Oct 23, 2018

Threat report for 2018-10-22

DATA BREACH & DATA LOSS

  1. CMS portal breach exposes 75,000 individuals' records
  2. New Ethics Guidance for Lawyers from the American Bar Association (ABA) Regarding Data Breach and Cyber-attack
  3. According to the report, researchers detected 33,568 email addresses of finance departments that had been exposed by third parties. Can
  4. #NetSpectre leaks data remotely via side-channel attacks. Learn from expert Michael Cobb of @thehairyITdog why data from #microprocessors is not
  5. Criminals Hijacked Records of 75 000 Users from
  6. A #ZeroDay in #jQuery File Upload could affect thousands of projects because the jQuery #plugin vulnerability has existed for eight
  7. Enigmatic cyber espionage campaign revives source code from old foe APT1
  8. 75,000 HealthCare.gov Users Exposed, Personal Information Stolen
  9. US Indicts Another Russian for Role in Info Warfare Campaign
  10. What are DMARC records and can they improve email security?
  11. Anthem in Record $16m HIPAA Settlement
  12. The Hunt - Our new data breach detection video looks like a Mission Impossible trailer. However, the threats are for
  13. #NetSpectre exploits speculative execution to leak data remotely via side-channel attacks. Learn how this #SecurityVulnerability affects the #cloud from expert
  14. The most interesting Internet-connected vehicle hacks on record
  15. Web Hosting Software VestaCP Server Compromised With DDoS Malware
  16. Find out how #TLBleed abuses @Intel's HTT chip feature to leak data via TLB
  17. Are you aware of #Canada's data breach regulations? Get up to speed on the #blog:

DENIAL-OF-SERVICE

  1. NSA Hacking Tools Used Against Nuke, Aerospace Worlds
  2. Web Hosting Software VestaCP Server Compromised With DDoS Malware

MALVERTISING

Nil

PHISHING

  1. Phishing Scheme Leverages Azure Blob Storage and Hurricane Michael
  2. Strict password policy could prevent credential reuse, paper suggests
  3. Natural Disaster Related Phishing Scam Abusing Microsoft Azure to Steal login Credentials & Credit Card Numbers

WEB DEFACEMENT

  1. Saudi Future Investment Initiative website defaced by the hackers
  2. Hackers Deface Website of Saudi Investment Forum

BOTNET

  1. The Russian built #VPNFilter #botnet was taken down by the @FBI after over 500,000 routers were infected. However, VPNFilter is

RANSOMWARE

  1. Gamma ransomware compromises data on 16,000 patients at California hernia institute
  2. Ransomware: A cheat sheet for professionals
  3. The latest variant of Satan ransomware is spreading in the wild

CRYPTOMINING & CRYPTOCURRENCIES

  1. Blockchain Security and Privacy
  2. Rambus Vaultify Trade: Secure transaction and storage of crypto assets on blockchain
  3. .@alienvault researchers recently discovered #MassMiner, a #cryptocurrency mining #malware that has the ability to infect systems across the web. Discover
  4. iCloud Hacker Wants $175,000 Ransom to Be Paid In Bitcoin (BTC)
  5. Trade.io loses $7.5Mil worth of cryptocurrency in mysterious cold wallet hack
  6. Introducing Infura: Connecting DApps With Ethereum Without Setting up Ethereum Nodes
  7. Business-minded hackers are testing blockchain technologies to secure their illegal operations. Here's what enterprises can learn from them:
  8. India’s First Cryptocurrency ATM To Buy and Sell Cryptocurrencies

MALWARE

  1. How a Canadian permanent resident and Saudi Arabian dissident was targeted with powerful spyware on Canadian soil
  2. US Tops Global Malware C2 Distribution
  3. Signal Upgrade Process Leaves Unencrypted Messages on Disk
  4. .@alienvault researchers recently discovered #MassMiner, a #cryptocurrency mining #malware that has the ability to infect systems across the web. Discover
  5. The boom of fileless malware attacks: How can we fight it?
  6. Octopus Malware
  7. Maker of LuminosityLink RAT gets 30 months in the clink
  8. Web Hosting Software VestaCP Server Compromised With DDoS Malware
  9. Adding the EICAR string to your name as part of the visitor self-registration process is a bit of a faux

EXPLOIT

  1. Apple Voiceover Exploit Allows Attackers Access to Ios Devices

VULNERABILITY

  1. Cisco, F5 Networks Investigate libssh Vulnerability Impact
  2. How to detect hardware-based server bugs
  3. Flaw in Media Library Impacts VLC, Other Software
  4. Libssh CVE-2018-10933 Scanners & Exploits Released - Apply Updates Now
  5. Recent Branch.io Patch Creates New XSS Flaw
  6. Critical Bug Impacts Live555 Media Streaming Libraries
  7. A newly disclosed #libSSH vulnerability could allow an attacker #AdminAccess to a server with little effort. By @MT_Heller
  8. Zero-day jQuery plugin vulnerability exploited for 3 years
  9. CVE-2018-4013: LIVE555 streaming media RTSP Server Remote Code Execution Vulnerability
  10. Popular website plugin harboured a serious 0-day for years
  11. A #ZeroDay in #jQuery File Upload could affect thousands of projects because the jQuery #plugin vulnerability has existed for eight
  12. It's OK, I'm verified - Libssh flaw allows attackers to bypass server authentication
  13. Repairnator bot finds software bugs, successfully submits patches
  14. Drupal Patched Critical RCE Vulnerabilities In Drupal 7 and 8
  15. FreeRTOS flaws expose millions of IoT devices to cyber attacks
  16. The .@iDefense Vulnerability Contributor Program (VCP) bug-bounty initiative continues to attract top contributors. Join them by submitting your 0-day for
  17. Critical vulnerabilities on FreeRTOS expose many systems to attacks
  18. WebLogic Remote Code Execution Vulnerability(CVE-2018-3245) Threat Alert
  19. MPlayer and VLC media player affected by critical flaw CVE-2018-4013
  20. Remote Code Execution Flaws Found in FreeRTOS - Popular OS for Embedded Systems
  21. Why does Windows 10 have many bugs?
at
Labels: