Threat report for 2018-11-02

DATA BREACH & DATA LOSS

1. Two botnets are fighting over control of thousands of unsecured Android devices
2. Joshua Adam Schulte, ex CIA employee, accused of continuing leaks from prison
3. Spam campaign targets Exodus Mac Users
4. 120 Million Facebook Accounts Compromised, Private Messages of 81,000 for Sale
5. #SamSam #ransomware continues to be a thorn in the side of organizations in the U.S. with targeted ransomware campaigns continuing,
6. 85 Millions of voter records available for sale ahead of the 2018 US Midterm Elections
7. ePHI of 8,000 Patients Exposed in Health Plan Breach
8. Facebook has experienced a number of security-related issues lately, but it doesn't appear to be at fault for the leak
9. This Week in Security News: Spam Campaigns and Vulnerable Infrastructures
10. Russian hackers compromise 120 million Facebook accounts; private messages on sale online
11. SamSam ransomware campaigns continue to target U.S. in 2018
12. Feds Accuse Ex-CIA Employee of Continuing Leaks From Prison
13. Radisson Hotel Group Hit by Data Breach
14. Spam campaign targets Exodus Mac Users
15. Shipbuilder, defense contractor Austal reveals data breach
16. Data theft at Radisson Hotel Group
17. 85 million voter records on sale
18. Iran has become victim of a cyberattack campaign
19. Apache HBase 2.1.1 release, distributed database
20. FIFA admits hack and braces for new leaks

DENIAL-OF-SERVICE

21. ThreatList: Fewer Big DDoS Attacks in Q3, Overall Rate Holds Steady
22. Bushido Botnet and DDoS-for-Hire

MALVERTISING

Nil

PHISHING

23. SMS Phishing + Cardless ATM = Profit
24. "While most phishing attacks on desktop and laptop computers come via email... a mobile device attack vector can be in
25. #Phishing targets data that lives outside your enterprise perimeter—putting your entire enterprise at risk. Learn how post-perimeter security enables you
26. How to password protect a folder or file in Windows | Avast
27. Just half of Fortune 500 companies have installed DMARC, a tool that guards against email phishing scams, according to new
28. Multiple #phishing pages on multiple domains targeting Canadian citizens posing as Canadian Revenue Agency, Interac, and others 192.99.86.132 (@OVH) cc: @cybercentre_ca
29. YAPBS – Yet Another Password Breach Scam

WEB DEFACEMENT

Nil

BOTNET

30. Shellbot Variant Used in New Botnet, Spreads Using IoT and Linux Vulnerabilities
31. Bushido Botnet and DDoS-for-Hire
32. Outlaw Hacking Group Using Command Injection Flow To Attack Organizations Network using Botnet via C&C Server
33. BCMUPnP_Hunter: 100,000-node botnet is abusing routers for spam
34. 'Outlaw' threat actor uses Shellbot variant to form new botnet

RANSOMWARE

35. New Ransomware using DiskCryptor With Custom Ransom Message
36. #SamSam #ransomware continues to be a thorn in the side of organizations in the U.S. with targeted ransomware campaigns continuing,
37. Researchers found #Kraken #ransomware has become more popular after being packaged in the Fallout #ExploitKit and becoming part of an
38. SamSam ransomware campaigns continue to target U.S. in 2018
39. Kraken ransomware gets packaged into Fallout EK
40. Giant ransomware bundle threatens to make malware attacks easier for crooks

CRYPTOMINING & CRYPTOCURRENCIES

41. Researchers found #Kraken #ransomware has become more popular after being packaged in the Fallout #ExploitKit and becoming part of an
42. Kraken ransomware gets packaged into Fallout EK
43. Blockwatch: The aeternity Blockchain
44. Trading with cryptocurrencies without losing self control
45. EY launches the world's first secure private transactions over the Ethereum public blockchain
46. Another packed room for .@idefense analyst Mei Nelson discussing China and cryptocurrency. #codeblue_jp @AccentureSecure @AccentureJPNews

MALWARE

47. Facebook Blames Malicious Extensions in Breach of 81K Private Messages
48. ​The day computer security turned real: The Morris Worm turns 30
49. Worst Malware and Threat Actors of 2018
50. Adversaries Distribute Malware Via Rarely Used Extensions
51. Can you spot a malicious email? Take the quiz at
52. Antimalware Day: The evolution of malicious code
53. Outlaw Hacking Group Using Command Injection Flow To Attack Organizations Network using Botnet via C&C Server
54. Beware this malware: it can even survive operating systems being reinstalled
55. Emotet Trojan Changes Tactics…Again
56. Giant ransomware bundle threatens to make malware attacks easier for crooks
57. If you think you have been hacked or got #malware installed, disconnect the internet, leave your device running and connected
58. U.S. Geological Survey Network got Infected with Malware
59. Search for “Installing Chrome” on Bing can lead to malicious content
60. Previous malware attacks: When more than 7,5000 of the #Mikrotik routes were reportedly being spied on by attackers

EXPLOIT

61. Kraken ransomware gets packaged into Fallout EK
62. How to Perform Manual SQL Injection With Double quotes Error Based String Method
63. Researchers recently found vulnerabilities in #robot controllers from @Universal_Robot. Learn what these robot controllers do and how #ThreatActors exploit these

VULNERABILITY

64. Shellbot Variant Used in New Botnet, Spreads Using IoT and Linux Vulnerabilities
65. Cisco Security Appliance Zero-Day Found Actively Exploited in the Wild
66. BLEEDINGBIT – Two Zero Day Vulnerabilities Affecting Wireless Access Point Bluetooth Chips
67. Hackers actively exploiting vulnerabilities in Cisco security appliances
68. Cisco fixed the high-risk security vulnerabilities in variant products
69. Bluetooth Bugs Speak to Lack of Security in DevOps
70. Sauter Quickly Patches Flaw in Building Automation Software
71. Bleedingbit vulnerabilities put Wi-Fi access points at risk
72. Test IO introduces Bug Fix Confirmation, leveraging network of software testers to verify bug fixes
73. Flaw in Sophos HitmanPro.Alert could enable hackers to gain privileges over systems
74. Intel CPUs impacted by new PortSmash side-channel vulnerability
75. CISCO warn of a zero-day DoS flaw that is being actively exploited in attacks
76. Systemd Vulnerability In Linux Could Trigger Remote Attacks And System Crashes
77. .@ArmisSecurity researchers discovered two chip-level #Bluetooth vulnerabilities -- dubbed #Bleedingbit -- that could allow pseudo #RemoteCodeExecution on wireless access points.
78. Cisco Reports SIP Inspection Vulnerability
79. Mozilla exorcises five bugs on Halloween
80. Researchers recently found vulnerabilities in #robot controllers from @Universal_Robot. Learn what these robot controllers do and how #ThreatActors exploit these
81. BLEEDINGBIT – Two Bluetooth Chip-level Vulnerabilities Affected Millions of Enterprise Wi-Fi Access Point Devices
82. GNOME 3.30.2 released: bugs fix
83. Attackers Use Zero-Day That Can Restart Cisco Security Appliances