Nov 8, 2018

Daily brief for 2018-11-07

ASIA

  1. U.S. Air Force announced Hack the Air Force 3.0, the third Bug Bounty Program
  2. Data Of Nearly 700,000 Amex India Customers Exposed Via Unsecured MongoDB Server
  3. Amex India accounts exposed by misconfigured MongoDB installation
  4. Data of nearly 700,000 Amex India customers exposed via unsecured MongoDB server
  5. Weekly Threat Briefing: Scammers Ride on Popular Vote411 Voter Info Site to Push Scareware Alerts
  6. Personal data of police and ministries employees leaked by Anonymous Italy
  7. Linux servers and IoT devices, main targets of Shellbot botnet

WORLD

  1. U.S. Air Force announced Hack the Air Force 3.0, the third Bug Bounty Program
  2. Salesforce Aims to Curb Spam With Blockchain
  3. Using Blockchain Technology to Solve Global Problems
  4. Feds get guilty plea in 'DerpTrolling' attacks on video game sites
  5. Half a Million People Potentially Affected by Data Breach at Bankers Life
  6. Security Alert: New Dharma Ransomware Strains Alarmingly Go Undetected By Antivirus Engines
  7. Learn About Phishing Incident Response on Nov 15
  8. Hacker Leaked Unpatched Virtual Box Zero-day Vulnerability and its Exploit Online
  9. HSBC Bank Data Breach Exposed Customer’s Account Details and More
  10. HSBC US Customers Hit by Data Breach
  11. Elon Musk Bitcoin Scammers Hijack Verified Status Accounts
  12. Stop us if you've heard this one: Remote code hijacking flaw in Apache Struts, patch ASAP
  13. Weekly Threat Briefing: Scammers Ride on Popular Vote411 Voter Info Site to Push Scareware Alerts
  14. HSBC suffers data breach, customer banking info exposed
  15. Bug bounty: Hack the US Air Force and Get Paid
  16. VirtualBox zero-day published by disgruntled researcher
  17. We recently detected an Android banking malware campaign (Anubis) actively targeting the Dutch market by #abusing the @PostNL brand. After
  18. Personal data of police and ministries employees leaked by Anonymous Italy
  19. Linux servers and IoT devices, main targets of Shellbot botnet
  20. AMD and TSMC outline 7nm process products to be listed next year
  21. Five Guys suffers employees’ data theft
  22. Vulnerabilities in self encrypted SSD allow attackers to bypass disk encryption
  23. Bitcoin Cryptojacking Attack Forces University to Disable Entire Network
  24. Rushed My Health Record changes still missing the point
  25. VirtualBox Zero-Day Vulnerability Details and Exploit Are Publicly Available

ATTACKS

  1. New Jersey AG Announces $200,000 Settlement with Business Associate and Permanent Ban for BA’s Owner due to 2016 Data Breach Affecting Over 1,650 Patients
  2. Half a Million People Potentially Affected by Data Breach at Bankers Life
  3. Data Of Nearly 700,000 Amex India Customers Exposed Via Unsecured MongoDB Server
  4. HSBC Bank Suffers Data Breach
  5. A Phishing Incident is Being Investigated by the Carthage Police
  6. Why you should use a password manager
  7. Amex India accounts exposed by misconfigured MongoDB installation
  8. They stopped a phishing attack in 10 minutes. It used to take days.
  9. Password Grabber Module Added to Trickbot
  10. Data of nearly 700,000 Amex India customers exposed via unsecured MongoDB server
  11. Why Password Management and Security Strategies Fall Short
  12. Learn About Phishing Incident Response on Nov 15
  13. Learn why @Google chose U2F authentication over OTP to eliminate #PhishingEmails from expert Michael Cobb of @thehairyITdog.
  14. Hacker Leaked Unpatched Virtual Box Zero-day Vulnerability and its Exploit Online
  15. HSBC Bank Data Breach Exposed Customer’s Account Details and More
  16. HSBC US Customers Hit by Data Breach
  17. What do you think is the average cost of a data breach?
  18. HSBC now stands for Hapless Security, Became Compromised: Thousands of customer files snatched by crims
  19. ICO poised to fine Leave campaign and Arron Banks’ insurance biz £135,000
  20. HSBC suffers data breach, customer banking info exposed
  21. We recently detected an Android banking malware campaign (Anubis) actively targeting the Dutch market by #abusing the @PostNL brand. After
  22. New dropper campaign with at least 8 droppers in #GooglePlay (30k+ installs total), found with the help of @avast_antivirus @apklabio.
  23. A poor password is a key for the wrong person to get in.
  24. How voting history data benefits political campaigns
  25. HSBC Bank Data Breach Exposed Account Numbers, Balances, Transaction History and Other Details
  26. Personal data of police and ministries employees leaked by Anonymous Italy
  27. Five Guys suffers employees’ data theft
  28. Rushed My Health Record changes still missing the point
  29. What businesses can learn from political campaigns about using big data

THREATS

  1. Uni cans crypto-mining CPU raid by switching off whole IT network
  2. U.S. Air Force announced Hack the Air Force 3.0, the third Bug Bounty Program
  3. Security Flaws Found in Widely Used Data Storage Devices | Avast
  4. Salesforce Aims to Curb Spam With Blockchain
  5. Using Blockchain Technology to Solve Global Problems
  6. Cisco removed its seventh backdoor account this year, and that's a good thing
  7. JavaScript attack aimed to reroute bitcoin transactions
  8. 3,2 Million New Android Malicious Apps Detected Until the End of Q3 2018
  9. A flaw in WooCommerce WordPress Plugin could be exploited to take over e-stores
  10. Healthcare Targeted by 37 Percent of All Ransomware Attacks in Q3 2018
  11. Flaw in Icecast streaming media server allows to take off online Radio Stations
  12. VirtualBox zero-day dumped on GitHub
  13. Security Researcher Drops VirtualBox Guest-to-Host Escape Zero-Day on GitHub
  14. WordPress Flaw Opens Millions of WooCommerce Shops to Takeover
  15. Rapidly Growing Router Botnet Takes Advantage of 5-Year-Old Flaw
  16. Flaw Leads to RCE in WordPress Plugins, WooCommerce
  17. Hacker education, inclusivity, and shifting perceptions of bug bounties
  18. Apache alerts developers of remote code execution flaw
  19. Evernote Flaw Allows Hackers to Steal Files, Execute Commands
  20. Security Alert: New Dharma Ransomware Strains Alarmingly Go Undetected By Antivirus Engines
  21. Top 20 application vulnerabilities in the enterprise are dominated by Adobe and Microsoft
  22. Equifax nemesis Apache Struts found vulnerable to 2-year old unpatched flaw; workaround available
  23. Rapid7 Wins Frost & Sullivan 2018 Global Vulnerability Management Market Leadership Award
  24. Hacker Leaked Unpatched Virtual Box Zero-day Vulnerability and its Exploit Online
  25. Zero-day flaw in VirtualBox details go public
  26. Erratic Windows 10 Bug Breaks Changing of Default File Associations
  27. Researcher discloses VirtualBox Zero-Day without reporting it to Oracle
  28. Serious XSS flaw discovered in Evernote for Windows, update now!
  29. Researchers say #Bleedingbit vulnerabilities could allow #RemoteCodeExecution on wireless access points, medical devices and any other products using the affected
  30. University shuts down network to thwart Bitcoin cryptojacking scheme
  31. Not sure how to tell if your Android phone has a virus? Android malware comes in many forms, ranging from spyware
  32. Attackers breached Statcounter to steal cryptocurrency from gate.io users
  33. Enterprises Sinking Under 100+ Critical Flaws Per Day
  34. #SamSam #ransomware targeted 67 organizations in 2018, according to @symantec research. By @MaddieBacon11
  35. WordPress, WooCommerce flaws combine to allow website hijacking
  36. How to Remove NOBAD Ransomware
  37. Elon Musk Bitcoin Scammers Hijack Verified Status Accounts
  38. Apache Struts vulnerability would allow system take over
  39. #Kraken #ransomware as a service is getting more popular after being bundled into the Fallout #ExploitKit and getting more update
  40. Up to 4 million online merchants who use the popular @WooCommerce #WordPress plugin are vulnerable to a file deletion flaw.
  41. Researcher Drops Oracle VirtualBox Zero-Day
  42. Stop us if you've heard this one: Remote code hijacking flaw in Apache Struts, patch ASAP
  43. Hackers seed StatCounter with nasty JavaScript in elaborate Bitcoin theft scheme
  44. Weekly Threat Briefing: Scammers Ride on Popular Vote411 Voter Info Site to Push Scareware Alerts
  45. Blockchain: The Good, the Bad and the Legal
  46. Managing Third-Party Risk in the Age of Ransomware
  47. Bug bounty: Hack the US Air Force and Get Paid
  48. Microsoft, Google apps feature in the top 20 vulnerabilities in enterprise environments
  49. VirtualBox zero-day published by disgruntled researcher
  50. A fresh #botnet is rapidly growing by targeting a five-year-old #vulnerability. So far, @360Netlab said hundreds of thousands of bot
  51. .@Siemens SICLOCK central plant clocks were recently found to be affected by several vulnerabilities, some of which have been rated
  52. New cryptocurrencies offer better anonymity, new security challenges, from @CSOonline http://0fox.co/sSmx30i8vm4 ZeroFOX CTO weighs in on the #infosec challenges
  53. Apache Struts users have to update FileUpload library to fix years-old flaws
  54. On the #blog today, we talk about how fileless malware is changing the way we as organizations treats #cyberthreats.
  55. Zero-Day #Vulnerability Explained
  56. November Android Security Update Fixes Critical Bugs, Drops Media Library
  57. We recently detected an Android banking malware campaign (Anubis) actively targeting the Dutch market by #abusing the @PostNL brand. After
  58. New dropper campaign with at least 8 droppers in #GooglePlay (30k+ installs total), found with the help of @avast_antivirus @apklabio.
  59. Coupa Simplifies Fragmented B2B Payments Process
  60. Researcher publishes new VirtualBox zero-day vulnerability
  61. Turning Malware Trends into Proactive Behaviors
  62. DHS on Election Day: No malicious cyber-activity observed
  63. AMD and TSMC outline 7nm process products to be listed next year
  64. Vulnerabilities in self encrypted SSD allow attackers to bypass disk encryption
  65. #Virtualbox hat eine #Zeroday Sicherheitslücke. Tipp: Ändern Sie Ihren virtuellen Netzwerkadapter auf etwas anderes als Intel PRO/1000.
  66. Bitcoin Cryptojacking Attack Forces University to Disable Entire Network
  67. Popular WooCommerce WordPress Plugin Patches Critical Vulnerability
  68. Google's automated fuzz bot has found over 9,000 bugs in the past two years
  69. VirtualBox Zero-Day Vulnerability Details and Exploit Are Publicly Available
  70. Researchers rank cryptocurrency exchanges by how secure they are

