Daily brief for 2018-11-20

ASIA

1. ESET: Vietnamese hacking group hijacks Southeast Asian sites in watering hole campaign
2. 200K Outlaw Botnet Uses SSH Brute Forcing to Propagate, Monero Mining for Profit
3. Malvertising in Apple Pay Targets iPhone Users
4. Kaspersky Security Bulletin: Threat Predictions for 2019
5. Experts analyzed how Iranian OilRIG hackers tested their weaponized documents

WORLD

6. 200K Outlaw Botnet Uses SSH Brute Forcing to Propagate, Monero Mining for Profit
7. Infamous Russian Hacking Group Used New Trojan in Recent Attacks
8. APT29 Re-Emerges After 2 Years with Widespread Espionage Campaign
9. Voxox leak: Millions of SMS messages exposed
10. Russia’s Elite Hackers May Have New Phishing Tricks
11. Web skimmers compete in Umbro Brasil hack
12. Inspiring Gender Diversity at Women of the Channel Leadership Summit
13. Government Agencies and Think Tanks attacked, APT29 suspected
14. An Introduction to Magecart
15. Hackers Linked to Russia Impersonate US Officials
16. Two Young Men Jailed for Involvement in TalkTalk Data Breach
17. Russian hackers are trying out this new malware against US and European targets
18. TEMP.Periscope Spearphishing
19. Russian hackers are trying out this new malware against US and European targets
20. Russian APT activity is resurgent, researchers say
21. Report: Emotet makes phishing lures more convincing by scraping victims' emails
22. Sofacy Continues Global Attacks and Wheels Out New ‘Cannon’ Trojan
23. Lazarus Continues Heists, Mounts Attacks on Financial Organizations in Latin America
24. Zscaler ThreatLabZ Phishing Roundup
25. Dutch audit finds Microsoft Office leaks confidential data
26. Kaspersky Security Bulletin: Threat Predictions for 2019
27. Cozy Bear tracks: Phishing campaign looks like work of Russian APT group
28. Experts analyzed how Iranian OilRIG hackers tested their weaponized documents
29. Confiant spots major malvertising attack
30. Google, Target Hit by Twitter Bitcoin Scam Account Hacks
31. Two TalkTalk hackers jailed for 2015 data breach that cost it £77 million

ATTACKS

32. ESET: Vietnamese hacking group hijacks Southeast Asian sites in watering hole campaign
33. Gmail Glitch Enables Anonymous Messages in Phishing Attacks
34. jQuery File Upload Disclosure Due Diligence
35. Emotet Returns with Thanksgiving Theme and Better Phishing Tricks
36. APT29 Re-Emerges After 2 Years with Widespread Espionage Campaign
37. APT29 Re-Emerges After 2 Years with Widespread Espionage Campaign
38. Emotet Returns with Thanksgiving Theme and Better Phishing Tricks
39. Voxox leak: Millions of SMS messages exposed
40. Russia’s Elite Hackers May Have New Phishing Tricks
41. Second WordPress hacking campaign underway, this one targeting AMP for WP plugin
42. Vision Direct Reveals Data Breach
43. Malvertising in Apple Pay Targets iPhone Users
44. Instagram glitch exposed some user passwords
45. OSIsoft Warns Employees, Contractors of Data Breach
46. Two Young Men Jailed for Involvement in TalkTalk Data Breach
47. TEMP.Periscope Spearphishing
48. Report: Emotet makes phishing lures more convincing by scraping victims' emails
49. OceanLotus: New watering hole attack in Southeast Asia
50. OceanLotus: New watering hole attack in Southeast Asia
51. tRat: New Modular RAT Appears in Multiple Email Campaigns
52. Emotet Campaigns Persist, Utilize Updated Tactics and Techniques
53. Mac users using Exodus cryptocurrency wallet targeted by a small spam campaign
54. AWS moves to curb S3 data leaks, but Chris Vickery is doubtful
55. TalkTalk hackers jailed for role in £77m data breach
56. CarBlues – Bluetooth Vehicle Hack Exploit Affects Millions Of Vehicles Exposing Users PII
57. Zscaler ThreatLabZ Phishing Roundup
58. 2018 holiday travel period expected to be the busiest travel season on record
59. Vision Direct 'fesses up to hack that exposed customer names, payment cards
60. A little phishing knowledge may be a dangerous thing
61. Dutch audit finds Microsoft Office leaks confidential data
62. Cozy Bear tracks: Phishing campaign looks like work of Russian APT group
63. Instagram Patched A Data Download Tool Bug That Exposed Users Passwords
64. Confiant spots major malvertising attack
65. Two TalkTalk hackers jailed for 2015 data breach that cost it £77 million

