Daily brief for 2018-11-15

ASIA

1. Ransomware Continues to Be Top Threat to Small Companies
2. Cloud, China, Generic Malware Top Security Concerns for 2019
3. Chinese TEMP.Periscope cyberespionage group was using TTPs associated with Russian APTs
4. Two whitehats receive $60,000 in rewards for successfully finding iOS 12.1 vulnerabilities
5. VMware Virtual Machine Escape Vulnerabilities (CVE-2018-6981 and CVE-2018-6982) Threat Alert
6. Cisco Stealthwatch Management Console and Unity Express Critical Vulnerabilities Threat Alert
7. Ransomware Attack Strikes Media Prima
8. WannaCry Still Impacts Thousands of Systems Every Month
9. The ABC of the Hong Kong tech scene: A - AI, B - blockchain, C - cloud

WORLD

10. Survey Says: Bad PR Due to Data Breach News, Very Bad for Businesses
11. Compromising vital infrastructure: air traffic control
12. Man Sends Bomb to Cryptopay for Denying a Password Change Request
13. Suspected Russian cybercriminal arrested in Bulgaria at U.S. request, lawyer says
14. Phishing Attack Causes Breach at Southwest Washington Regional Surgery Center
15. RiskIQ’s 2018 Black Friday E-commerce Blacklist: Key Intel for This Year’s Mega Shopping Weekend
16. Brazilian Users Under Attack From Metamorfo Banking Trojan
17. Today #GroupIB detected a massive phishing campaign sent to Russian banks from a fake email address purporting to belong to
18. Report: Microsoft’s enterprise products covertly gather personal data on users
19. Massive Data Leaks Keep Happening Because Big Companies Can Afford to Lose Your Data
20. Chinese TEMP.Periscope cyberespionage group was using TTPs associated with Russian APTs
21. Skimmed BA and Newegg Customer Card Details Up for Sale
22. Two whitehats receive $60,000 in rewards for successfully finding iOS 12.1 vulnerabilities
23. InfoWars online store hit by Magecart
24. Alex Jones's InfoWars online store hit by Magecart
25. Cryptocurrency fraud is the exception, not the rule
26. What is the impact of cyber espionage? @MikaSusiEK from Confederation of Finnish Industries EK discusses, how to tackle the growing
27. WannaCry Still Impacts Thousands of Systems Every Month
28. Data breach at Nordstrom
29. 63 new vulnerabilities found in Windows
30. My Health Record remains opt-out as Senate passes privacy amendments

ATTACKS

31. My Health Record extension highlights lingering security, privacy concerns
32. G Suite Adds Advanced Password Controls
33. Firefox Now Alerts You of Website Data Breaches While You're Browsing the Web
34. Survey Says: Bad PR Due to Data Breach News, Very Bad for Businesses
35. Man Sends Bomb to Cryptopay for Denying a Password Change Request
36. Firefox warns if the website you're visiting suffered a data breach
37. Phishing Attack Causes Breach at Southwest Washington Regional Surgery Center
38. 20% of MageCart-compromised merchants get reinfected within days
39. 20% of MageCart-compromised merchants get reinfected within days
40. 5 Ways #Cybercriminals Can Access Your Emails Without #Phishing [Infographic]:
41. Phishing Emails with .COM Extensions Are Hitting Finance Departments
42. Today #GroupIB detected a massive phishing campaign sent to Russian banks from a fake email address purporting to belong to
43. Report: Microsoft’s enterprise products covertly gather personal data on users
44. Massive Data Leaks Keep Happening Because Big Companies Can Afford to Lose Your Data
45. A #phishing campaign was recently found to be hijacking the traffic of @Trezor user #cryptocurrency wallets. Learn how such an
46. Phishing fraudsters set their sights on online storage portals
47. Law firm uncovers exposed sensitive details about top attorney online. @mazzazone gives the details:
48. 'DarkGate' miner, password-stealer could open up world of hurt for Windows users
49. #tRat: New modular #RAT appears in multiple email campaigns: http://ow.ly/1nsX50jHzgd via the Proofpoint @threatinsight research team.
50. Learn why @Google chose U2F authentication over OTP to eliminate #PhishingEmails from expert Michael Cobb of @thehairyITdog.
51. Nordstrom is notifying employees of a data breach that exposed their personal information, including names, Social Security numbers, dates of
52. Vade Secure launches IsItPhishing Threat Detection to help SOCs identify phishing URLs
53. Data breach at Nordstrom
54. My Health Record remains opt-out as Senate passes privacy amendments
55. Symantec Honored for its Collaboration With Leading Industry Group to Protect Against Business Email Compromise Scams
56. Smashing Security #104: The world’s most evil phishing test, and cyborgs in the workplace

