Nov 17, 2018

Daily brief for 2018-11-16

ASIA

  1. InfoWars: Magecart Infection Points to 'Industrial Sabotage'
  2. China's Hack Attacks: An Economic Espionage Campaign
  3. Operation Shaheen – Pakistan Air Force members targeted by nation-state attackers
  4. Details of 170,000 Pakistani debit cards leaked on dark web
  5. Cyber News Rundown: Infowars Hacked by Card Skimmers
  6. This Week in Security News: Holiday Cybercriminals & Cryptomining Malware
  7. How to Stay One Step Ahead of Phishing Websites — Literally
  8. Group-IB presented latest cybercrime and nation-state hacking trends in Asia
  9. After early speculation of #malicious intent, experts said an accidental misconfiguration caused the BGP route leak that sent traffic destined
  10. Malaysia’s Largest Media Company Allegedly Suffers Ransomware Attack
  11. Hackers infect Malaysia’s largest media company with ransomware, then demand $6.45 million
  12. #GroupIB #ThreatIntelligence detected large set of compromised payment cards details that was put on sale on underground card shop on
  13. Google, US and Israeli politician Twitter accounts hijacked to promote 'Elon Musk' Bitcoin scam
  14. Two hacker groups attacked Russian banks posing as the Central Bank of Russia
  15. Apache Struts2 Commons FileUpload Deserialization Remote Code Execution Vulnerability (CVE-2016-100031)Threat Alert
  16. Mylobot Botnet Now Exfiltrates Data Using Second Stage Khalesi Trojan
  17. Looking Back at LogRhythm Labs' 2018 Predictions for Security - How Did We Do?

WORLD

  1. Russian APT comes back to life with new US spear-phishing campaign
  2. Cryptocurrency Trader Gets 15 Months of Jail for Stealing Bitcoin, Litecoin
  3. Stealthy DarkGate Cryptocurrency Mining and Ransomware Evades AV Detection
  4. Using Microsoft Powerpoint as Malware Dropper
  5. Operation Shaheen – Pakistan Air Force members targeted by nation-state attackers
  6. Analyzing OilRig’s Ops Tempo from Testing to Weaponization to Delivery
  7. Cyber News Rundown: Infowars Hacked by Card Skimmers
  8. Russian Banks Hit By Major Phishing Attacks
  9. This Week in Security News: Holiday Cybercriminals & Cryptomining Malware
  10. Scanning Akamai's Edge Servers for Vulnerabilities, Correctly
  11. Group-IB presented latest cybercrime and nation-state hacking trends in Asia
  12. After early speculation of #malicious intent, experts said an accidental misconfiguration caused the BGP route leak that sent traffic destined
  13. Russian banks hit by major phishing attacks from two hacker groups
  14. Cybaze ZLab- Yoroi team spotted a new variant of the APT28 Lojax rootkit
  15. Hackers infect Malaysia’s largest media company with ransomware, then demand $6.45 million
  16. Google, US and Israeli politician Twitter accounts hijacked to promote 'Elon Musk' Bitcoin scam
  17. Two hacker groups attacked Russian banks posing as the Central Bank of Russia
  19. NTT Security Adds Botnet Infrastructure Detection to Managed Security Services
  20. Apache Struts2 Commons FileUpload Deserialization Remote Code Execution Vulnerability (CVE-2016-100031)Threat Alert
  21. 5 Top Techniques for Testing Blockchain Apps
  22. French Company Data Breach Causes Sensitive Information Stolen to the Hackers
  23. Magecart become close to a household name with hacks of massive sites like http://Ticketmaster.com , http://Newegg.com and British Airways.
  24. New variants of Meltdown and Spectre cause information leaks
  25. New WebCobra Cryptojacking Malware Uses Platform Specific Miners
  26. AMD launches new mid-range graphics card RX 590 based on 12nm process
  27. Mylobot Botnet Now Exfiltrates Data Using Second Stage Khalesi Trojan
  28. Looking Back at LogRhythm Labs' 2018 Predictions for Security - How Did We Do?

ATTACKS

  1. Russian APT comes back to life with new US spear-phishing campaign
  2. EgressBuster – Compromise Victim via Command & Control using Firewall
  3. Voxox Database Containing Around 26 Million SMS Entries Exposed 2FA, Reset Codes
  4. China's Hack Attacks: An Economic Espionage Campaign
  5. Gmail Glitch Offers Stealthy Trick for Phishing Attacks
  6. New HealthEquity Data Breach Exposes PII/PHI of Almost 21,000 Customers
  7. AWS Adds New Feature for Preventing Data Leaks
  8. Details of 170,000 Pakistani debit cards leaked on dark web
  9. AWS rolls out new security feature to prevent accidental S3 data leaks
  10. Russian Banks Hit By Major Phishing Attacks
  11. How to Stay One Step Ahead of Phishing Websites — Literally
  12. Emotet has some customized phish for you
  13. Google BGP route leak was accidental, not hijacking
  14. After early speculation of #malicious intent, experts said an accidental misconfiguration caused the BGP route leak that sent traffic destined
  15. Russian banks hit by major phishing attacks from two hacker groups
  16. After 2015 OPM data breach, agency failed to update security
  17. Word of the Day: social engineering
  18. 26M Texts Exposed in Poorly Secured Vovox Database
  19. Create and enforce a password policy across the enterprise
  20. Data Breaches on the Rise in Financial Services
  21. SUNY Upstate Hospital announced a former employee inappropriately accessed more than 1,200 patient records.
  22. 2FA codes are great for security, except when 26M of them are leaked
  23. Business email compromise attacks cost over $676 million in 2017, according to the @FBI's Internet #CrimeReport. Learn how to recognize
  24. #GroupIB #ThreatIntelligence detected large set of compromised payment cards details that was put on sale on underground card shop on
  26. Massive Rise is Seen in Phishing Attacks
  27. Warning Issued by Emirates NBD over VAT Phishing Email Targeting its Customers
  28. French Company Data Breach Causes Sensitive Information Stolen to the Hackers
  29. Text message database reportedly leaked password resets
  30. Consider a reputable password manager to store your information, and don’t forget to use a strong password to secure the
  31. New variants of Meltdown and Spectre cause information leaks

THREATS

  1. EgressBuster – Compromise Victim via Command & Control using Firewall
  2. Cryptocurrency Trader Gets 15 Months of Jail for Stealing Bitcoin, Litecoin
  3. Up to three million kids' GPS watches can be tracked by parents... and any miscreant: Flaws spill pick-and-choose catalog for perverts
  4. Stealthy DarkGate Cryptocurrency Mining and Ransomware Evades AV Detection
  5. Reappearance of Magecart Malware to Infect Virtual Stores
  6. Using Microsoft Powerpoint as Malware Dropper
  7. SamSam and GandCrab Illustrate Evolution of Ransomware
  8. Critical WordPress Flaw Grants Admin Access to Any Registered Site User
  9. Adobe Patch Tuesday November Fixed Multiple Information Disclosure Vulnerabilities
  10. Lock-Screen Bypass Bug Quietly Patched in Handsets
  11. Hacking group returns, switches attacks from ransomware to trojan malware
  12. .@TalosSecurity recently created a #decryptor that helps files affected by the #ransomware #Thanatos -- typically known to not decrypt files
  13. This Week in Security News: Holiday Cybercriminals & Cryptomining Malware
  14. Scanning Akamai's Edge Servers for Vulnerabilities, Correctly
  15. Simple Call Recorder Android Malware
  16. After early speculation of #malicious intent, experts said an accidental misconfiguration caused the BGP route leak that sent traffic destined
  17. ATM Tests Reveal Surprising Security Flaws
  18. Cybaze ZLab- Yoroi team spotted a new variant of the APT28 Lojax rootkit
  19. Researchers at @okta found a bypass that allows #ThreatActors to pose files as legitimate @Apple files despite being #malware and
  20. Most antivirus programs fail to detect this cryptocurrency-stealing malware
  21. APT group TA505 testing out new modular RAT
  22. tRat is a new modular RAT used by the threat actor TA505
  23. Malaysia’s Largest Media Company Allegedly Suffers Ransomware Attack
  24. Hacking group returns, switches attacks from ransomware to trojan malware
  25. Malicious code hidden in advert images cost ad networks $1.13bn this year
  26. Hackers stole millions from ATMs across the world. @verge shares details here.
  27. SUNY Upstate Hospital announced a former employee inappropriately accessed more than 1,200 patient records.
  28. Four More Malicious Cryptocurrency Apps on Google Play
  29. Hackers infect Malaysia’s largest media company with ransomware, then demand $6.45 million
  30. D-Link router vulnerability detailed
  31. Google, US and Israeli politician Twitter accounts hijacked to promote 'Elon Musk' Bitcoin scam
  32. How does Thanatos ransomware decryptor tool restore data?
  33. Vaporworms: New breed of self-propagating fileless malware to emerge in 2019
  34. Apache Struts2 Commons FileUpload Deserialization Remote Code Execution Vulnerability (CVE-2016-100031)Threat Alert
  35. 5 Top Techniques for Testing Blockchain Apps
  36. Digital identity, the blockchain and the GDPR: A round peg in a square hole?
  37. Amid calls for a Windows bug status dashboard, Microsoft belatedly agrees to build one
  38. Dridex/Locky Operators Unleash New Malware in Recent Attack
  39. New WebCobra Cryptojacking Malware Uses Platform Specific Miners
  40. AMD launches new mid-range graphics card RX 590 based on 12nm process
  41. Kaspersky Announces the Details of Windows 7 Zero-Day Vulnerability
  42. Mylobot Botnet Now Exfiltrates Data Using Second Stage Khalesi Trojan
  43. SentinelOne Detects KeyPass Ransomware! KeyPass is a new ransomware threat that has hit at least 20 countries and appears to be

CRIME

  1. Cryptocurrency Trader Gets 15 Months of Jail for Stealing Bitcoin, Litecoin
  2. Group-IB presented latest cybercrime and nation-state hacking trends in Asia
  3. Cybaze ZLab- Yoroi team spotted a new variant of the APT28 Lojax rootkit
  4. Hackers infect Malaysia’s largest media company with ransomware, then demand $6.45 million
  5. Business email compromise attacks cost over $676 million in 2017, according to the @FBI's Internet #CrimeReport. Learn how to recognize
  6. Google, US and Israeli politician Twitter accounts hijacked to promote 'Elon Musk' Bitcoin scam
  7. Two hacker groups attacked Russian banks posing as the Central Bank of Russia
  8. NTT Security Adds Botnet Infrastructure Detection to Managed Security Services
  9. Warning Issued by Emirates NBD over VAT Phishing Email Targeting its Customers
  10. French Company Data Breach Causes Sensitive Information Stolen to the Hackers
  11. Looking Back at LogRhythm Labs' 2018 Predictions for Security - How Did We Do?

POLITICS

  1. Up to three million kids' GPS watches can be tracked by parents... and any miscreant: Flaws spill pick-and-choose catalog for perverts
  2. InfoWars: Magecart Infection Points to 'Industrial Sabotage'
  3. China's Hack Attacks: An Economic Espionage Campaign
  4. Operation Shaheen – Pakistan Air Force members targeted by nation-state attackers
  5. This Week in Security News: Holiday Cybercriminals & Cryptomining Malware
  6. Group-IB presented latest cybercrime and nation-state hacking trends in Asia
at
Labels: