Daily brief for 2018-11-14
ASIA
- 1,000 Bitcoins Ransom Asked from Media Prima After Successful Ransomware Attack
- Weekly Threat Briefing: Adobe ColdFusion Servers Under Attack from APT Group
- Google services collapsed due to BGP leak
- Google services collapsed due to BGP leak
- Chinese APT Group Exploit Fixed Critical Adobe ColdFusion Vulnerability On Unpatched Servers
- CVE-2018-15961: Adobe ColdFusion Flaw exploited in attacks in the wild
- How Threat Intelligence Prioritizes Risk in Vulnerability Management
- Cathay Apologizes Over Data Breach but Denies Cover-up
- Operation FastCash
- Magecart- The Card-Skimming Group and Its Many Faces
- AVEVA InduSoft Web Studio and InTouch Edge HMI Critical Vulnerabilities Threat Alert
- Facebook flaw could have exposed private info of users and their friends
- BDO Unibank Warned its Customers to Remain Beware from New Phishing Scheme
WORLD
- Did you by chance hack OPM back in 2015? Good news, your password probably still works!
- Weekly Threat Briefing: Adobe ColdFusion Servers Under Attack from APT Group
- French Data Protection Authority Issues Guidance on Interaction of Blockchain Technology with GDPR
- Google services collapsed due to BGP leak
- Google services collapsed due to BGP leak
- How Threat Intelligence Prioritizes Risk in Vulnerability Management
- Monitoring file output for malicious code 'could have stopped BA attack more quickly'
- Magecart- The Card-Skimming Group and Its Many Faces
- Infowars Store Affected by Magecart Credit Card Stealing Hack
- Australian Senate extends My Health Record opt-out period
- Alex Jones’ Infowars store was infected with credit card skimming software
- Beers with Talos Ep. #41: Sex, money and malware
- AVEVA InduSoft Web Studio and InTouch Edge HMI Critical Vulnerabilities Threat Alert
- Facebook flaw could have exposed private info of users and their friends
- A 100k routers around the world are on the botnet to conduct emails spam
- Big Game Hunting: The Evolution of INDRIK SPIDER From Dridex Wire Fraud to BitPaymer Targeted Ransomware
ATTACKS
- 21K Donors Had Their Personal Info Leaked Following Kars4Kids Data Breach
- Did you by chance hack OPM back in 2015? Good news, your password probably still works!
- Google services collapsed due to BGP leak
- Google services collapsed due to BGP leak
- Facebook vulnerability could have leaked your private information – again
- Cathay Apologizes Over Data Breach but Denies Cover-up
- Business Email Compromise - When You Don’t Need to Phish:
- Is it time to change your password? Check out this list of the 25 worst passwords for 2018 and make
- Australian Senate extends My Health Record opt-out period
- Support wouldn’t change his password, so he mailed them a bomb
- The July edition of Beazley Breach Insights found that business email compromise attacks have been rising steadily. Is business email
- Microsoft covertly collects personal data from enterprise Office ProPlus users
- Facebook flaw could have exposed private info of users and their friends
- Hunt finally submits to My Health Record arm-twists as opt-out window extended
- This year’s success adds to @MWRLabs’ #Pwn2Own existing track record, which includes demo attacks against Chrome.
- The @mwrlabs research team used zero-day vulnerabilities to compromise smart phones from Xiaomi and Samsung.
- Public get Warning from Scotts Bluff County Sheriff’s Office about a Phishing Email Scam
- BDO Unibank Warned its Customers to Remain Beware from New Phishing Scheme
- Healthcare.gov Health Data Breach Exposes Personal Data
- Facebook Patches Another Vulnerability That Exposed User’s Private Information
- Senate votes to extend My Health Record opt-out to January 31
THREATS
- 'Mylobot' botnet now downloading second-stage malware meant to siphon data
- FlawedAmmy, the Only RAT in CheckPoint’s Global Threat Index 2018 List
- Bitcoin Giveaway Scam Balloons, with Google the Latest Victim
- Microsoft Patches RCE Vulnerabilities in Word, Excel, and Windows Search
- 1,000 Bitcoins Ransom Asked from Media Prima After Successful Ransomware Attack
- Ad-Injecting Mac Malware Rediscovered
- French Data Protection Authority Issues Guidance on Interaction of Blockchain Technology with GDPR
- Siemens Patches Firewall Flaw That Put Operations at Risk
- Chinese APT Group Exploit Fixed Critical Adobe ColdFusion Vulnerability On Unpatched Servers
- Facebook vulnerability could have leaked your private information – again
- Cyber espionage group used CVE-2018-8589 Windows Zero-Day in Middle East Attacks
- CVE-2018-15961: Adobe ColdFusion Flaw exploited in attacks in the wild
- How Threat Intelligence Prioritizes Risk in Vulnerability Management
- Monitoring file output for malicious code 'could have stopped BA attack more quickly'
- Hackers Taking Over Websites Due to WordPress GDPR Plugin Flaw
- November 2018 Patch Tuesday: Microsoft fixes 63 flaws, one actively exploited zero-day
- It's Amateur Hour In The World Of Spyware And Victims Will Pay The Price
- Cryptojacking, Mobile Malware Growing Threats to the Enterprise
- A bypass was found by @okta researchers that allows #macOS #malware to pose as @Apple files despite needing to be
- Siemens Releases 7 Advisories for SIMATIC, SCALANCE Vulnerabilities
- Targeted ransomware attacks – SophosLabs 2019 Threat Report
- Why cryptojacking malware is a bigger threat to your PC than you realise
- Adobe Patch Tuesday updates for November 2018 fix known Acrobat flaw
- Don’t fall for fake NEO, Tether and MetaMask cryptocurrency wallets on Google Play
- Researchers recently discovered a new #MacOS #malware that targets #cryptocurrency investors through chat platforms. Discover how this is possible and
- Zero-day Windows exploit fix stars in November Patch Tuesday
- Holiday Shopping Tip 1: Inoculate Your Computer
You need to protect against malware with regular updates to your anti-virus program and
- Researchers demo how machine learning can be used to track Gh0st RAT variants
- This remote access trojan just popped up on malware's most wanted list
- Microsoft's Patch Tuesday addresses Zero Day vulnerabilities
- Do you believe that the application #security vetting process would benefit from the addition of an entropy source?
- Facebook reportedly fixes search bug that could have threatened user privacy
- How does signed software help mitigate malware?
- CyberSecurity Asean security alert on A Vulnerability in Cisco Unity Express Could Allow for Arbitrary Code Execution
- November Patch Tuesday Fixes Another Zero-Day Win32k Bug, Other Public Vulnerabilities
- Beers with Talos Ep. #41: Sex, money and malware
- AVEVA InduSoft Web Studio and InTouch Edge HMI Critical Vulnerabilities Threat Alert
- A #bug allowing websites to capture private data from Facebook users through Chrome has been discovered:
- Microsoft Patches Windows Zero-Day Exploited in Cyber Attacks
- Cyber security is a process: Prevent, Detect, Respond, Predict. @5ean5ullivan @FSecure @ohjelmisto_ry
- Are you safe on social? "Countering the Social Hack" a 5-step process from ZF CEO @FirstNameFoster in @BRINKNewsNow
- 7 New Meltdown and Spectre-type CPU Flaws Affect Intel, AMD, ARM CPUs
- APT Group Uses Windows Zero-Day in Middle East Attacks
- Facebook flaw could have exposed private info of users and their friends
- A new exploit for zero-day vulnerability CVE-2018-8589
- Bitcoin fraud on the official Twitter account of Google GSuite
- Adobe November Security Update: fixes multiple vulnerabilities in its products
- Microsoft Released Security Updates & Fixed More than 60 Vulnerabilities Along with Active Windows Zero day
- Ransomware is the leading cyber threat experienced by SMBs
- FlawedAmmy: Dangerous RAT enteres most wanted malware list
- The @mwrlabs research team used zero-day vulnerabilities to compromise smart phones from Xiaomi and Samsung.
- Exploits confirmed!
Congrats to F-Secure’s @MWRLabs team for another great #Pwn2Own performance. @thezdi
- New Press Release: Team from @FSecure's @MWRLabs demos exploits for previously undisclosed vulnerabilities at Mobile #Pwn2Own competition -
- Facebook Patches Another Vulnerability That Exposed User’s Private Information
- Key takeaways from Datto’s State of the Channel Ransomware Report 2018
- 63 New Flaws (Including 0-Days) Windows Users Need to Patch Now
- Card skimming malware removed from Infowars online store
- Big Game Hunting: The Evolution of INDRIK SPIDER From Dridex Wire Fraud to BitPaymer Targeted Ransomware
- Confirmed! The @mwrlabs team used a download bug along with a silent app installation to load their custom app and
CRIME
- Bitcoin Giveaway Scam Balloons, with Google the Latest Victim
- Weekly Threat Briefing: Adobe ColdFusion Servers Under Attack from APT Group
- Magecart Cybercrime Groups Harvest Payment Card Data
- French Data Protection Authority Issues Guidance on Interaction of Blockchain Technology with GDPR
- Operation FastCash
- Business Email Compromise - When You Don’t Need to Phish:
- Magecart- The Card-Skimming Group and Its Many Faces
- A Large Retailer Responds to #DDoS Extortion: To Pay or Not to Pay?
- Australian Senate extends My Health Record opt-out period
- The July edition of Beazley Breach Insights found that business email compromise attacks have been rising steadily. Is business email
- Beers with Talos Ep. #41: Sex, money and malware
- Bitcoin fraud on the official Twitter account of Google GSuite
- Adobe November Security Update: fixes multiple vulnerabilities in its products
- Public get Warning from Scotts Bluff County Sheriff’s Office about a Phishing Email Scam
- BDO Unibank Warned its Customers to Remain Beware from New Phishing Scheme
- Healthcare.gov Health Data Breach Exposes Personal Data
- Big Game Hunting: The Evolution of INDRIK SPIDER From Dridex Wire Fraud to BitPaymer Targeted Ransomware
POLITICS
- FlawedAmmy, the Only RAT in CheckPoint’s Global Threat Index 2018 List
- Weekly Threat Briefing: Adobe ColdFusion Servers Under Attack from APT Group
- Cyber espionage group used CVE-2018-8589 Windows Zero-Day in Middle East Attacks
- CVE-2018-15961: Adobe ColdFusion Flaw exploited in attacks in the wild
- Alex Jones’ Infowars store was infected with credit card skimming software