Daily brief for 2018-11-14

ASIA

1. 1,000 Bitcoins Ransom Asked from Media Prima After Successful Ransomware Attack
2. Weekly Threat Briefing: Adobe ColdFusion Servers Under Attack from APT Group
3. Google services collapsed due to BGP leak
4. Google services collapsed due to BGP leak
5. Chinese APT Group Exploit Fixed Critical Adobe ColdFusion Vulnerability On Unpatched Servers
6. CVE-2018-15961: Adobe ColdFusion Flaw exploited in attacks in the wild
7. How Threat Intelligence Prioritizes Risk in Vulnerability Management
8. Cathay Apologizes Over Data Breach but Denies Cover-up
9. Operation FastCash
10. Magecart- The Card-Skimming Group and Its Many Faces
11. AVEVA InduSoft Web Studio and InTouch Edge HMI Critical Vulnerabilities Threat Alert
12. Facebook flaw could have exposed private info of users and their friends
13. BDO Unibank Warned its Customers to Remain Beware from New Phishing Scheme

WORLD

14. Did you by chance hack OPM back in 2015? Good news, your password probably still works!
15. Weekly Threat Briefing: Adobe ColdFusion Servers Under Attack from APT Group
16. French Data Protection Authority Issues Guidance on Interaction of Blockchain Technology with GDPR
17. Google services collapsed due to BGP leak
18. Google services collapsed due to BGP leak
19. How Threat Intelligence Prioritizes Risk in Vulnerability Management
20. Monitoring file output for malicious code 'could have stopped BA attack more quickly'
21. Magecart- The Card-Skimming Group and Its Many Faces
22. Infowars Store Affected by Magecart Credit Card Stealing Hack
23. Australian Senate extends My Health Record opt-out period
24. Alex Jones’ Infowars store was infected with credit card skimming software
25. Beers with Talos Ep. #41: Sex, money and malware
26. AVEVA InduSoft Web Studio and InTouch Edge HMI Critical Vulnerabilities Threat Alert
27. Facebook flaw could have exposed private info of users and their friends
28. A 100k routers around the world are on the botnet to conduct emails spam
29. Big Game Hunting: The Evolution of INDRIK SPIDER From Dridex Wire Fraud to BitPaymer Targeted Ransomware

ATTACKS

30. 21K Donors Had Their Personal Info Leaked Following Kars4Kids Data Breach
31. Did you by chance hack OPM back in 2015? Good news, your password probably still works!
32. Google services collapsed due to BGP leak
33. Google services collapsed due to BGP leak
34. Facebook vulnerability could have leaked your private information – again
35. Cathay Apologizes Over Data Breach but Denies Cover-up
36. Business Email Compromise - When You Don’t Need to Phish:
37. Is it time to change your password? Check out this list of the 25 worst passwords for 2018 and make
38. Australian Senate extends My Health Record opt-out period
39. Support wouldn’t change his password, so he mailed them a bomb
40. The July edition of Beazley Breach Insights found that business email compromise attacks have been rising steadily. Is business email
41. Microsoft covertly collects personal data from enterprise Office ProPlus users
42. Facebook flaw could have exposed private info of users and their friends
43. Hunt finally submits to My Health Record arm-twists as opt-out window extended
44. This year’s success adds to @MWRLabs’ #Pwn2Own existing track record, which includes demo attacks against Chrome.
45. The @mwrlabs research team used zero-day vulnerabilities to compromise smart phones from Xiaomi and Samsung.
46. Public get Warning from Scotts Bluff County Sheriff’s Office about a Phishing Email Scam
47. BDO Unibank Warned its Customers to Remain Beware from New Phishing Scheme
48. Healthcare.gov Health Data Breach Exposes Personal Data
49. Facebook Patches Another Vulnerability That Exposed User’s Private Information
50. Senate votes to extend My Health Record opt-out to January 31

THREATS

51. 'Mylobot' botnet now downloading second-stage malware meant to siphon data
52. FlawedAmmy, the Only RAT in CheckPoint’s Global Threat Index 2018 List
53. Bitcoin Giveaway Scam Balloons, with Google the Latest Victim
54. Microsoft Patches RCE Vulnerabilities in Word, Excel, and Windows Search
55. 1,000 Bitcoins Ransom Asked from Media Prima After Successful Ransomware Attack
56. Ad-Injecting Mac Malware Rediscovered
57. French Data Protection Authority Issues Guidance on Interaction of Blockchain Technology with GDPR
58. Siemens Patches Firewall Flaw That Put Operations at Risk
59. Chinese APT Group Exploit Fixed Critical Adobe ColdFusion Vulnerability On Unpatched Servers
60. Facebook vulnerability could have leaked your private information – again
61. Cyber espionage group used CVE-2018-8589 Windows Zero-Day in Middle East Attacks
62. CVE-2018-15961: Adobe ColdFusion Flaw exploited in attacks in the wild
63. How Threat Intelligence Prioritizes Risk in Vulnerability Management
64. Monitoring file output for malicious code 'could have stopped BA attack more quickly'
65. Hackers Taking Over Websites Due to WordPress GDPR Plugin Flaw
66. November 2018 Patch Tuesday: Microsoft fixes 63 flaws, one actively exploited zero-day
67. It's Amateur Hour In The World Of Spyware And Victims Will Pay The Price
68. Cryptojacking, Mobile Malware Growing Threats to the Enterprise
69. A bypass was found by @okta researchers that allows #macOS #malware to pose as @Apple files despite needing to be
70. Siemens Releases 7 Advisories for SIMATIC, SCALANCE Vulnerabilities
71. Targeted ransomware attacks – SophosLabs 2019 Threat Report
72. Why cryptojacking malware is a bigger threat to your PC than you realise
73. Adobe Patch Tuesday updates for November 2018 fix known Acrobat flaw
74. Don’t fall for fake NEO, Tether and MetaMask cryptocurrency wallets on Google Play
75. Researchers recently discovered a new #MacOS #malware that targets #cryptocurrency investors through chat platforms. Discover how this is possible and
76. Zero-day Windows exploit fix stars in November Patch Tuesday
77. Holiday Shopping Tip 1: Inoculate Your Computer You need to protect against malware with regular updates to your anti-virus program and
78. Researchers demo how machine learning can be used to track Gh0st RAT variants
79. This remote access trojan just popped up on malware's most wanted list
80. Microsoft's Patch Tuesday addresses Zero Day vulnerabilities
81. Do you believe that the application #security vetting process would benefit from the addition of an entropy source?
82. Facebook reportedly fixes search bug that could have threatened user privacy
83. How does signed software help mitigate malware?
84. CyberSecurity Asean security alert on A Vulnerability in Cisco Unity Express Could Allow for Arbitrary Code Execution
85. November Patch Tuesday Fixes Another Zero-Day Win32k Bug, Other Public Vulnerabilities
86. Beers with Talos Ep. #41: Sex, money and malware
87. AVEVA InduSoft Web Studio and InTouch Edge HMI Critical Vulnerabilities Threat Alert
88. A #bug allowing websites to capture private data from Facebook users through Chrome has been discovered:
89. Microsoft Patches Windows Zero-Day Exploited in Cyber Attacks
90. Cyber security is a process: Prevent, Detect, Respond, Predict. @5ean5ullivan @FSecure @ohjelmisto_ry
91. Are you safe on social? "Countering the Social Hack" a 5-step process from ZF CEO @FirstNameFoster in @BRINKNewsNow
92. 7 New Meltdown and Spectre-type CPU Flaws Affect Intel, AMD, ARM CPUs
93. APT Group Uses Windows Zero-Day in Middle East Attacks
94. Facebook flaw could have exposed private info of users and their friends
95. A new exploit for zero-day vulnerability CVE-2018-8589
96. Bitcoin fraud on the official Twitter account of Google GSuite
97. Adobe November Security Update: fixes multiple vulnerabilities in its products
98. Microsoft Released Security Updates & Fixed More than 60 Vulnerabilities Along with Active Windows Zero day
99. Ransomware is the leading cyber threat experienced by SMBs
100. FlawedAmmy: Dangerous RAT enteres most wanted malware list
101. The @mwrlabs research team used zero-day vulnerabilities to compromise smart phones from Xiaomi and Samsung.
102. Exploits confirmed! Congrats to F-Secure’s @MWRLabs team for another great #Pwn2Own performance. @thezdi
103. New Press Release: Team from @FSecure's @MWRLabs demos exploits for previously undisclosed vulnerabilities at Mobile #Pwn2Own competition -
104. Facebook Patches Another Vulnerability That Exposed User’s Private Information
105. Key takeaways from Datto’s State of the Channel Ransomware Report 2018
106. 63 New Flaws (Including 0-Days) Windows Users Need to Patch Now
107. Card skimming malware removed from Infowars online store
108. Big Game Hunting: The Evolution of INDRIK SPIDER From Dridex Wire Fraud to BitPaymer Targeted Ransomware
109. Confirmed! The @mwrlabs team used a download bug along with a silent app installation to load their custom app and

CRIME

110. Bitcoin Giveaway Scam Balloons, with Google the Latest Victim
111. Weekly Threat Briefing: Adobe ColdFusion Servers Under Attack from APT Group
112. Magecart Cybercrime Groups Harvest Payment Card Data
113. French Data Protection Authority Issues Guidance on Interaction of Blockchain Technology with GDPR
114. Operation FastCash
115. Business Email Compromise - When You Don’t Need to Phish:
116. Magecart- The Card-Skimming Group and Its Many Faces
117. A Large Retailer Responds to #DDoS Extortion: To Pay or Not to Pay?
118. Australian Senate extends My Health Record opt-out period
119. The July edition of Beazley Breach Insights found that business email compromise attacks have been rising steadily. Is business email
120. Beers with Talos Ep. #41: Sex, money and malware
121. Bitcoin fraud on the official Twitter account of Google GSuite
122. Adobe November Security Update: fixes multiple vulnerabilities in its products
123. Public get Warning from Scotts Bluff County Sheriff’s Office about a Phishing Email Scam
124. BDO Unibank Warned its Customers to Remain Beware from New Phishing Scheme
125. Healthcare.gov Health Data Breach Exposes Personal Data
126. Big Game Hunting: The Evolution of INDRIK SPIDER From Dridex Wire Fraud to BitPaymer Targeted Ransomware

POLITICS

127. FlawedAmmy, the Only RAT in CheckPoint’s Global Threat Index 2018 List
128. Weekly Threat Briefing: Adobe ColdFusion Servers Under Attack from APT Group
129. Cyber espionage group used CVE-2018-8589 Windows Zero-Day in Middle East Attacks
130. CVE-2018-15961: Adobe ColdFusion Flaw exploited in attacks in the wild
131. Alex Jones’ Infowars store was infected with credit card skimming software