Threat report for 2018-10-23

DATA BREACH & DATA LOSS

1. Case Study: Protecting PII
2. An ISP Left Corporate Passwords, Keys, and All its Data Exposed on the Internet
3. Top 10 security steps in Microsoft 365 that political campaigns can take today
4. Critical vulnerabilities in FreeRTOS allowed for IoT device compromise
5. Thousands of applications affected by a zero-day issue injQuery File Upload plugin
6. Malicious actors attacked a back-end insurance system and the resulting @HealthCareGov #breach exposed an unknown amount of data on 75,000
7. Identify when your data is exposed, your brand is abused, or your company is mentioned on the dark web. Test
8. Thousands of Applications Vulnerable to RCE via jQuery File Upload
9. Facebook has seen several data breaches in the last few months, leading the company to look into acquiring a
10. Police have issued a fresh warning concerning Fortnite and players giving out their personal details online. Cheshire Police posted on Facebook,
11. Adult websites shuttered after 1.2 million user details exposed
12. #sLoad and #Ramnit pairing in sustained personalized campaigns against UK and Italy
13. jQuery? More like preyQuery: File upload tool can be exploited to hijack at-risk websites
14. "Advanced attacks, spear-phishing and data breaches are the norm, instead of the exception. We need to address these issues with
15. “We’re less likely to be caught up in a massive breach of highly available PII or financial data that gets
16. A flaw in @Google Firebase #DatabaseSecurity allowed hackers to bypass security and leak data. Learn more about this #SecurityFlaw and
17. Morrisons loses appeal over data breach
18. Morrisons loses appeal against data breach liability ruling
19. A #ZeroDay in the popular #jQuery File Upload plugin could affect thousands of projects and the jQuery #plugin vulnerability may

DENIAL-OF-SERVICE

20. DDoS-Capable IoT Botnet 'Chalubo' Rises
21. Chalubo DDoS Botnet Compromises Linux SSH Servers Using Brute-Force Attacks
22. Netscout Launches Arbor Edge Defense for Enterprise DDoS Security
23. Oracle Doubles Down on Cloud Security With CASB, WAF, DDoS Protection

MALVERTISING

Nil

PHISHING

24. Phishing is still the most commonly used attack on organizations, survey says
25. New Phishing Attack That Uses Multiple Replica Sign-In Pages
26. How sophisticated phishing grants attackers total control of your computer
27. How sophisticated phishing grants attackers total control of your computer
28. 5 Ways #Cybercriminals Can Access Your Emails Without Phishing [Infographic]:
29. Phishing attacks becoming more targeted, phishers love Microsoft the most
30. Learn how hackers launched #phishing attacks against @netflix users with expert Michael Cobb of @thehairyITdog
31. "Advanced attacks, spear-phishing and data breaches are the norm, instead of the exception. We need to address these issues with
32. Phishing Report Shows Microsoft, Paypal, & Netflix as Top Targets
33. 4 suggerimenti per utilizzare al meglio il vostro #password manager e generare password davvero efficaci. Ebbene sì, repetita juvant :)

WEB DEFACEMENT

34. Hackers Defaced Davos In The Desert To Show Image Of Murdered Journalist
35. Saudi Investment Site Defaced After Journalist’s Murder

BOTNET

36. DDoS-Capable IoT Botnet 'Chalubo' Rises
37. Chalubo DDoS Botnet Compromises Linux SSH Servers Using Brute-Force Attacks
38. Battling Bots: How to Find Fake Twitter Followers
39. Bots Targeting SSH Servers and Brute-Forcing Entry

RANSOMWARE

40. When Ransomware Stopped Working Harder and Started Working Smarter
41. City Pays $2K in Ransomware, Stirs ‘Never Pay’ Debate
42. Case Study: Ransomware
43. Indiana National Guard Suffers Ransomware Attack
44. Indiana National Guard hit by ransomware
45. Have you ever wondered why #ransomware attacks happen on the Friday before a long weekend? We've teamed up with @SentinelOne

CRYPTOMINING & CRYPTOCURRENCIES

46. Why the blockchain is not secure
47. Trade.io Cold Wallet Hacked Losing 50 Million TIO Tokens – TIO Coin To Be Forked
48. Why is Elon Musk promoting this Bitcoin scam? (He’s not)
49. Report: Cryptocurrency hackers earned $20M with 51-percent attacks in 2018
50. Apple has launched its university ID Cards feature in Wallet. Students at three universities can now access their student ID
51. Can Cybercriminals Hack Blockchain?
52. A Beginner’s Guide to Bitcoin Mining (Bitcoin Mining 101)

MALWARE

53. Burned malware returns, according to Cylance: is Hacking Team responsible?
54. Status of Today’s Email as a Malware Vector
55. Case Study: Destructive Malware
56. Banking Trojan Infections Persist Throughout the State
57. Triton Malware Linked to Russian Government Research Institute
58. FireEye links Russian research lab to Triton ICS malware attacks
59. Securing Government Operations with Cloud-based Malware Analysis
60. How RATs infect computers with malicious software
61. This is how government spyware StrongPity uses security researchers' work against them
62. Russian Malware Was Apparently Used in an Attempt to Sabotage a Saudi Petrol Plant
63. Inside Safari Extensions | Malicious Plugins Remain on Mojave
64. Malicious actors attacked a back-end insurance system and the resulting @HealthCareGov #breach exposed an unknown amount of data on 75,000
65. H-Worm and jRAT Malware: Two RATs are Better than One
66. How RATs infect computers with malicious software
67. What do you think the combination of the #TrickBot banking Trojan to #IcedID means for the future of banking #Trojans?
68. Updated Azorult malware for sale on the Dark Web
69. UK and US sign military Cyber Accord to dominate cyber domain - with help from business
70. Chinese Cyber Espionage Group using Datper Trojan
71. Burned malware returns, says Cylance report: Is Hacking Team responsible?

EXPLOIT

Nil

VULNERABILITY

72. DHS warns of another dangerous flaw in Advantech WebAccess SCADA software
73. Microsoft Windows zero-day disclosed on Twitter, again
74. AWS FreeRTOS Riddled with Security Vulnerabilities | Avast
75. Critical vulnerabilities in FreeRTOS allowed for IoT device compromise
76. Thousands of applications affected by a zero-day issue injQuery File Upload plugin
77. Grave TCP/IP Flaws In FreeRTOS Leave IoT Gear Open To Mass Hijacking
78. Patch now! Multiple serious flaws found in Drupal
79. Quantifying Vulnerability Risk: How to Quickly Calculate and Prioritize Risk
80. Amazon Patched Multiple IoT Vulnerabilities Affecting Its Smart Devices
81. Amazon patches IoT and critical infrastructure security flaws
82. Patch me, if you can: Grave TCP/IP flaws in FreeRTOS leave IoT gear open to mass hijacking
83. Several vulnerabilities were found in controllers made by @Universal_Robot. Discover what these #robot controllers are used for and how
84. How do newly found flaws affect robot controllers?
85. Firmware zero-day leaves 2m storage devices open to RCE
86. A flaw in @Google Firebase #DatabaseSecurity allowed hackers to bypass security and leak data. Learn more about this #SecurityFlaw and
87. CyberSecurity Asean security alert on Multiple Vulnerabilities in Cisco WebEx Network Recording Player for Advanced Recording Format Files Could Allow for Arbitrary Code Execution
88. Bug Spells Doom for Nearly-Vacant Google+ Network
89. The fix for the DOM-based XSS in Branch.io introduced a new XSS flaw
90. libssh Server-Side Identity Authentication Bypass Vulnerability (CVE-2018-10933)Threat Alert
91. WebLogic Remote Code Execution Vulnerability(CVE-2018-3191)Threat Alert
92. Different Vendors Confirm The Impact Of LibSSH Flaw On Their Products
93. FreeRTOS IoT OS Critical Vulnerabilities Affected Million of Smart Home & Critical Infrastructure Based IoT Devices
94. LIVE555 Streaming library affected by remote code execution vulnerability
95. Windows 10 1809 Zip Extraction Bug Overwrites Files without Confirmation
96. A #ZeroDay in the popular #jQuery File Upload plugin could affect thousands of projects and the jQuery #plugin vulnerability may