Daily brief for 2018-11-06

ASIA

1. Group-IB and CryptoIns introduce the world’s first insurance against cyber threats for cryptocurrency exchanges
2. Fake Telegram Apps Used to Spy on Iranian Users
3. Spam and phishing in Q3 2018
4. Worst malware and threat actors of 2018 so far
5. Shellbot Botnet Targets IoT devices and Linux servers
6. Nation states sponsoring increasingly sophisticated cyber attacks
7. New attack by Anonymous Italy: personal data from ministries and police have been released online
8. Multiple Cisco Vulnerabilities Threat Alert

WORLD

9. US DoD’s first malware submissions to Google-bought VirusTotal is Russia-linked LoJack
10. Hack the Air Force 3.0 Bug Bounty Announced by USAF
11. ThreatList: Despite Fraud Awareness, Password Reuse Persists for Half of U.S. Consumers
12. Election Day: Five Security Experts Conclude that Georgia’s Online Voter Database is Easily Hackable
13. Group-IB and CryptoIns introduce the world’s first insurance against cyber threats for cryptocurrency exchanges
14. HSBC Bank Confirms US Data Breach
15. UK Regulator Calls for Tougher Rules on Personal Data Use
16. Compromising vital infrastructure: transport and logistics
17. HSBC Bank USA Warns Customers of Data Breach
18. Flaws in several self-encrypting SSDs allows attackers to decrypt data they contain
19. Side-Channel Vulnerability PortSmash Steals Keys
20. Pocket iNet ISP Exposed 73GB of Corporate Data Online
21. Tech companies offered free products to help secure the election. Now what?
22. Magecart infiltrates UK online retailer Kitronik payment system
23. Spam and phishing in Q3 2018
24. Worst malware and threat actors of 2018 so far
25. Wealthy Moscow residents' data leaked in Akado Telecom incident
26. We're hosting a lunch and learn event geared towards endpoint #security and #ransomware, with technology partner @SentinelOne. Please join us on
27. Shellbot Botnet Targets IoT devices and Linux servers
28. U.S. Air Force Announces Third Bug Bounty Program
29. Nation states sponsoring increasingly sophisticated cyber attacks
30. Anonymous Hackers Syndicate Defaces Huge Number of Websites of Gabon Government
31. New attack by Anonymous Italy: personal data from ministries and police have been released online
32. Two zero-day vulnerabilities expose millions of access points
33. #ThreatFabric discovers #NeoBot Android Banking Trojan (#Exobot spawn) in #GooglePlay with 10,000+ installs Please contact us if your interested in

ATTACKS

34. HSBC Data Breach Hits Online Banking Customers
35. My Health Record data misuse penalties raised
36. Holiday Suppliers Already Under Assault by Fileless Malware Campaign
37. ThreatList: Despite Fraud Awareness, Password Reuse Persists for Half of U.S. Consumers
38. Election Day: Five Security Experts Conclude that Georgia’s Online Voter Database is Easily Hackable
39. HSBC Bank Confirms US Data Breach
40. UK Regulator Calls for Tougher Rules on Personal Data Use
41. HSBC Bank USA Warns Customers of Data Breach
42. HSBC Bank Data Breach Exposed Account Numbers, Balances, and More
43. Samsung, Crucial’s Flawed Storage Drive Encryption Leaves Data Exposed
44. Why business can't keep the public safe from data breaches
45. It’s thought that the private message data was obtained via a malicious browser extension that scraped the data from users’
46. Alert: Emotet is Back with Major Spam Campaign, Email Exfiltration Module
47. Zombie Phish
48. Azorult Malware Spread by New Ramnit Campaign
49. Login VSI announces Release 3 of Login PI for proactive monitoring
50. Pocket iNet ISP Exposed 73GB of Corporate Data Online
51. HSBC Bank Notifies Customers of Data Breach
52. Business email compromise made easy for cybercriminals as 12.5 million company email inboxes and 33,000 finance department credentials openly accessible
53. Spam and phishing in Q3 2018
54. Wealthy Moscow residents' data leaked in Akado Telecom incident
55. GPU side channel attacks can enable spying on web activity, password stealing
56. Our crucible SoC OTP fusing tool now support graphical mapping of fusemap definition files. This, other than being very pretty, facilitates
57. Social Media Brand Impersonators Go #Phishing: 3 Emerging Tactics from ZeroFOX Research
58. Gift Card Phishing Scam Using Email Addresses of Bosses’ is Latest Trend Adopted by Scammers
59. New attack by Anonymous Italy: personal data from ministries and police have been released online
60. Samsung & Crucial Storage Device Vulnerability Allow Attackers to Break the Password & Access the Entire Device Data
61. Just half of Fortune 500 companies have installed DMARC, a tool that guards against email phishing scams, according to new

