Nov 20, 2018

Daily brief for 2018-11-19

ASIA

  1. U.S. warns countries not to 'manipulate the extradition process' for cybercriminals
  2. Tianfu Cup PWN hacking contest – White hat hackers earn $1 Million for Zero-Day exploits
  3. Business email compromise scam costs Pathé $21.5 million
  4. The Most Damaging Election Disinformation Campaign Came From Donald Trump, Not Russia
  5. Iran-Linked Hackers Use Just-in-Time Creation of Weaponized Attack Docs
  6. New ShadowTalk update looks at: New nation-state threat actor uses advanced TTPs to target Pakistan Lazarus Group’s FASTCash malware
  7. Hackers Earn $1 Million for Zero-Day Exploits at Chinese Competition
  8. Turkish Police Arrested Cryptocurrency Hackers
  9. After early speculation of #malicious intent, experts said an accidental misconfiguration caused the BGP route leak that sent traffic destined

WORLD

  1. Not So Cozy: An Uncomfortable Examination of a Suspected APT29 Phishing Campaign
  2. Finds vulnerabilities in wordpress websites using WPSCAN
  3. Traps: Fighting Threats With Cloud-Based Malware Analysis
  4. U.S. warns countries not to 'manipulate the extradition process' for cybercriminals
  5. A week in security (November 12 – 18)
  6. Business email compromise scam costs Pathé $21.5 million
  7. The Most Damaging Election Disinformation Campaign Came From Donald Trump, Not Russia
  8. 2FA Login Failure in Office 365 and Azure
  9. DarkGate Malware Avoids Endpoint AV Detection
  10. Subject: Invoice. The cause of 6 out of 10 of the most effective phishing campaigns in 2018
  11. WebCobra Installs Cryptominer On Victim's System
  12. New ShadowTalk update looks at: New nation-state threat actor uses advanced TTPs to target Pakistan Lazarus Group’s FASTCash malware
  13. Cybaze ZLab – Yoroi team analyzed malware used in recent attacks on US entities attributed to APT29
  14. Outlaw Group Distributes Botnet for Cryptocurrency-Mining, Scanning, and Brute-Force
  15. Proofpoint #ThreatInsight research: #sLoad and #Ramnit pairing in sustained personalized campaigns against UK and Italy:
  16. Russian Cozy Bear APT 29 hackers may be impersonating State Department
  17. Email campaign spreading new tRAT malware
  18. After early speculation of #malicious intent, experts said an accidental misconfiguration caused the BGP route leak that sent traffic destined
  19. Fun fact: The Morris Worm of 1988 did never spread to Finland, as the outbreak happened two weeks before we

ATTACKS

  1. Not So Cozy: An Uncomfortable Examination of a Suspected APT29 Phishing Campaign
  2. Data Leak Incident Reported by Fortune 500 Metropolitan Life Insurance Company
  3. Top 5 ways to pick a secure password
  4. VisionDirect Blindsided by Magecart in Data Breach
  5. Top 5 ways to pick a secure password
  6. OSIsoft Breached, All Domain Accounts, Emails, and Passwords Assumed Compromised
  7. “Simplicity without Compromise” with Catalyst 9200 – Intent Based Networking Everywhere!
  8. EOS.IO Smart Contract Database Walkthrough
  9. Ford Eyes Use of Customers’ Personal Data to Boost Profits
  10. Vision Direct Admits To Breach With CVVs Compromised
  11. Instagram Bug, Now Fixed, Exposed User Passwords
  12. Business email compromise scam costs Pathé $21.5 million
  13. Database Misconfiguration Leaks 26 Million SMS Messages
  14. The Most Damaging Election Disinformation Campaign Came From Donald Trump, Not Russia
  15. 2FA Login Failure in Office 365 and Azure
  16. SUNY Upstate Hospital announced a former employee inappropriately accessed more than 1,200 patient records.
  17. Subject: Invoice. The cause of 6 out of 10 of the most effective phishing campaigns in 2018
  18. Vision Direct reveals customer credit card leak, fake Google script may be to blame
  19. A little phishing knowledge may be a dangerous thing
  20. Most Important Consideration of Confidentiality,Integrity, Availability (CIA Triad) to Avoid Organization Data Breach
  21. New security feature to prevent Amazon S3 bucket misconfiguration and data leaks
  22. The more you say you know about phishing, the more vulnerable you are … Until you’re hoodwinked
  23. Instagram Privacy Tool Exposed Passwords
  24. Vision Direct Notifies Customers of Data Compromise
  25. Proofpoint #ThreatInsight research: #sLoad and #Ramnit pairing in sustained personalized campaigns against UK and Italy:
  26. Instagram Accidentally Exposed Some User Passwords
  27. More than 50% forgot their password once at least one in the last month
  28. An espionage group used stolen #DigitalCertificates to sign Plead #malware and used a password stealer component that was used in
  29. How #privacy intersects with #CyberSecurity. “Criminals can craft better phishing emails to scam you when they know what you’re interested in.”
  30. Email campaign spreading new tRAT malware
  31. The promised integration with #HaveIBeenPwned is expanding in #FirefoxMonitor with new breach alerts when a user visits a recently compromised
  32. Review: Specops Password Policy
  33. Instagram Critical Bug Leaked User’s Password Via its Data Download Tool
  34. After early speculation of #malicious intent, experts said an accidental misconfiguration caused the BGP route leak that sent traffic destined
  35. Firefox automatically alerts users when you access sites that have data breaches
  36. Instagram Accidentally Exposed Some Users' Passwords In Plaintext
  37. Sai quali sono i modelli più utilizzati dagli utenti per creare le proprie #password? Qui ti suggeriamo alcune 'best practice'

