Daily brief for 2018-11-12

ASIA

1. Cylance: Spy campaign targeting Pakistani officials installs malware, then surrenders
2. France seeks Global Talks on Cyberspace security and a “code of good conduct”
3. Patched-up Adobe ColdFusion vulnerability exploited by hackers
4. Chinese Head Fired After Cryptomining at School
5. IT threat evolution Q3 2018. Statistics
6. IT threat evolution Q3 2018
7. Cisco ASA Security Product Denial-of-Service Vulnerability (CVE-2018-15454) Threat Alert
8. Elon Musk BITCOIN Twitter scam, a simple and profitable fraud for crooks

WORLD

9. Cylance: Spy campaign targeting Pakistani officials installs malware, then surrenders
10. U.S. Chip Cards Are Being Compromised in the Millions
11. Malware of the 90s: Remembering the Michelangelo and Melissa viruses
12. France seeks Global Talks on Cyberspace security and a “code of good conduct”
13. Popular Data Storage Devices Compromised Due to Flawed Security
14. Used Data Storage Devices Have Security Flaws
15. U.S. Chip Cards Are Being Compromised in the Millions:
16. U.S. Cyber Command #malware samples will be shared to #VirusTotal by the Cyber National Mission Force and one expert said
17. Chinese Head Fired After Cryptomining at School
18. IT threat evolution Q3 2018. Statistics
19. IT threat evolution Q3 2018
20. Norway’s IT industry must tackle security vulnerabilities
21. In this week’s ShadowTalk, the team debates the benefits/drawbacks of bug bounty programs, how you should consider operational value when
22. Elon Musk BITCOIN Twitter scam, a simple and profitable fraud for crooks

ATTACKS

23. Cylance: Spy campaign targeting Pakistani officials installs malware, then surrenders
24. StatCounter Compromise
25. Emotet Campaign Ramps Up with Mass Email Harvesting Module
26. 2018 On Track to Be One of the Worst Ever for Data Breaches
27. U.S. Chip Cards Are Being Compromised in the Millions
28. Unable to remember his password, man sent letter bomb to Bitcoin exchange
29. Third-party data breach exposes info of Alabama hospital job applicants
30. Small number of HSBC customer accounts compromised in data breach. Often hackers will make use of user names and passwords compromised
31. Avast Improves Phishing Detection | Avast
32. Popular Data Storage Devices Compromised Due to Flawed Security
33. Phishing Training is a Tool, Not a Solution
34. U.S. Chip Cards Are Being Compromised in the Millions:
35. What is behind the growing trend of business email compromise attacks? Learn more from expert Michael Cobb of @thehairyITdog.
36. The History of Data Breaches
37. Cisco Inadvertently Leaked In-House Dirty COW Exploit Code In Its Software
38. Emotet Campaign Ramps Up with Mass Email Harvesting Module
39. Reported breaches in the first 9 months of 2018 exposed 3.6 billion records
40. ADHA privacy boss reportedly quits as My Health Record faces first big test

THREATS

41. Cylance: Spy campaign targeting Pakistani officials installs malware, then surrenders
42. Hackers Abuse Critical Bug in Microsoft Office Online Video Feature To Deliver Malware
43. Hacking the hackers – IOT botnet author adds his own backdoor on top of a ZTE router backdoor
44. How CIOs can manage blockchain security: 4 tips
45. Malware-Laced App Lurked on Google Play For a Year
46. DJI Drone Web App Security Flaw Could Let Attackers Take Over Drones
47. CVE-2018-6981, CVE-2018-6982: uninitialized stack memory usage vulnerabilities on VMware ESXi, Workstation, and Fusion
48. Unable to remember his password, man sent letter bomb to Bitcoin exchange
49. Flaw in WordPress plugin allowed unauthorized admin access, backdoors
50. Steam Bug Allowed Unlimited Free Downloads
51. Malware of the 90s: Remembering the Michelangelo and Melissa viruses
52. Steam bug exposes license keys for every game available on platform
53. A new malware that targets #cryptocurrency investors through #MacOS and chat platforms was recently discovered. Learn how this #malware works
54. Hide and Script: Inserted Malicious URLs within Office Documents’ Embedded Videos
55. Google’s data charts path to avoiding malware on Android
56. Botnet pwns 100,000 routers using ancient security flaw
57. Used Data Storage Devices Have Security Flaws
58. Patched-up Adobe ColdFusion vulnerability exploited by hackers
59. U.S. Cyber Command #malware samples will be shared to #VirusTotal by the Cyber National Mission Force and one expert said
60. Cryptomining malware using Windows Installer to remain hidden
61. #SamSam #ransomware targeted 67 organizations in 2018, according to @symantec research. By @MaddieBacon11
62. Chinese Head Fired After Cryptomining at School
63. A critical flaw in GDPR compliance plugin for WordPress exploited in the wild
64. An #Android app booby-trapped with #malware was recently taken down from Google Play — after being available for download for
65. New Acunetix Build Adds Detection for CSP, SRI, Node.js, and Ghostscript RCE Vulnerabilities
66. Cisco ASA Security Product Denial-of-Service Vulnerability (CVE-2018-15454) Threat Alert
67. Norway’s IT industry must tackle security vulnerabilities
68. In this week’s ShadowTalk, the team debates the benefits/drawbacks of bug bounty programs, how you should consider operational value when
69. How does new MacOS malware target users through chat?
70. Elon Musk BITCOIN Twitter scam, a simple and profitable fraud for crooks
71. How does your enterprise ensure a secure #ApplicationSecurityTesting process?
72. Happy #Monday, #CyberSecurity folks! Catch up on the #blog, and discover how fileless #malware is changing how organizations treat
73. Hackers Exploit Flaw in GDPR Compliance Plugin for WordPress
74. Ransomware Assault Strikes Toronto Company, which Sells Data Belonging to Ontario Residents
75. Unearthing Ransomware Characteristics Using Classification Taxonomy
76. Overt Command and Control is now live! Check out @william_knows & @nmonkee's talk at this year's #BlueHatv18 exploring the reality
77. Multiple Vulnerabilities Discovered In Roche Handheld Medical Devices
78. DOD file sharing tool disabled due to vulnerability

CRIME

79. Cylance: Spy campaign targeting Pakistani officials installs malware, then surrenders
80. StatCounter Compromise
81. Flaw in WordPress plugin allowed unauthorized admin access, backdoors
82. Third-party data breach exposes info of Alabama hospital job applicants
83. What is behind the growing trend of business email compromise attacks? Learn more from expert Michael Cobb of @thehairyITdog.
84. Chinese Head Fired After Cryptomining at School
85. A critical flaw in GDPR compliance plugin for WordPress exploited in the wild
86. IT threat evolution Q3 2018. Statistics
87. IT threat evolution Q3 2018
88. Elon Musk BITCOIN Twitter scam, a simple and profitable fraud for crooks

POLITICS

89. Cylance: Spy campaign targeting Pakistani officials installs malware, then surrenders
90. France seeks Global Talks on Cyberspace security and a “code of good conduct”
91. IT threat evolution Q3 2018
92. Ransomware Assault Strikes Toronto Company, which Sells Data Belonging to Ontario Residents