THREATS

62. US DoD’s first malware submissions to Google-bought VirusTotal is Russia-linked LoJack
63. Apache Struts Vulnerability Would Allow System Takeover
64. Hack the Air Force 3.0 Bug Bounty Announced by USAF
65. Android November update fixes flaws galore
66. Holiday Suppliers Already Under Assault by Fileless Malware Campaign
67. Group-IB and CryptoIns introduce the world’s first insurance against cyber threats for cryptocurrency exchanges
68. Hackers Breach StatCounter To Hijack Bitcoin Transactions
69. StatCounter Hacked to Inject Malicious Script in gate.io Cryptocurrency Exchange
70. VMware Unveils New Blockchain Service
71. Hackers breach StatCounter to hijack Bitcoin transactions on Gate.io exchange
72. Zero-Day Vulnerability Explained
73. WordPress Design Flaw + WooCommerce Vulnerability Leads to Site Takeover
74. Flaws in several self-encrypting SSDs allows attackers to decrypt data they contain
75. It’s thought that the private message data was obtained via a malicious browser extension that scraped the data from users’
76. Backdoors Installed via macOS Cryptocurrency App
77. Malware Execution via Microsoft Word Embedded Video
78. Azorult Malware Spread by New Ramnit Campaign
79. Supply-chain attack on cryptocurrency exchange
80. Supply-chain attack on cryptocurrency exchange
81. Side-Channel Vulnerability PortSmash Steals Keys
82. Apache Struts Warns Users of Two-Year-Old Vulnerability
83. Why are fake Elon Musk bitcoin scams running rife on Twitter right now?
84. Apache Struts Warns Users of Two-Year-Old Vulnerability
85. Apache Struts 2.3.x vulnerable to two year old RCE flaw
86. IBM Watson will be used by NIST to assign CVSS scores to vulnerabilities
87. Security firm Armis has discovered two vulnerabilities in Bluetooth Chips from several networking industry leaders.
88. Hidden Costs of IoT Vulnerabilities
89. Evernote for Windows patch resolves stored XSS vulnerability
90. Ransomware Keeps Ringing in Profits for Cybercrime Rings
91. How IAM is Evolving in the Blockchain Era
92. A Blockchain Solution for Data Provenance Using Hyperledger Fabric
93. Private messages from 81,000 hacked Facebook accounts were for sale online. The information was obtained through malicious browser extensions, such as
94. New ransomware spotted using DiskCryptor
95. Exploit Developer Discovers Zero-Day Microsoft Edge Vulnerability Triggering RCE Attacks
96. How testing perspectives helps find application security flaws
97. Worst malware and threat actors of 2018 so far
98. We're hosting a lunch and learn event geared towards endpoint #security and #ransomware, with technology partner @SentinelOne. Please join us on
99. PortSmash Side-Channel Vulnerability – Another Threat For Intel CPUs
100. U.S. Air Force Announces Third Bug Bounty Program
101. CVE-2018-11759: Apache mod_jk Access Control Bypass Vulnerability
102. High risk vulnerability discovered in Sauter CASE Suite building automation software
103. Apache Struts Team Urges Users for Library Update to Plug Years-Old Bugs
104. Samsung & Crucial Storage Device Vulnerability Allow Attackers to Break the Password & Access the Entire Device Data
105. Flaws in Popular Self-Encrypting SSDs Let Attackers Decrypt Data
106. Apple Patches Critical iOS, macOS and watchOS Flaws
107. Watch Out for the “Programmer Who Cracked Your Email” Bitcoin Scam
108. Multiple Cisco Vulnerabilities Threat Alert
109. Vulnerability in Icecast can collapse online radio stations
110. Two zero-day vulnerabilities expose millions of access points
111. Gitlab v11.4.5 release: fix bugs
112. #ThreatFabric discovers #NeoBot Android Banking Trojan (#Exobot spawn) in #GooglePlay with 10,000+ installs Please contact us if your interested in
113. Symantec acquires Appthority to enhance protection from mobile application vulnerabilities

CRIME

114. ThreatList: Despite Fraud Awareness, Password Reuse Persists for Half of U.S. Consumers
115. Hackers Breach StatCounter To Hijack Bitcoin Transactions
116. Hackers breach StatCounter to hijack Bitcoin transactions on Gate.io exchange
117. Zero-Day Vulnerability Explained
118. Tech companies offered free products to help secure the election. Now what?
119. Business email compromise made easy for cybercriminals as 12.5 million company email inboxes and 33,000 finance department credentials openly accessible
120. Magecart infiltrates UK online retailer Kitronik payment system
121. Ransomware Keeps Ringing in Profits for Cybercrime Rings
122. Spam and phishing in Q3 2018
123. A Blockchain Solution for Data Provenance Using Hyperledger Fabric
124. Nation states sponsoring increasingly sophisticated cyber attacks
125. Gift Card Phishing Scam Using Email Addresses of Bosses’ is Latest Trend Adopted by Scammers
126. Watch Out for the “Programmer Who Cracked Your Email” Bitcoin Scam

POLITICS

127. Election Day: Five Security Experts Conclude that Georgia’s Online Voter Database is Easily Hackable
128. Compromising vital infrastructure: transport and logistics
129. Flaws in several self-encrypting SSDs allows attackers to decrypt data they contain
130. Pocket iNet ISP Exposed 73GB of Corporate Data Online
131. Fake Telegram Apps Used to Spy on Iranian Users
132. Tech companies offered free products to help secure the election. Now what?
133. Spam and phishing in Q3 2018
134. GPU side channel attacks can enable spying on web activity, password stealing
135. Nation states sponsoring increasingly sophisticated cyber attacks
136. New attack by Anonymous Italy: personal data from ministries and police have been released online