THREATS

  1. New Modular tRat Remote Access Trojan Surfaced During September
  2. OSIsoft Breached, All Domain Accounts, Emails, and Passwords Assumed Compromised
  3. Finds vulnerabilities in wordpress websites using WPSCAN
  4. Traps: Fighting Threats With Cloud-Based Malware Analysis
  5. U.S. warns countries not to 'manipulate the extradition process' for cybercriminals
  6. TP-Link Patches Remote Code Execution Flaws in SOHO Router
  7. EOS.IO Smart Contract Database Walkthrough
  8. Tianfu Cup PWN hacking contest – White hat hackers earn $1 Million for Zero-Day exploits
  9. Bitcoin Falls Below $5,000
  10. Instagram Flaw Exposes User Passwords
  11. Multiple Remote TP-Link TL-R600VPN Router Vulnerabilities Patched
  12. A bug in EA Origin client exposes gamers' data
  13. Vulnerabilities Dip 7%, but Researchers Are Cautious
  14. Cryptojacking Attack Targets Make-A-Wish Foundation Website
  15. Instagram Bug, Now Fixed, Exposed User Passwords
  16. DarkGate Malware Avoids Endpoint AV Detection
  17. Vulnerability Spotlight: Multiple remote vulnerabilities in TP-Link TL-R600VPN
  18. SUNY Upstate Hospital announced a former employee inappropriately accessed more than 1,200 patient records.
  19. WebCobra Installs Cryptominer On Victim's System
  20. New ShadowTalk update looks at: New nation-state threat actor uses advanced TTPs to target Pakistan Lazarus Group’s FASTCash malware
  21. Cybaze ZLab – Yoroi team analyzed malware used in recent attacks on US entities attributed to APT29
  22. Outlaw Group Distributes Botnet for Cryptocurrency-Mining, Scanning, and Brute-Force
  23. Texas hospital becomes victim of Dharma ransomware
  24. Instagram flaw exposes user passwords
  25. Hackers Earn $1 Million for Zero-Day Exploits at Chinese Competition
  26. How can a @Trezor #cryptocurrency wallet fall victim to attack? Learn more with expert @lewisnic
  27. Privilege escalation bug patched in Accelerated Mobile Pages WordPress plug-in
  28. A History of Ransomware Attacks: The Biggest and Worst Ransomware Attacks of All Time
  29. How does a Bluetooth vulnerability enable validation attacks?
  30. An espionage group used stolen #DigitalCertificates to sign Plead #malware and used a password stealer component that was used in
  31. How does site isolation defend against #Spectre vulnerabilities? Expert Michael Cobb of @thehairyITdog explains
  32. Helping researchers with IoT firmware vulnerability discovery
  33. Wannacry Continues to be Dominant Ransomware
  34. Email campaign spreading new tRAT malware
  35. Turkish Police Arrested Cryptocurrency Hackers
  36. Vulnerability Spotlight: Multiple remote vulnerabilities in TP-Link TL-R600VPN
  37. Instagram Critical Bug Leaked User’s Password Via its Data Download Tool
  38. After early speculation of #malicious intent, experts said an accidental misconfiguration caused the BGP route leak that sent traffic destined
  39. Fun fact: The Morris Worm of 1988 did never spread to Finland, as the outbreak happened two weeks before we
  40. October 2018’s Most Wanted Malware: For The First Time, Remote Access Trojan Reaches Global Threat Index’s Top 10

CRIME

  1. OSIsoft Breached, All Domain Accounts, Emails, and Passwords Assumed Compromised
  2. Finds vulnerabilities in wordpress websites using WPSCAN
  3. U.S. warns countries not to 'manipulate the extradition process' for cybercriminals
  4. EOS.IO Smart Contract Database Walkthrough
  5. A week in security (November 12 – 18)
  6. Collective Intelligence Podcast, Vitali Kremez on Magecart
  7. Business email compromise scam costs Pathé $21.5 million
  8. The Most Damaging Election Disinformation Campaign Came From Donald Trump, Not Russia
  9. Vision Direct reveals customer credit card leak, fake Google script may be to blame
  10. The more you say you know about phishing, the more vulnerable you are … Until you’re hoodwinked
  11. Instagram Accidentally Exposed Some User Passwords
  12. An espionage group used stolen #DigitalCertificates to sign Plead #malware and used a password stealer component that was used in
  13. How #privacy intersects with #CyberSecurity. “Criminals can craft better phishing emails to scam you when they know what you’re interested in.”
  14. Turkish Police Arrested Cryptocurrency Hackers
  15. Review: Specops Password Policy

POLITICS

  1. Not So Cozy: An Uncomfortable Examination of a Suspected APT29 Phishing Campaign
  2. U.S. warns countries not to 'manipulate the extradition process' for cybercriminals
  3. A week in security (November 12 – 18)
  4. Business email compromise scam costs Pathé $21.5 million
  5. The Most Damaging Election Disinformation Campaign Came From Donald Trump, Not Russia
  6. Cybaze ZLab – Yoroi team analyzed malware used in recent attacks on US entities attributed to APT29
  7. Outlaw Group Distributes Botnet for Cryptocurrency-Mining, Scanning, and Brute-Force
  8. The more you say you know about phishing, the more vulnerable you are … Until you’re hoodwinked
  9. An espionage group used stolen #DigitalCertificates to sign Plead #malware and used a password stealer component that was used in
  10. How #privacy intersects with #CyberSecurity. “Criminals can craft better phishing emails to scam you when they know what you’re interested in.”
  11. Russian Cozy Bear APT 29 hackers may be impersonating State Department
at
Labels: