Nov 10, 2018

Daily brief for 2018-11-09

ASIA

  1. U.S. Air Force announced Hack the Air Force 3.0, the third Bug Bounty Program
  2. VMware releases security patches for a critical virtual machine escape flaw
  3. VMware Patches VM Escape Flaw Disclosed at Chinese Hacking Contest
  4. Chinese headmaster fired after setting up his own secret cryptomining rig at school
  5. Chinese headmaster fired after setting up his own secret cryptomining rig at school
  6. Playbook Fridays: Domain Spinning Workbench Spaces App
  7. A new spam #botnet took advantage of a UPnP vulnerability to infect over 100,000 home routers in India, China and
  8. South Korean Hackers Arrested for Infecting Cryto Mining Malware
  9. Phishing Attempts Soar to 137 Million in Q3
  10. Phishing now possible by exploiting online video function vulnerability in Word
  11. Snowden speaks about the role of surveillance firm NSO Group in Khashoggi murder
  12. BCMPUPnP_Hunter Botnet infected 400k routers to turn them in email spammers
  13. Exposed data of nearly 700k American Express India customers
  14. Hack the Air Force 3.0 – New vulnerability bounty program
  15. Nearly 700,000 Plaintext Records of American Express India Customers Personal Info Exposed Online

WORLD

  1. U.S. Air Force announced Hack the Air Force 3.0, the third Bug Bounty Program
  2. Koadic: Security Defense in the Age of LoL Malware, Part IV
  3. 'DerpTroll' derps into plea deal, admits DDoS attacks on EA, Steam, Sony game servers
  4. Bug Bounty Hunter Ran ISP Doxing Service
  5. VMware releases security patches for a critical virtual machine escape flaw
  6. The Pentagon is Publishing Foreign Nation-State Malware
  7. Stealthy Crypto-Mining Malware Evades Detection
  8. Infosec Problems For 2019 and Beyond: Patching, Bug Bounties and Hype
  9. Advanced tools: Process Hacker
  10. This Week in Security News: Fake Apps & Malicious Bots
  11. Inception Attackers Target Europe with Year-old Office Vulnerability
  12. Chinese headmaster fired after setting up his own secret cryptomining rig at school
  13. Playbook Fridays: Domain Spinning Workbench Spaces App
  14. Flaws in Roche Medical Devices Can Put Patients at Risk
  15. A new spam #botnet took advantage of a UPnP vulnerability to infect over 100,000 home routers in India, China and
  16. Canada Post leaks sensitive information of thousands of cannabis buyers
  17. Phishing Attempts Soar to 137 Million in Q3
  18. Sony DDoS-er 'DerpTrolling' Pleads Guilty
  19. D93 staff accounts compromised through a phishing scam
  20. Snowden speaks about the role of surveillance firm NSO Group in Khashoggi murder
  21. Canadian Uni Shutters Network After Cryptomining Attack
  22. US Air Force invites white hats to find hackable flaws, again
  23. Guy Fawkes Day – LulzSec Italy hit numerous organizations in Italy
  24. BCMPUPnP_Hunter Botnet infected 400k routers to turn them in email spammers
  25. VirusTotal and USCyberCom Join Forces To Identify Malware
  26. Exposed data of nearly 700k American Express India customers
  27. Hack the Air Force 3.0 – New vulnerability bounty program
  28. Hackers hide malware in the Windows installation files to mine cryptocurrency
  29. Nearly 700,000 Plaintext Records of American Express India Customers Personal Info Exposed Online
  30. U.S. Cyber Command #malware samples will be shared to #VirusTotal by the Cyber National Mission Force and one expert said

ATTACKS

  1. Email Stealing Emotet Banking Trojan Resurrected in New Extensive Spam Campaign
  2. Oops: Cisco accidentally leaked in-house Dirty COW exploit code with biz conf call software
  3. Bug Bounty Hunter Ran ISP Doxing Service
  4. DJI drone hack could have exposed sensitive data
  5. Trickbot Malware Added Password And Browser History Stealing
  6. Man Sent Letter Bomb To Bitcoin Firm Over Password Reset
  7. Emotet launches major new spam campaign
  8. .@ablaich: “Breaches that include personally identifiable information are always dangerous because they can lead to identity theft... they can also
  9. This banking malware just added password and browser history stealing to its playbook
  10. Canada Post leaks sensitive information of thousands of cannabis buyers
  11. This banking #malware just added #password and browser history stealing to its playbook https://zd.net/2Pl6v31 via @ZDNet & @dannyjpalmer
  12. Phishing Attempts Soar to 137 Million in Q3
  13. Phishing now possible by exploiting online video function vulnerability in Word
  14. D93 staff accounts compromised through a phishing scam
  15. Drone vulnerability could compromise enterprise data
  16. "If the schemas prove not to be compatible, a backup of the previous version of a database must be used
  17. 5 Ways #Cybercriminals Can Access Your Emails Without #Phishing | Check out the full infographic here:
  18. Criminals are targeting cardless ATMs with the help of SMS text-based phishing (aka smishing) to drain bank accounts using stolen
  19. Exposed data of nearly 700k American Express India customers
  20. Nearly 700,000 Plaintext Records of American Express India Customers Personal Info Exposed Online

THREATS

  1. Hackers Target Bitcoins and USCYBERCOM Shares Malware | Avast
  2. U.S. Air Force announced Hack the Air Force 3.0, the third Bug Bounty Program
  3. Koadic: Security Defense in the Age of LoL Malware, Part IV
  4. Recently-Patched Adobe ColdFusion Flaw Exploited By APT
  5. Email Stealing Emotet Banking Trojan Resurrected in New Extensive Spam Campaign
  6. StatCounter fingers cache-poisoning caper for Bitcoin-slurping JavaScript hijack
  7. Zero-day in popular WordPress plugin exploited in the wild to take over sites
  8. Bug Bounty Hunter Ran ISP Doxing Service
  9. VMware releases security patches for a critical virtual machine escape flaw
  10. Ransomware Still the Top Malware Threat During 2018 According to Europol
  11. The Pentagon is Publishing Foreign Nation-State Malware
  12. Cryptomining Malware Uses Rootkit to Hide on Infected Linux Systems
  13. The Week in Ransomware - November 9th 2018 - Mostly Dharma Variants
  14. Stealthy Crypto-Mining Malware Evades Detection
  15. Infosec Problems For 2019 and Beyond: Patching, Bug Bounties and Hype
  16. Advanced tools: Process Hacker
  17. Trickbot Malware Added Password And Browser History Stealing
  18. Man Sent Letter Bomb To Bitcoin Firm Over Password Reset
  19. This Week in Security News: Fake Apps & Malicious Bots
  20. "Inception Attackers" Combine Old Exploit and New Backdoor
  21. Linux cryptocurrency miners are installing rootkits to hide themselves
  22. VMware Patches VM Escape Flaw Disclosed at Chinese Hacking Contest
  23. Chinese headmaster fired after setting up his own secret cryptomining rig at school
  24. Kraken Ransomware
  25. Inception Attackers Target Europe with Year-old Office Vulnerability
  26. Chinese headmaster fired after setting up his own secret cryptomining rig at school
  27. Playbook Fridays: Domain Spinning Workbench Spaces App
  28. Flaws in Roche Medical Devices Can Put Patients at Risk
  29. This banking malware just added password and browser history stealing to its playbook
  30. Inception hackers target European organisations with old Office flaw
  31. A new spam #botnet took advantage of a UPnP vulnerability to infect over 100,000 home routers in India, China and
  32. South Korean Hackers Arrested for Infecting Cryto Mining Malware
  33. Serious XSS Vulnerability Patched in Evernote
  34. #Cyberespionage hackers have used stolen #DigitalCertificates to steal data. Expert Michael Cobb of @thehairyITdog explains how hackers sign Plead
  35. Update now! WordPress sites vulnerable to WooCommerce plugin flaw
  36. Are you prepared for #ransomware? Download this how-to guide to learn how to prepare for and detect an attack before
  37. This banking #malware just added #password and browser history stealing to its playbook https://zd.net/2Pl6v31 via @ZDNet & @dannyjpalmer
  38. The Morris Worm Turns 30
  39. Phishing now possible by exploiting online video function vulnerability in Word
  40. Idaho Falls School District Struck by a Computer Virus Attack
  41. Vulnerabilities in Our Infrastructure: 5 Ways to Mitigate the Risk
  42. OSX/SurfBuyer: Real malware is in the eye of the device holder
  43. No, You Don't Need a Blockchain
  44. Cisco fixes two critical bugs, recommends workaround for a third
  45. Canadian Uni Shutters Network After Cryptomining Attack
  46. Drone vulnerability could compromise enterprise data
  47. US Air Force invites white hats to find hackable flaws, again
  48. How is Plead malware used for cyberespionage attacks?
  49. Prioritizing Flaws Based on Severity Increasingly Ineffective: Study
  50. DJI Drone Can be Hacked using New Vulnerability To Steal Drone’s Flight logs, Photos & Videos
  51. Adobe ColdFusion Vulnerability Exploited in the Wild
  52. VirusTotal and USCyberCom Join Forces To Identify Malware
  53. Combination of bugs in WordPress and WooCommerce allows website hijacking
  54. Hack the Air Force 3.0 – New vulnerability bounty program
  55. Hackers hide malware in the Windows installation files to mine cryptocurrency
  56. Visiting Bitcoin City.
  57. Seagate and IBM Work Together to Help Reduce Global Hard Drive Counterfeiting with Blockchain Technology
  58. U.S. Cyber Command #malware samples will be shared to #VirusTotal by the Cyber National Mission Force and one expert said

CRIME

  1. Email Stealing Emotet Banking Trojan Resurrected in New Extensive Spam Campaign
  2. 'DerpTroll' derps into plea deal, admits DDoS attacks on EA, Steam, Sony game servers
  3. Bug Bounty Hunter Ran ISP Doxing Service
  4. Ransomware Still the Top Malware Threat During 2018 According to Europol
  5. Advanced tools: Process Hacker
  6. This Week in Security News: Fake Apps & Malicious Bots
  7. Chinese headmaster fired after setting up his own secret cryptomining rig at school
  8. Playbook Fridays: Domain Spinning Workbench Spaces App
  9. .@ablaich: “Breaches that include personally identifiable information are always dangerous because they can lead to identity theft... they can also
  10. South Korean Hackers Arrested for Infecting Cryto Mining Malware
  11. #Cyberespionage hackers have used stolen #DigitalCertificates to steal data. Expert Michael Cobb of @thehairyITdog explains how hackers sign Plead
  12. DerpTrolling game server DDoS attacker pleads guilty
  13. Phishing Attempts Soar to 137 Million in Q3
  14. Sony DDoS-er 'DerpTrolling' Pleads Guilty
  15. D93 staff accounts compromised through a phishing scam
  16. How is Plead malware used for cyberespionage attacks?
  17. Criminals are targeting cardless ATMs with the help of SMS text-based phishing (aka smishing) to drain bank accounts using stolen
  18. Latest Hacking News Podcast
  19. Notorious "DerpTrolling" Pleads Guilty to DDoS Attacks on EA & Sony

POLITICS

  1. This Week in Security News: Fake Apps & Malicious Bots
  2. Chinese headmaster fired after setting up his own secret cryptomining rig at school
  3. Chinese headmaster fired after setting up his own secret cryptomining rig at school
  4. #Cyberespionage hackers have used stolen #DigitalCertificates to steal data. Expert Michael Cobb of @thehairyITdog explains how hackers sign Plead
  5. Phishing Attempts Soar to 137 Million in Q3
  6. Snowden speaks about the role of surveillance firm NSO Group in Khashoggi murder
  7. How is Plead malware used for cyberespionage attacks?
  8. Guy Fawkes Day – LulzSec Italy hit numerous organizations in Italy
  9. Exposed data of nearly 700k American Express India customers
at
Labels: