Threat report for 2018-10-31

DATA BREACH & DATA LOSS

1. 85 Millions of voter records available for sale ahead of the 2018 US Midterm Elections
2. More Information about July 2018’s Singapore SingHealth Data Breach Revealed
3. Software bugs could compromise midterm votes in Texas
4. Eurostar Resets Users' Passwords After Potential Data Breach
5. Why data security is a priority for political campaigns
6. The Radisson Hotel Group has suffered a data breach
7. Social Security Numbers, PII Stolen in NorthBay Healthcare Data Breach
8. Healthcare.gov website suffers data breach affecting 75,000 enrollees
9. Tomorrowland festival goers affected by data breach
10. Chinese Intel Agents Indicted for 5-Year IP Theft Campaign
11. Emotet malware gang is mass-harvesting millions of emails in mysterious campaign
12. Nigerian Airline Arik Air May Have Leaked Customer Data
13. Cyber Attacks Up Prior To Midterms, 81.5 Million Voter Records Threatened
14. Average data breach fines have doubled as ICO hints at higher fines
15. Australian companies failing to slow the tide of data breaches: OAIC
16. Assault and battery: Malvertising campaign checks user device' charge as anti-detection technique
17. Live Webinar | Identity Proofing in the Era of Data Breaches and Social Networking
18. Come fermare i data breach con i servizi di Detection&Response #MDR: il caso di un'importante media company finlandese
19. Fresh SamSam Ransomware Campaign Across the U.S
20. Nigerian airline Arik Air may have leaked customer data
21. Emotet malware gang is mass-harvesting millions of emails in mysterious campaign
22. SamSam Ransomware Campaigns Highly Active in 2018 and Heavily Targets Organizations
23. A Report on Data Breaches in Australia
24. A DHCPv6 package could compromise a vulnerable Linux system
25. OIG’s Take On Healthcare.gov Patient Record Breach
26. Exploit Chain Modified to Slip Antivirus Detection in a New Malware Campaign

DENIAL-OF-SERVICE

27. DDoS Attacks in Q3 2018

MALVERTISING

28. Assault and battery: Malvertising campaign checks user device' charge as anti-detection technique

PHISHING

29. Re: The Zombie Phish
30. Ramped-up phishing attacks target universities around the world
31. “Brazilian Election” Themed Phish Target Users with South American-Targeted Malware, Astaroth Trojan
32. [Infographic] 5 Ways #Cybercriminals Can Access Your Emails Without #Phishing:

WEB DEFACEMENT

Nil

BOTNET

33. Re: The Zombie Phish
34. Google aims to stop the tide of bots with reCAPTCHA v3
35. Pervasive Emotet Botnet Now Steals Emails
36. NTT Security targets botnet infrastructure
37. Satori Botnet's Alleged Developer Rearrested
38. #Mirai author fined $8.6million, gets 6 months house arrest

RANSOMWARE

39. SamSam Ransomware Goes on a Tear
40. 2018’s Most Prevalent Ransomware – We Took it for a Ride
41. Kraken Ransomware Upgrades Distribution with RaaS Model
42. GandCrab ransomware crew loses $1M after Bitdefender releases free decrypter
43. Kraken Cryptor ransomware merges with Fallout exploit kit, fees slashed to gain followers
44. Kraken Ransomware Now Being Distributed by Fallout Exploit Kit
45. Fresh SamSam Ransomware Campaign Across the U.S
46. SamSam Ransomware Campaigns Highly Active in 2018 and Heavily Targets Organizations

CRYPTOMINING & CRYPTOCURRENCIES

47. Kraken Ransomware Upgrades Distribution with RaaS Model
48. Kraken Cryptor ransomware merges with Fallout exploit kit, fees slashed to gain followers
49. Kraken Ransomware Now Being Distributed by Fallout Exploit Kit
50. It's a front? Mac cryptocurrency ticker actually installs backdoors
51. All You Need to Know About Blockchain Testing

MALWARE

52. Was the Triton Malware Attack Russian in Origin?
53. Emotet malware gang is mass-harvesting millions of emails in mysterious campaign
54. Promethium/StrongPity Malware
55. “Brazilian Election” Themed Phish Target Users with South American-Targeted Malware, Astaroth Trojan
56. "The presence of the insecure remote access software on systems used for election management raised concerns that malicious #ThreatActors --
57. Double-Gun Trojan which uses game plug-in to spread, is updated to V4.0 and looking for trouble
58. Emotet Trojan Begins Stealing Victim's Email Using New Module
59. Emotet trojan starts stealing full emails from infected machines
60. Recently found GPlayed trojan spinoff analysed
61. Federal employee infects gov't network with Russian malware through adult video websites
62. Emotet malware gang is mass-harvesting millions of emails in mysterious campaign
63. What do you think the combination of the #TrickBot banking Trojan to #IcedID means for the future of banking #Trojans?
64. 12 malicious libraries found in Python PyPI
65. 5 Types of Malware Currently Affecting macOS
66. Webroot Unveils Nastiest Malware of 2018
67. Exploit Chain Modified to Slip Antivirus Detection in a New Malware Campaign

EXPLOIT

68. Kraken Cryptor ransomware merges with Fallout exploit kit, fees slashed to gain followers
69. Kraken Ransomware Now Being Distributed by Fallout Exploit Kit
70. Exploit Chain Modified to Slip Antivirus Detection in a New Malware Campaign

VULNERABILITY

71. Software bugs could compromise midterm votes in Texas
72. Yi Technology Home Cameras Exploitable Using Multiple Vulnerabilities
73. Prioritizing the fundamentals of coordinated vulnerability disclosure
74. Vulnerability Spotlight: Multiple Vulnerabilities in Yi Technology Home Camera
75. Apple Patches Multiple Major Security Flaws
76. Actively Exploited High Impact DoS Vulnerability Found in Cisco ASA and FTD
77. Apple Fixes Multiple macOS, iOS Bugs Including a Quirky FaceTime Vulnerability
78. Many States Reject DHS Offer to Check Election Systems for Flaws, Saying They’re Safe from Hackers
79. Security Code AutoFill Flaw Exposes iOS, macOS Users to Banking Fraud Attacks
80. Whiteboard Wednesday: Common Vulnerabilities as Personified by Halloween Costumes
81. Vulnerability Spotlight: Multiple Vulnerabilities in Yi Technology Home Camera
82. Several vulnerabilities were found in controllers made by @Universal_Robot. Discover what these #robot controllers are used for and how
83. Weekly Threat Briefing: New Security Flaw Impacts Most Linux And BSD Distros
84. Apple Patches Passcode Bypass, FaceTime Flaws in iOS
85. Businesses unprepared for Windows 10 migration, fear vulnerability to cyber threats
86. Apple Patches Critical Flaws in iOS 12.1, macOS 10.14.1 Updates
87. Canonical Releases Ubuntu 16.04 LTS Kernel Patch, Fixed 4 Security Vulnerabilities
88. CVE-2018-18649: Gitlab Wiki API Remote Code Execution Vulnerability Alert
89. Apple Released Security Updates for iOS, watchOS, Safari , tvOS, iTunes & Fixed Several Vulnerabilities
90. Windows 10 Universal Windows Platform Vulnerability
91. Microsoft continues to push the KB4464455 patch for fixing ZIP bug