Threat report for 2018-10-16

DATA BREACH & DATA LOSS

1. Insurer Anthem Will Pay Record $16M for Massive Data Breach
2. Pentagon data breach exposed travel data for 30,000 individuals
3. A Russian cyber vigilante is patching outdated MikroTik routers exposed online
4. A Pentagon #DataBreach exposed data on at least 30,000 individuals, but other details about the incident are still scarce. By
5. Personal Records Of 30,000 US Department Of Defense Workers Swiped By Miscreants
6. Anthem Agrees To Pay $16 Million In Data Breach Privacy Settlement
7. The Donald Daters Trump Dating App Exposed Its Users Data
8. 2018 US voter records offered for sale on hacking forum
9. #TLBleed exploits abuse Intel's HTT chip feature to leak data. Find out how hackers could launch side-channel attacks to obtain
10. 35 million US voter records available for sale in a hacking forum
11. Anthem agrees to pay $16 million in data breach privacy settlement
12. Dating App for Trump Supporters Exposed Members’ Information
13. After originally disclosing its latest data breach last month, Facebook revealed that hackers obtained data from some 30 million users. Here’s
14. Dating app for Trump loners commits YUGE blunder: It leaks more than the West Wing
15. Penta-gone! Personal records of 30,000 US Dept of Defense workers swiped by miscreants
16. Estimated 35 Million Voter Records For Sale on Popular Hacking Forum
17. Pentagon Travel Provider Data Breach Counts 30,000 Victims
18. UK’s MoD Exposed in 37 Security Breaches: Report
19. 35 million voter records from 19 states for sale on hacking forum
20. Pentagon data breach puts personal details of 30,000 staff at risk
21. Facebook says fewer users affected by data breach
22. Pentagon data breach puts personal details of 30,000 staff at risk
23. Data breach in Pentagon’s service provider affected 30k people

DENIAL-OF-SERVICE

24. Importance of DNS in Protecting Your Business from DDoS Attacks

MALVERTISING

Nil

PHISHING

25. Chrome 70 arrives with fingerprint login for websites, extension controls, and 23 security fixes
26. Chrome 70 released with revamped Google account login system
27. Phishing Site Impersonates Financial Services Institution: https://www.digitalshadows.com/blog-and-research/phishing-site-impersonates-financial-services-institution/ … (via @mazzazone)
28. Recent @Proofpoint research shows that #German-speaking regions are facing targeted #phishing, #malware, and #BEC attacks.
29. Phishing and Facebook – a test of reputation

WEB DEFACEMENT

Nil

BOTNET

Nil

RANSOMWARE

30. In County Crippled by Hurricane, Water Utility Targeted in Ransomware Attack
31. Madison County computer system infected with ransomware
32. NC Water Utility Fights Post-Hurricane Ransomware
33. A “critical water utility” in a county crippled by Hurricane #Florence was hit by a #ransomware attack. The #cyberattack has
34. APT group called #TeleBots linked to #Industroyer #malware and #NotPetya #ransomware, according to @ESET researchers. By @MaddieBacon11

CRYPTOMINING & CRYPTOCURRENCIES

35. SAP Boosts Blockchain Integration and Customer Flexibility
36. How to Create Blockchain Applications
37. Report: near-400% increase in crypto-mining malware attacks against iPhones
38. Line lists cryptocurrency on Bitbox exchange
39. You are who you say you are: Establishing digital trust with the blockchain
40. Cryptomining attacks against Apple devices increase sharply
41. Cryptojacking attacks against iPhone devices increase

MALWARE

42. Author of LuminosityLink Remote Access Trojan Gets 30 Months Sentence
43. .@Trustlook Labs discovered an #Android #Trojan stealing data from messaging apps. Learn what #mobilesecurity programs should look for to detect
44. Malicious RTF Documents Deliver Information Stealers
45. Recent @Proofpoint research shows that #German-speaking regions are facing targeted #phishing, #malware, and #BEC attacks.
46. #Stegware: it's #Malware that uses #steganography techniques to avoid detection
47. Report: near-400% increase in crypto-mining malware attacks against iPhones
48. Octopus malware wraps tentacles around former Telegram users in Central Asia
49. Mikko didn't put Brain -- the first PC virus -- on his list but he did track down its authors
50. Now Surfing about your Favourite Celebrities can make you Vulnerable to Virus Attack
51. Malware Attack Popular Amongst the Hackers, Even though it Dips in Q2 in 2018
52. APT group called #TeleBots linked to #Industroyer #malware and #NotPetya #ransomware, according to @ESET researchers. By @MaddieBacon11
53. Cybercriminals Advertising Godzilla Loader Malware On Dark Web Forums
54. Most Important Considerations with Malware Analysis Cheats And Tools list
55. Leveraging Falcon Sandbox to Detect and Analyze Malicious PDFs Containing Zero-Day Exploits

EXPLOIT

56. Sony Fixed PlayStation 4 Message Exploit Leasing to a DoS Condition
57. Hackers tamper with exploit chain to drop Agent Tesla, circumvent antivirus solutions
58. Numerous PlayStation 4 users reported that a PlayStation Network message exploit is crashing their consoles, requiring a factory reset in

VULNERABILITY

59. [SingCERT] Alert on Multiple Vulnerabilities in PHP
60. Multiple Vulnerabilities Allow Attackers to Take Full Control of Linksys Routers
61. 7 Useful Android Vulnerability Scanners
62. Vulnerability Spotlight: Linksys ESeries Multiple OS Command Injection Vulnerabilities
63. Bug in New iOS Lets Attacker Access iPhone Pics
64. Info of 685 Million Users at Risk Because of Multiple Branch.io XSS Flaws
65. CVE-2018-8453 Zero-Day Flaw Exploited by FruityArmor APT
66. Learn about the #NetSpectre vulnerability and the benefits of #ThreatModeling for cloud deployments from expert Ed Moyle of @securitycurve.
67. Tinder profiles were 'at risk' due to XSS vulnerability
68. 685 million users may be affected by the Branch.io service XSS vulnerability
69. Vulnerability Spotlight: Linksys ESeries Multiple OS Command Injection Vulnerabilities
70. Hackers can use known security vulnerabilities with new technology to bypass Antivirus Software
71. RiskSense cloud service protects against cyber threats and vulnerabilities ahead of midterm elections
72. #Shodan, a device search engine, can help identify #ICS security vulnerabilities. Learn more about how Shodan works and how it
73. "It is no secret that the #RemoteDesktop Protocol has long been a source of exploitable vulnerabilities, and it is well
74. 685 million users may be affected by the Branch.io service XSS vulnerability
75. Juniper Networks launches multiple solutions for Junos OS vulnerabilities
76. New iPhone Bug Gives Anyone Access to Your Private Photos
77. Leveraging Falcon Sandbox to Detect and Analyze Malicious PDFs Containing Zero-Day Exploits