THREATS

57. Should Windows Users Worry About Ransomware in 2019?
58. Proofpoint: Hackers testing new reconnaissance malware on financial institutions
59. A RAT Just Made It in the Global Threat Index’s Top 10
60. 500 Percent Increase in macOS/iOS Ransomware Attacks During 1H 2018
61. Vulnerability: Emojis can kill Skype for Business
62. Ransomware Continues to Be Top Threat to Small Companies
63. Ahead of Black Friday, Rash of Malware Families Takes Aim at Holiday Shoppers
64. Cyber Crooks Diversify Business with Multi-Intent Malware
65. Linux Based Crypto-Mining Malware
66. Cloud, China, Generic Malware Top Security Concerns for 2019
67. Brazilian Users Under Attack From Metamorfo Banking Trojan
68. #WebCache poisoning poses a serious threat to #BrowserSecurity. Learn how #hackers can use unkeyed inputs for malicious intent from expert
69. 14 Malware Families Targeting E-Commerce Brands Ahead of Black Friday
70. Official Google Twitter account hacked in Bitcoin scam
71. IRCTC Free Insurance Bug That Puts Millions of Passenger Data Under Risk
72. A #phishing campaign was recently found to be hijacking the traffic of @Trezor user #cryptocurrency wallets. Learn how such an
73. Unpatched Microsoft Word Video Feature Vulnerability is Being Exploited In The Wild
74. 7 New Meltdown and Spectre Level Vulnerabilities Discovered that Affected ARM, Intel & AMD CPU’s
75. How is the Trezor cryptocurrency online wallet under attack?
76. Two whitehats receive $60,000 in rewards for successfully finding iOS 12.1 vulnerabilities
77. VMware Virtual Machine Escape Vulnerabilities (CVE-2018-6981 and CVE-2018-6982) Threat Alert
78. Cisco Stealthwatch Management Console and Unity Express Critical Vulnerabilities Threat Alert
79. #tRat: New modular #RAT appears in multiple email campaigns: http://ow.ly/1nsX50jHzgd via the Proofpoint @threatinsight research team.
80. Popular AMP Plugin for WordPress Patches Critical Flaw – Update Now
81. Cryptocurrency fraud is the exception, not the rule
82. Fake cryptocurrency Wallets Apps on Google Play Steal User Credentials and Mimic as Legitimate Wallets
83. Ransomware Attack Strikes Media Prima
84. Access Control Acronyms: ACL, RBAC, ABAC, PBAC, RAdAC, and a Dash of CBAC
85. Carpet (IT) to Concrete (OT) – The Evolution of Internet-Based Malware
86. Is Your Vulnerability Management Program Efficient and Successful?
87. Creating and Analyzing a Malicious PDF File with PDF-Parser Tool
88. Find vulnerabilities using nikto
89. Facebook fixed a new security bug
90. 63 new vulnerabilities found in Windows
91. I forgot to follow up on this… According to Apple, the process could take up to 7 days. It
92. Cryptowerk introduces blockchain-based technology to certify data integrity of digital assets
93. The ABC of the Hong Kong tech scene: A - AI, B - blockchain, C - cloud

CRIME

94. My Health Record extension highlights lingering security, privacy concerns
95. Proofpoint: Hackers testing new reconnaissance malware on financial institutions
96. Man Sends Bomb to Cryptopay for Denying a Password Change Request
97. Suspected Russian cybercriminal arrested in Bulgaria at U.S. request, lawyer says
98. Ransomware Continues to Be Top Threat to Small Companies
99. Phishing Attack Causes Breach at Southwest Washington Regional Surgery Center
100. RiskIQ’s 2018 Black Friday E-commerce Blacklist: Key Intel for This Year’s Mega Shopping Weekend
101. Phishing Emails with .COM Extensions Are Hitting Finance Departments
102. Official Google Twitter account hacked in Bitcoin scam
103. Chinese TEMP.Periscope cyberespionage group was using TTPs associated with Russian APTs
104. Skimmed BA and Newegg Customer Card Details Up for Sale
105. Cryptocurrency fraud is the exception, not the rule
106. Symantec Honored for its Collaboration With Leading Industry Group to Protect Against Business Email Compromise Scams

POLITICS

107. Compromising vital infrastructure: air traffic control
108. Chinese TEMP.Periscope cyberespionage group was using TTPs associated with Russian APTs
109. What is the impact of cyber espionage? @MikaSusiEK from Confederation of Finnish Industries EK discusses, how to tackle the growing
110. Facebook fixed a new security bug