Daily brief for 2018-11-13

ASIA

1. Premier Media Conglomerate of Malaysia, Falls for Ransomware Infection
2. Scare Force: Pakistan military hit by Operation Shaheen malware
3. Pakistan Military Hit By Operation Shaheen Malware
4. Sophisticated cyber-espionage campaign targeting Pakistani government and air force
5. Chinese Threat Actor TEMP.Periscope Targets UK-Based Engineering Company Using Russian APT Techniques
6. It’s Amateur Hour in the World of Spyware and Victims Will Pay the Price
7. Using Machine Learning to Cluster Malicious Network Flows From Gh0st RAT Variants
8. Google Services down due to BGP leak, traffic hijacked through Russia, China, and Nigeria
9. Sophisticated Campaign Targets Pakistan's Air Force
10. Google Services Inaccessible Due to BGP Leak

WORLD

11. Cathay Pacific In Hot Water: Data Breach Started March 2018, Not October 2018
12. Premier Media Conglomerate of Malaysia, Falls for Ransomware Infection
13. The Cybersecurity Tech Accord endorses the Paris Call
14. That Domain You Forgot to Renew? Yeah, it’s Now Stealing Credit Cards
15. Target and other high profile Twitter accounts exploited for cryptocurrency scams
16. The Ontario Cannabis Store has reported a data breach that took place Nov. 1 through the Canada Post and affected
17. Chinese Threat Actor TEMP.Periscope Targets UK-Based Engineering Company Using Russian APT Techniques
18. What’s on Our Minds for 2019? Key Themes from the RSA Speaker Selection Process
19. It’s Amateur Hour in the World of Spyware and Victims Will Pay the Price
20. Inside Magecart: RiskIQ and Flashpoint Release Comprehensive Report on the Assault on E-Commerce
21. The Tactic Cybercriminals Use to Steal Bitcoin
22. Attacker hijacks Elon Musk Twitter account to implement fake bitcoin fraud
23. U.S. Cyber Command #malware samples will be shared to #VirusTotal by the Cyber National Mission Force and one expert said
24. Google Services down due to BGP leak, traffic hijacked through Russia, China, and Nigeria
25. Google Services Inaccessible Due to BGP Leak
26. Check Point Researchers Reported Vulnerabilities in Market-Leading Drone Platform, Enabling Manufacturer to Bolster Security
27. WebCobra Malware Uses Victims’ Computers to Mine Cryptocurrency
28. WebCobra Malware Uses Victims’ Computers to Mine Cryptocurrency
29. Zero Day vulnerability in VirtualBox is disclosed
30. Compromised security in millions of cards in the US

ATTACKS

31. Cathay Pacific In Hot Water: Data Breach Started March 2018, Not October 2018
32. Cathay Says 'Most Intense' Period of Data Breach Lasted Months
33. Nordstrom Reveals Data Breach, Sensitive Employee Information Exposed
34. Nordstrom Data Breach Exposes Employee Information
35. Nordstrom Quick to Tell Employees of a Data Breach
36. Former Employee Accessed Medical Records For Nearly a Year
37. Why Gen Z has the most dangerous password practices
38. Sophisticated cyber-espionage campaign targeting Pakistani government and air force
39. Dropbox Account Phishing Campaign
40. The Ontario Cannabis Store has reported a data breach that took place Nov. 1 through the Canada Post and affected
41. Another Facebook Bug Could Have Exposed Your Private Information
42. Malvertising is what happens when attackers buy ad space in popular, legit websites and load them with ads infected by
43. Password manager: 85% want their password to be protected against hackers
44. Google Services down due to BGP leak, traffic hijacked through Russia, China, and Nigeria
45. Sophisticated Campaign Targets Pakistan's Air Force
46. How did @Google eliminate successful #PhishingAttacks? Learn how employees used U2F authentication and physical #SecurityKeys to defend against phishing from
47. Google Services Inaccessible Due to BGP Leak
48. To help you rule out the worst password ideas, FrontNet has put together a list of the 25 words passwords
49. Beware !! Worlds Most Active Malware Emotet Launching New Campaign With Malicious Word and PDF Attachments
50. Compromised security in millions of cards in the US
51. Leak: Windows 10 October Update will be re-launched tomorrow

THREATS

52. What MSPs can learn from Datto’s Channel Ransomware Report
53. Triton ICS Malware
54. Microsoft’s Patch Tuesday updates for November 2018 fix actively exploited Windows flaw
55. Microsoft Patches Zero-Day Bug in Win7, Server 2008 and 2008 R2
56. Fake Crypto Wallet Apps Discovered in Google Play, Built Using Drag-n-Drop
57. Microsoft Patches Actively Exploited Windows Vulnerability
58. Fixed Facebook Privacy Bug Could Have Allowed Bad Actors to Steal Personal Info
59. Microsoft patches Windows zero-day used by multiple cyber-espionage groups
60. Adobe Patches Disclosed Acrobat Vulnerability
61. Premier Media Conglomerate of Malaysia, Falls for Ransomware Infection
62. Scare Force: Pakistan military hit by Operation Shaheen malware
63. SAP Patches Critical Vulnerability in HANA Streaming Analytics
64. Facebook flaw opened your profile to data thieves
65. Adobe Releases Security Update for Acrobat Vulnerability with Public PoC
66. Unpatched Android OS Flaw Allows Adversaries to Track User Location
67. Microsoft Patch Tuesday Recap: 12 Critical Bugs Fixed
68. Adobe Fixes Acrobat and Reader Flaw With Publicly-Available PoC
69. Facebook Patches Another User Data Harvesting Bug
70. Pakistan Military Hit By Operation Shaheen Malware
71. That Domain You Forgot to Renew? Yeah, it’s Now Stealing Credit Cards
72. XSS Vulnerability in Evernote Allows Local File Execution
73. Vulnerabilities in Solid-State Drives Can Be Exploited to Decrypt Data
74. Side-Channel Vulnerability Could Be Exploited to Steal Data
75. Zero-Day Vulnerability in Cisco Products Could Cause DoS Condition
76. Attackers exploit flaw in GDPR-themed WordPress plugin to hijack websites
77. Facebook Bug Let Websites Access Private User Data
78. Microsoft November 2018 Patch Tuesday Fixes 12 Critical Vulnerabilities
79. Target and other high profile Twitter accounts exploited for cryptocurrency scams
80. Facebook patches another bug that could have allowed mass-harvesting of user data
81. What’s on Our Minds for 2019? Key Themes from the RSA Speaker Selection Process
82. It’s Amateur Hour in the World of Spyware and Victims Will Pay the Price
83. Why WannaCry ransomware is still a threat to your PC
84. Cryptocurrency Mining Malware uses Various Evasion Techniques.
85. Call Recorder App on Google Play with Over 5,000 Installs Contains Hidden Malware Dropper
86. Ransomware no. 1 cyberthreat to SMBs, and the average attack costs $47K
87. Microsoft Patch Tuesday — November 2018: Vulnerability disclosures and Snort coverage
88. The Tactic Cybercriminals Use to Steal Bitcoin
89. Another Facebook Bug Could Have Exposed Your Private Information
90. New #spam #botnet infected over 100,000 home routers through a UPnP vulnerability, according to researchers at @360Netlab. By @MaddieBacon11
91. #Gallmaker eschews custom malware, uses living off the land and publicly available #hack tools. Find out more:
92. Ransomware Attack on City of Muscatine Shutdown Several Servers
93. Using Machine Learning to Cluster Malicious Network Flows From Gh0st RAT Variants
94. How is Plead #malware used for #cyberespionage attacks? Learn more with Michael Cobb of @thehairyITdog.
95. Attacker hijacks Elon Musk Twitter account to implement fake bitcoin fraud
96. U.S. Cyber Command #malware samples will be shared to #VirusTotal by the Cyber National Mission Force and one expert said
97. Microsoft Word Doc bug using online video feature found in wild
98. Check Point Researchers Reported Vulnerabilities in Market-Leading Drone Platform, Enabling Manufacturer to Bolster Security
99. Beware !! Worlds Most Active Malware Emotet Launching New Campaign With Malicious Word and PDF Attachments
100. Data61 and CBA demonstrate blockchain welfare payments
101. WebCobra Malware Uses Victims’ Computers to Mine Cryptocurrency
102. WebCobra Malware Uses Victims’ Computers to Mine Cryptocurrency
103. 12 Warning Signs That Help Identify Malware Infection
104. Zero Day vulnerability in VirtualBox is disclosed
105. Illegal cryptocurrency mining
106. Twitter grapples with fake Elon Musk accounts promoting bitcoin scams

CRIME

107. Premier Media Conglomerate of Malaysia, Falls for Ransomware Infection
108. Magecart Cybercrime Groups Mass Harvest Payment Card Data
109. Seven Hacking Groups Operate Under “Magecart” Umbrella, Analysis Shows
110. That Domain You Forgot to Renew? Yeah, it’s Now Stealing Credit Cards
111. Nordstrom Quick to Tell Employees of a Data Breach
112. Chinese Threat Actor TEMP.Periscope Targets UK-Based Engineering Company Using Russian APT Techniques
113. Inside Magecart: RiskIQ and Flashpoint Release Comprehensive Report on the Assault on E-Commerce
114. ‘Inside Magecart’ Exposes the Operation Behind the Web’s Biggest E-Commerce Scourge
115. The Tactic Cybercriminals Use to Steal Bitcoin
116. How is Plead #malware used for #cyberespionage attacks? Learn more with Michael Cobb of @thehairyITdog.
117. Attacker hijacks Elon Musk Twitter account to implement fake bitcoin fraud
118. Compromised security in millions of cards in the US

POLITICS

119. Microsoft patches Windows zero-day used by multiple cyber-espionage groups
120. Sophisticated cyber-espionage campaign targeting Pakistani government and air force
121. Chinese Threat Actor TEMP.Periscope Targets UK-Based Engineering Company Using Russian APT Techniques
122. It’s Amateur Hour in the World of Spyware and Victims Will Pay the Price
123. How is Plead #malware used for #cyberespionage attacks? Learn more with Michael Cobb of @thehairyITdog.
124. Sophisticated Campaign Targets Pakistan's Air Force
125. Illegal cryptocurrency mining