobe update really *does* update Flash (while also installing cryptominer)
  9. 'Flash update' scam serves up legit software, but with a side of cryptominer
  10. How a #cryptocurrency mining #malware infects systems
  11. What are blockchain’s smart contracts? And how to secure them
  12. Android Apps Pretend to Mine Unmineable CryptoCurrencies to Just Show Ads
  13. SpankChain hacker steals the virtual currency and returns stolen ethereum

MALWARE

  1. Malware Campaign Distributes Data Stealer Trojan/RAT, Circumvents Anti-Malware
  2. New Gallmaker APT group eschews malware in cyber espionage campaigns
  3. Octopus Trojan exploits Telegram ban fears to snag diplomatic targets across Asia
  4. At the 2018 @RSAConference, researchers discussed the rise of stegware -- #malware that uses #steganography techniques to avoid detection. Learn
  5. Cryptomining Malware Infects Computers via Fake Adobe Updates
  6. September 2018’s Most Wanted Malware: Cryptomining Attacks Against Apple Devices On The Rise
  7. #Mobile #malware is on the rise. With mobile devices, hackers are able to access data far more sensitive than what
  8. .@TrendMicro researchers discovered #FacexWorm, a #malware that uses a #ChromeExtension and @Facebook Messenger to spread. Learn which users are at
  9. How does the MnuBot banking Trojan use unusual C&C servers?
  10. How a #cryptocurrency mining #malware infects systems
  11. @ThreatFabric Gaetan van Diemen showed us the actual situation and future predictions of Mobile Banking Malware. Thx for that awesome
  12. Godzilla Loader and the Long Tail of Malware
  13. Sony PS4 encounters malicious code attack and receives malicious messages

EXPLOIT

  1. New Technique Recycles Exploit Chain to Keep Antivirus Silent

VULNERABILITY

  1. FDA Warns of Flaws in Medtronic Programmers
  2. Microsoft Incompletely Patches JET Database Vulnerability
  3. Apple VoiceOver iOS Vulnerability Permits Hacker Access To User Photos
  4. .@TenableSecurity research finds new exploits of an already patched #MikroTik router vulnerability that could enable hackers to launch remote code
  5. Sony working on a fix for bug that's crashing PlayStation 4 consoles
  6. Apple VoiceOver iOS vulnerability permits hacker access to user photos
  7. Multiple Vulnerabilities Discovered in PHP Lead to Arbitrary Code Execution, DoS
  8. Details of Vulnerability in Google PDFium’s JBIG2 Revealed
  9. A flaw in @Google Firebase #DatabaseSecurity allowed hackers to bypass security and leak data. Learn more about this #SecurityFlaw and
  10. Branch.io Flaws may have affected as many as 685 million individuals
  11. Branch.io Flaws Exposed Tinder, Shopify, Yelp Users to XSS Attacks
at
Labels: