Threat report for 2018-10-25

DATA BREACH & DATA LOSS

1. Cutwail Spam Campaign Uses Steganography to Distribute URLZone
2. Cathay Pacific hack: Personal data of up to 9.4 million airline passengers laid bare
3. Another 185K Customers Potentially Affected by the British Airways Data Breach
4. British Airways: Cyberattack, data theft bigger than we first thought
5. Cathay Pacific data breach: 9.4 million passenger information at risk
6. Data Breach Announced by CMS – Approximately 75,000 Individuals’ Files Affected
7. Abandoned Web Apps Found as a Core Cause Behind High Profile Data Breaches
8. Aftermath of the Data Breach: Cathay Pacific Customers Losing Confidence
9. Questions Mount Over Delay After Cathay Pacific Admits Huge Data Leak
10. Multiple Phishing Campaigns Target Universities
11. 77K Additional Customers Affected by British Airways' MageCart Data Breach
12. Cathay Pacific data breach exposes PII of 9.4 million customers
13. Cathay Pacific data breach exposed 9.4m customers’ details
14. Hackers steal personal data of up to 9.4 million Cathay Pacific passengers
15. Hackers steal personal data of up to 9.4 million Cathay Pacific passengers
16. CNI Campaign TRITON Linked to Russian Institute
17. Chalubo Botnet Compromise Your Server or IoT Device & Use it for DDOS Attack
18. Cathay Pacific data breach affecting 9.4 million passengers
19. Data leak at consulting firm handling fundraisers for the Democratic party

DENIAL-OF-SERVICE

20. New DDoS botnet goes after Hadoop enterprise servers
21. New Botnet Launches DDoS Attacks on SSH Servers
22. Chalubo Botnet Compromise Your Server or IoT Device & Use it for DDOS Attack
23. NETSCOUT’s Arbor Cloud Expands DDoS Protection Across Asia

MALVERTISING

Nil

PHISHING

24. Multiple Phishing Campaigns Target Universities
25. Cofense Hunts Phishing Threats Round the Clock with Enhanced 24-hour Global Phishing Defense Services
26. Learn how hackers used TLS certificates to launch @netflix #phishing attacks from expert Michael Cobb of @thehairyITdog
27. iOS 12 has completely blocked password cracking tool, GrayKey

WEB DEFACEMENT

Nil

BOTNET

28. New DDoS botnet goes after Hadoop enterprise servers
29. Hacker creates seven new variants of the Mirai botnet | Avast
30. New Botnet Launches DDoS Attacks on SSH Servers
31. Chalubo Botnet Compromise Your Server or IoT Device & Use it for DDOS Attack

RANSOMWARE

32. Experts released a free Decryption Tool for GandCrab ransomware
33. New FilesLocker Ransomware Offered as a Ransomware as a Service
34. GandCrab ransomware declawed with new decryption tool
35. Files Encrypted by GandCrab Ransomware Can Now Be Decrypted for Free
36. Bitdefender releases GandCrab ransomware decryption tool
37. Free GrandCrab Ransomware Decryption Tool Released by Bitdefender
38. Free Decrypter Available for the Latest GandCrab Ransomware Versions
39. ESET releases new decryptor for Syrian victims of GandCrab ransomware
40. Free decryption tool released for multiple GandCrab ransomware versions
41. West Haven pays $2k USD because of ransomware attack
42. GandCrab Ransomware decryption tool

CRYPTOMINING & CRYPTOCURRENCIES

43. Misconfigured Container Abused to Deliver Cryptocurrency-mining Malware
44. North Korea blamed for two cryptocurrency scams, five trading platform hacks
45. Building shared digital identity using blockchain technology

MALWARE

46. Misconfigured Container Abused to Deliver Cryptocurrency-mining Malware
47. Malware Distributors Adopt DKIM to Bypass Mail Filters
48. Cobalt Group tries to slip malicious PDFs past bank employees, researchers say
49. Another one bites the dust! In 2018 Android malware can bypass defences of billon dollar AV industry and Google Play
50. 'TimpDoor' Malware Turns Android Devices into Proxies
51. Bypass an Anti Virus Detection with Encrypted Payloads using VENOM Tool
52. #DidYouKnow AVG Free Antivirus received the highest rating of Advanced+ in @AV_Comparatives latest Malware Protection Test? Share AVG Free Antivirus with
53. Malware Distributors Adopt DKIM to Bypass Mail Filters
54. Mac Malware Injects Ads Into Encrypted Traffic
55. .@FireEye researchers have attributed the #Triton #malware -- used in an attack on an industrial control system in Saudi Arabia
56. FireEye ties Russia to Triton malware attack in Saudi Arabia
57. Our threat intelligence lead Chris Dawson (@mrdatahs) discussing new @proofpoint Threat Insight #Malware research with @threatpost.
58. FireEye links Triton Malware to Russian Research Institute
59. .@FireEye security researchers claimed the Russian government was 'most likely' behind the Triton #malware attack on an industrial control system
60. Russian-Made Malware Used to Attack Saudi Petrol Plant, Claims FireEye
61. What is application security? A process and tools for securing software
62. [BLOG] When #malware actor realizes that he can make more money by himself and transform his dropper into banking malware,
63. New Android Malware Turns Your Mobile Devices into Hidden Proxies

EXPLOIT

64. Researchers recently found vulnerabilities in #robot controllers from @Universal_Robot. Learn what these robot controllers do and how #ThreatActors exploit these

VULNERABILITY

65. New security flaw impacts most Linux and BSD distros
66. Multiple Vulnerabilities Patched in ASRock Drivers
67. Unusual Remote Execution Bug in Cisco WebEx Discovered by Researchers
68. WINDOWS ZERO-DAY BY SANDBOXESCAPER
69. Sophos Patches RCE and Memory Disclosure Vulnerabilities in
70. Vulnerability Spotlight: TALOS-2018-0635/0636 – Sophos HitmanPro.Alert memory disclosure and code execution vulnerabilities
71. Pentagon Expands Bug-Bounty Program to Include Physical Systems
72. Researchers Find Command Injection Flaw in Cisco WebEx
73. Researchers recently found vulnerabilities in #robot controllers from @Universal_Robot. Learn what these robot controllers do and how #ThreatActors exploit these
74. Microsoft Acknowledges Zip File Overwrite Bug - Fix Coming in November
75. Cisco releases fix for privilege escalation bug in Webex Meetings app
76. Amazon IoT operating system FreeRTOS has serious vulnerabilities
77. Experts discovered a severe command injection flaw in Cisco Webex Meetings Desktop
78. You patch my back(up) and I'll patch yours... Arcserve bugs burrow remotely exploited holes in UDP storage systems
79. Signal Desktop App Vulnerability Exposes Message Decryption Key To The Users
80. Vulnerability Spotlight: TALOS-2018-0635/0636 - Sophos HitmanPro.Alert memory disclosure and code execution vulnerabilities
81. Windows 10 Update Fixed File Deletion Flaw But Not ZIP File Overwrite Bug
82. Google Chrome 70.0.3538.77 released: Bugs fix
83. Win10 1803 big bug bash KB 4462933 joins earlier versions, a week late to the party
84. FreeRTOS Multiple Remote Code Execution Vulnerabilities Threat Alert
85. Java Usage Tracker Vulnerability
86. Windows 10 bug overwrites files without confirmation
87. Unusual Remote Execution Bug in Cisco WebEx Discovered by Researchers