Sector brief for 2018-11-19

HEALTHCARE

1. Not So Cozy: An Uncomfortable Examination of a Suspected APT29 Phishing Campaign
2. SUNY Upstate Hospital announced a former employee inappropriately accessed more than 1,200 patient records.
3. Texas hospital becomes victim of Dharma ransomware

TRANSPORT

Nil

BANKING & FINANCE

4. New Modular tRat Remote Access Trojan Surfaced During September
5. Tianfu Cup PWN hacking contest – White hat hackers earn $1 Million for Zero-Day exploits
6. Collective Intelligence Podcast, Vitali Kremez on Magecart
7. Business email compromise scam costs Pathé $21.5 million
8. Subject: Invoice. The cause of 6 out of 10 of the most effective phishing campaigns in 2018
9. Vision Direct reveals customer credit card leak, fake Google script may be to blame
10. Vision Direct Notifies Customers of Data Compromise
11. Email campaign spreading new tRAT malware
12. October 2018’s Most Wanted Malware: For The First Time, Remote Access Trojan Reaches Global Threat Index’s Top 10

INFORMATION & TELECOMMUNICATION

13. U.S. warns countries not to 'manipulate the extradition process' for cybercriminals
14. Tianfu Cup PWN hacking contest – White hat hackers earn $1 Million for Zero-Day exploits
15. Instagram Flaw Exposes User Passwords
16. Multiple Remote TP-Link TL-R600VPN Router Vulnerabilities Patched
17. A week in security (November 12 – 18)
18. Instagram Bug, Now Fixed, Exposed User Passwords
19. The Most Damaging Election Disinformation Campaign Came From Donald Trump, Not Russia
20. 2FA Login Failure in Office 365 and Azure
21. SUNY Upstate Hospital announced a former employee inappropriately accessed more than 1,200 patient records.
22. New ShadowTalk update looks at: New nation-state threat actor uses advanced TTPs to target Pakistan Lazarus Group’s FASTCash malware
23. Cybaze ZLab – Yoroi team analyzed malware used in recent attacks on US entities attributed to APT29
24. Outlaw Group Distributes Botnet for Cryptocurrency-Mining, Scanning, and Brute-Force
25. Instagram flaw exposes user passwords
26. Instagram Privacy Tool Exposed Passwords
27. Proofpoint #ThreatInsight research: #sLoad and #Ramnit pairing in sustained personalized campaigns against UK and Italy:
28. Instagram Accidentally Exposed Some User Passwords
29. How #privacy intersects with #CyberSecurity. “Criminals can craft better phishing emails to scam you when they know what you’re interested in.”
30. Instagram Critical Bug Leaked User’s Password Via its Data Download Tool
31. Fun fact: The Morris Worm of 1988 did never spread to Finland, as the outbreak happened two weeks before we
32. Instagram Accidentally Exposed Some Users' Passwords In Plaintext

FOOD

Nil

WATER

Nil

ENERGY

Nil

GOVERNMENT & PUBLIC SERVICE

33. Not So Cozy: An Uncomfortable Examination of a Suspected APT29 Phishing Campaign
34. U.S. warns countries not to 'manipulate the extradition process' for cybercriminals
35. The Most Damaging Election Disinformation Campaign Came From Donald Trump, Not Russia
36. Cybaze ZLab – Yoroi team analyzed malware used in recent attacks on US entities attributed to APT29
37. Russian Cozy Bear APT 29 hackers may be impersonating State Department
38. Turkish Police Arrested Cryptocurrency Hackers