THREATS

66. Instagram bug exposes user passwords
67. Critical Adobe Flash Bug Impacts Windows, macOS, Linux and Chrome OS
68. 200K Outlaw Botnet Uses SSH Brute Forcing to Propagate, Monero Mining for Profit
69. Hackers target Drupal servers chaining several flaws, including Drupalgeddon2 and DirtyCOW
70. Flash Player Type Confusion Critical Vulnerability, Another Reason Not to Use It
71. Down But Not Out, WannaCry Malware Continues to Infect Unpatched Windows PCs
72. Infamous Russian Hacking Group Used New Trojan in Recent Attacks
73. 560,000 Duped Into Installing Android Malware in the Form of Fake Driving Games
74. Flash Player Update Patches Disclosed Code Execution Flaw
75. Attackers Target Drupal Web Servers with Chained Vulnerabilities
76. DirtyCOW Is Back In Backdoor Attack Targeting Drupal Web Servers
77. Inserted Malicious URLs within Office Documents’ Embedded Videos
78. Russian hackers are trying out this new malware against US and European targets
79. Russian hackers are trying out this new malware against US and European targets
80. Sofacy Continues Global Attacks and Wheels Out New ‘Cannon’ Trojan
81. WordPress GDPR Plug-in Contains Privilege Escalation Flaw
82. tRat: New Modular RAT Appears in Multiple Email Campaigns
83. Dharma Ransomware Variant Discovered
84. Hackers Exploit Vulnerability in WP GDPR Compliance Plugin – Update Now
85. Mac users using Exodus cryptocurrency wallet targeted by a small spam campaign
86. For Smbs Ransomware Attacks still the Greatest Online Threat
87. Almost 50 Percent of 2018 Vulnerabilities Can Be Exploited Remotely
88. Targeted ransomware attacks on the rise in 2018, NCSC warns
89. TP-Link fixes 2 Remote Code Execution flaws in TL-R600VPN SOHO Router and other issues
90. Raft of flaws discovered in MiSafes child-monitoring devices
91. Scumbags cram Make-A-Wish website with coin-mining malware
92. Instagram Patched A Data Download Tool Bug That Exposed Users Passwords
93. Microsoft Releases Azure Blockchain Development Kit
94. DirtyCOW is back in backdoor attack targeting Drupal Web Servers
95. Can a D-Link router vulnerability threaten bank customers?
96. 3 New Code Execution Flaws Discovered in Atlantis Word Processor
97. Vulnerability Spotlight: Multiple remote code execution vulnerabilities in Atlantis Word Processor
98. Google Account Hacked for Fake Bitcoin Reward
99. 2019 Security Predictions – Utilities and Industrial Control Systems Targeted with Ransomware
100. Google, Target Hit by Twitter Bitcoin Scam Account Hacks
101. The wiper #malware that briefly disrupted the Winter #Olympics earlier this year appears to be back - now with a
102. 13 Malicious Apps in Google Play With More than 560,000+ Installs
103. Apache OpenOffice 4.1.6 release: important bug fixes and security fixes
104. Almost 50 Percent of 2018 Vulnerabilities Can Be Exploited Remotely
105. #BluetoothDevices might be at risk after a new #Bluetooth vulnerability was found targeting #firmware or operating system software drivers. Learn

CRIME

106. Inspiring Gender Diversity at Women of the Channel Leadership Summit
107. An Introduction to Magecart
108. Two Young Men Jailed for Involvement in TalkTalk Data Breach
109. Report: Emotet makes phishing lures more convincing by scraping victims' emails
110. Zscaler ThreatLabZ Phishing Roundup
111. Magecart Spies Payment Cards From Retailer Vision Direct
112. Kaspersky Security Bulletin: Threat Predictions for 2019
113. Google, Target Hit by Twitter Bitcoin Scam Account Hacks
114. Two TalkTalk hackers jailed for 2015 data breach that cost it £77 million

POLITICS

115. Infamous Russian Hacking Group Used New Trojan in Recent Attacks
116. APT29 Re-Emerges After 2 Years with Widespread Espionage Campaign
117. APT29 Re-Emerges After 2 Years with Widespread Espionage Campaign
118. Russia’s Elite Hackers May Have New Phishing Tricks
119. Web skimmers compete in Umbro Brasil hack
120. TEMP.Periscope Spearphishing
121. Mac users using Exodus cryptocurrency wallet targeted by a small spam campaign
122. Magecart Spies Payment Cards From Retailer Vision Direct
123. Dutch audit finds Microsoft Office leaks confidential data
124. Kaspersky Security Bulletin: Threat Predictions for 2019
125. Experts analyzed how Iranian OilRIG hackers tested their weaponized documents