CRIME

  1. Feds get guilty plea in 'DerpTrolling' attacks on video game sites
  2. JavaScript attack aimed to reroute bitcoin transactions
  3. A Phishing Incident is Being Investigated by the Carthage Police
  4. They stopped a phishing attack in 10 minutes. It used to take days.
  5. HSBC Bank Data Breach Exposed Customer’s Account Details and More
  6. University shuts down network to thwart Bitcoin cryptojacking scheme
  7. Attackers breached Statcounter to steal cryptocurrency from gate.io users
  8. HSBC US Customers Hit by Data Breach
  9. Elon Musk Bitcoin Scammers Hijack Verified Status Accounts
  10. Hackers seed StatCounter with nasty JavaScript in elaborate Bitcoin theft scheme
  11. Weekly Threat Briefing: Scammers Ride on Popular Vote411 Voter Info Site to Push Scareware Alerts
  12. Blockchain: The Good, the Bad and the Legal
  13. Coupa Simplifies Fragmented B2B Payments Process
  14. Five Guys suffers employees’ data theft

POLITICS

  1. Weekly Threat Briefing: Scammers Ride on Popular Vote411 Voter Info Site to Push Scareware Alerts
  2. DHS on Election Day: No malicious cyber-activity observed
  3. Personal data of police and ministries employees leaked by Anonymous Italy
  4. Vulnerabilities in self encrypted SSD allow attackers to bypass disk encryption
at
Labels: