Nov 9, 2018

Daily brief for 2018-11-08

ASIA

  1. Triton Malware Spearheads Latest Generation of Attacks on Industrial Systems
  2. 689,272 plaintext records of Amex India customers exposed online
  3. Cambodia's ISPs Hit By Massive DDoS Attacks
  4. Attack uses malicious InPage document and outdated VLC media player to give attackers backdoor access to targets
  5. Active Exploitation of Newly Patched ColdFusion Vulnerability (CVE-2018-15961)
  6. Symantec Uncovers North Korean Group's ATM Attack Malware
  7. Lazarus Group Targets Bank Networks to Rob ATMs
  8. 4 Cambodia’s ISPs Attacked by DDoS
  9. Hackers from North Korea still breaking into PCs for mining crypto-currencies
  10. DDoS attack on Cambodia’s top ISPs reached 150Gbps
  11. Symantec researchers dissect North Korean malware used in ATM attacks
  12. SIM Swapping Hacker Group Who Managed to Steal $80,000 Worth of Cryptocurrency Got Arrested
  13. Spam Botnet of Over 100K Routers Abuses UPnP
  14. Cambodia's ISPs hit by some of the biggest DDoS attacks in the country's history
  15. HSBC confirms data theft in the United States
  16. Commoditization of Computing Hardware and the Bugs It Contains

WORLD

  1. Bleedingbit Vulnerabilities Could Affect Enterprises Worldwide
  2. Triton Malware Spearheads Latest Generation of Attacks on Industrial Systems
  3. Canada Post Leaked Personal Data of 4,500 Cannabis Customers
  4. 689,272 plaintext records of Amex India customers exposed online
  5. Canada Post Leaked Personal Data On Cannabis Smokers
  6. Attack uses malicious InPage document and outdated VLC media player to give attackers backdoor access to targets
  7. Active Exploitation of Newly Patched ColdFusion Vulnerability (CVE-2018-15961)
  8. Metamorfo Banking Trojan Keeps Its Sights on Brazil
  9. Lazarus Group Targets Bank Networks to Rob ATMs
  10. Hackers Attack Crypto Exchange With Bitcoin-Stealing Malware
  11. Flaws in several self-encrypting SSDs allows attackers to decrypt data they contain
  12. Most IT Security Pros Underestimate Phishing Risks
  13. Hackers from North Korea still breaking into PCs for mining crypto-currencies
  14. Symantec researchers dissect North Korean malware used in ATM attacks
  15. Banking Malware Takes Aim at Brazilians
  16. Cryptocurrency Mining Malware uses Various Evasion Techniques, Including Windows Installer, as Part of its Routine
  17. iOS 12.1 Vulnerability
  18. Beware of scams! Elon Musk is not giving away bitcoin on Twitter
  19. Spam Botnet of Over 100K Routers Abuses UPnP
  20. The Cyber National Mission Force will share unclassified U.S. Cyber Command #malware samples to #VirusTotal and one expert hopes there
  21. U.S. Cyber Command CNMF Shares unclassified malware samples via VirusTotal
  22. Encryption flaws in solid state drives enable unauthorised data access
  23. Canada Post leaked personal data, orders of thousands of cannabis smokers
  24. HSBC Bank Alerts US Customers to Data Breach
  25. US Cyber Command starts uploading foreign APT malware to VirusTotal
  26. U.S. Cyber Command malware samples to be logged in VirusTotal
  27. Metamorfo Banking Trojan Keeps Its Sights on Brazil
  28. Spyware disguised as Spanish banking apps removed from Google Play
  29. Unclassified #malware samples from U.S. Cyber Command will be shared with @virustotal by the Cyber National Mission Force. @MalwareJake @stephengillett
  30. Canadian University Undergoes A Forced Shutdown After Cryptojacking Attack
  31. U.S. Cyber Command Shares Malware via VirusTotal
  32. HSBC confirms data theft in the United States
  33. US Cyber Command starts uploading foreign APT malware to VirusTotal

ATTACKS

  1. California Girl Scouts branch suffers data breach
  2. IT Security Culture Evolution of Businesses Exposed
  3. Canada Post Leaked Personal Data of 4,500 Cannabis Customers
  4. 689,272 plaintext records of Amex India customers exposed online
  5. 3.6 Billion Records Exposed in Data Breaches Until the End September 2018
  6. DJI Drone Flight Logs, Photos and Videos Exposed to Unauthorized Access
  7. Canada Post Leaked Personal Data On Cannabis Smokers
  8. Drone Vulnerability Could Compromise Enterprise Data
  9. Oracle's VirtualBox Vulnerability Leaked By Disgruntled Researcher
  10. Radisson Loyalty Program Compromised
  11. Test Your Employees with Internal Phishing Campaigns
  12. Most IT Security Pros Underestimate Phishing Risks
  13. DJI Drone Vulnerability Exposed Customer Data, Flight Logs, Photos and Videos
  14. Business email compromise attacks cost over $676 million in 2017, according to the @FBI's Internet #CrimeReport. Learn how to recognize
  15. Most Enterprises Fail to Implement Proper Protection Against Phishing Attacks
  16. According to the 2018 Cost of a Data Breach Study by @PonemonPrivacy & @IBM, the global average cost of a
  17. Canada Post leaked personal data, orders of thousands of cannabis smokers
  18. HSBC Bank Alerts US Customers to Data Breach
  19. StatCounter platform compromised to infect gate.io exchange with bitcoin-stealing code
  20. Users Stop Engaging With Brands After Data Breaches, Report Finds
  21. Phishing extortion campaign using new, more effective methods
  22. Gamasutra user privacy fragged following IP leak discovery
  23. How many of these bad password habits do you have?
  24. HSBC confirms data theft in the United States
  25. Increasing value of personal data a 21st century challenge
  26. Good article about the password problem and a statistic that shows just how bad a problem it has now become...

THREATS

  1. Companies swamped by critical vulnerabilities – Tenable
  2. Cisco hunts for Apache Struts 2 FileUpload bug and finds DIRTY CoW exploit
  3. Bleedingbit Vulnerabilities Could Affect Enterprises Worldwide
  4. Triton Malware Spearheads Latest Generation of Attacks on Industrial Systems
  5. Pentagon Draws Back the Veil on APT Malware with Sudden Embrace of VirusTotal
  6. Google: Newer Android versions are less affected by malware
  7. Hackers Charged for Creating 6K Strong Cryptojacking Network
  8. Dharma Ransomware Hits Altus Baytown Hospital's Systems
  9. Steam bug could have given you access to all the CD keys of any game
  10. Drone Vulnerability Could Compromise Enterprise Data
  11. Oracle's VirtualBox Vulnerability Leaked By Disgruntled Researcher
  12. [SingCERT] Alert on Nginx Vulnerabilities (CVE-2018-16843, CVE-2018-16844, and CVE-2018-16845)
  13. Attack uses malicious InPage document and outdated VLC media player to give attackers backdoor access to targets
  14. Can Blockchain Solve The Problem of Blood Diamonds?
  15. Active Exploitation of Newly Patched ColdFusion Vulnerability (CVE-2018-15961)
  16. Symantec Uncovers North Korean Group's ATM Attack Malware
  17. Several Vulnerabilities Patched in nginx
  18. Metamorfo Banking Trojan Keeps Its Sights on Brazil
  19. Hackers Attack Crypto Exchange With Bitcoin-Stealing Malware
  20. The Pentagon has suddenly started uploading #malware samples from APTs and other nation-state sources to the website VirusTotal.
  21. Flaws in several self-encrypting SSDs allows attackers to decrypt data they contain
  22. WooCommerce Plugin file deletion vulnerability exposes WordPress 'failing open' design flaw
  23. Managing the Intersection of Cryptocurrency and Compliance
  24. VirtualBox zero-day flaw released on Github; working exploit available but no patch
  25. Hackers from North Korea still breaking into PCs for mining crypto-currencies
  26. DJI Drone Vulnerability Exposed Customer Data, Flight Logs, Photos and Videos
  27. DJI Patches Forum Bug That Allowed Drone Account Takeovers
  28. Spam-spewing IoT botnet infects 100,000 routers using five-year-old flaw
  29. Symantec researchers dissect North Korean malware used in ATM attacks
  30. SIM Swapping Hacker Group Who Managed to Steal $80,000 Worth of Cryptocurrency Got Arrested
  31. Ranting researcher publishes VM-busting zero-day without warning
  32. Spam-spewing IoT botnet infects 100,000 routers using five-year-old flaw
  33. Banking Malware Takes Aim at Brazilians
  34. DJI Drone Vulnerability
  35. Cryptocurrency Mining Malware uses Various Evasion Techniques, Including Windows Installer, as Part of its Routine
  36. iOS 12.1 Vulnerability
  37. Beware of scams! Elon Musk is not giving away bitcoin on Twitter
  38. The Cyber National Mission Force will share unclassified U.S. Cyber Command #malware samples to #VirusTotal and one expert hopes there
  39. U.S. Cyber Command CNMF Shares unclassified malware samples via VirusTotal
  40. Encryption flaws in solid state drives enable unauthorised data access
  41. Microsoft Bug is Deactivating Windows 10 Pro Licenses and Downgrading to Home
  42. Ranting researcher publishes #VM-busting zero-day without warning
  43. We don' need no stinkin' bounties: VirtualBox guest-to-host escape zero-day lands at GitHub
  44. StatCounter platform compromised to infect gate.io exchange with bitcoin-stealing code
  45. Vulnerabilities In Major Self-Encrypting SSDs Allow Encryption Bypass and Affect Bitlocker
  46. [SingCERT] Alert on Critical Apache Struts 2 Remote Code Execution Vulnerability (CVE-2016-1000031)
  47. US Cyber Command starts uploading foreign APT malware to VirusTotal
  48. U.S. Cyber Command malware samples to be logged in VirusTotal
  49. Metamorfo Banking Trojan Keeps Its Sights on Brazil
  50. Spyware disguised as Spanish banking apps removed from Google Play
  51. XSS flaw in Evernote allows attackers to execute commands and steal files
  52. Unclassified #malware samples from U.S. Cyber Command will be shared with @virustotal by the Cyber National Mission Force. @MalwareJake @stephengillett
  53. Canadian University Undergoes A Forced Shutdown After Cryptojacking Attack
  54. Did you miss yesterday's #blog? Catch up on how fileless #malware is changing the way we as organizations are treating
  55. "The presence of the insecure remote access software on systems used for election management raised concerns that malicious #ThreatActors --
  56. U.S. Cyber Command Shares Malware via VirusTotal
  57. Critical authentication flaw in DJI drone web app fixed
  58. Commoditization of Computing Hardware and the Bugs It Contains
  59. 4 Million Shops Installed WooCommerce Plugin RCE Flaw Allows Attacker to Gain WordPress Sites Admin Access
  60. A year later, @amarekano's Android overlay bug has been included in the AOSP November 2018 patched notes as CVE-2018-9524
  61. StatCounter Analytics Code Hijacked to Steal Bitcoins from Cryptocurrency Users
  62. Unpatched VirtualBox Zero-Day Vulnerability and Exploit Released Online
  63. US Cyber Command starts uploading foreign APT malware to VirusTotal

CRIME

  1. California Girl Scouts branch suffers data breach
  2. 3.6 Billion Records Exposed in Data Breaches Until the End September 2018
  3. Can Blockchain Solve The Problem of Blood Diamonds?
  4. Radisson Loyalty Program Compromised
  5. Test Your Employees with Internal Phishing Campaigns
  6. Lazarus Group Targets Bank Networks to Rob ATMs
  7. Hackers Attack Crypto Exchange With Bitcoin-Stealing Malware
  8. Hackers from North Korea still breaking into PCs for mining crypto-currencies
  9. Business email compromise attacks cost over $676 million in 2017, according to the @FBI's Internet #CrimeReport. Learn how to recognize
  10. Symantec researchers dissect North Korean malware used in ATM attacks
  11. Top 5 Threats Healthcare Organizations Face and How to Combat Them
  12. Man Behind DDoS Attacks on Gaming Companies Pleads Guilty
  13. DerpTrolling game server DoS attacker pleads guilty
  14. HSBC Bank Alerts US Customers to Data Breach
  15. Phishing extortion campaign using new, more effective methods
  16. To Pay or Not to Pay: A Large Retailer Responds to #DDoS Extortion Find out what happened here:
  17. Spyware disguised as Spanish banking apps removed from Google Play
  18. Hacker Behind Series of DoS Attack Targeting Gaming Companies Pleaded Guilty
  19. HSBC confirms data theft in the United States

POLITICS

  1. Triton Malware Spearheads Latest Generation of Attacks on Industrial Systems
  2. Active Exploitation of Newly Patched ColdFusion Vulnerability (CVE-2018-15961)
  3. Lazarus Group Targets Bank Networks to Rob ATMs
  4. 4 Cambodia’s ISPs Attacked by DDoS
  5. Flaws in several self-encrypting SSDs allows attackers to decrypt data they contain
  6. Hackers from North Korea still breaking into PCs for mining crypto-currencies
  7. "The presence of the insecure remote access software on systems used for election management raised concerns that malicious #ThreatActors --
at
Labels: