Threat report for 2018-11-05

DATA BREACH & DATA LOSS

1. Week in review: Volume of Australian data breaches continues unabated
2. Google dorks were the root cause of a catastrophic compromise of CIA’s communications
3. Your personal data is widely available to hackers
4. This Tool Shows Exposed Cameras Around Your Neighborhood
5. New Side-Channel Vulnerability Leaks Sensitive Data From Intel Chips
6. Akado Telecom Accidentally Leaks Customers' Names, Phone Numbers, And Addresses
7. Australian shipbuilder Austal hit by data breach
8. Equifax Set to Share More PII with Experian
9. #SamSam #ransomware continues to be a thorn in the side of organizations in the U.S. with targeted ransomware campaigns continuing,
10. National biometric database could be on the way (and in private hands)
11. Over 80,000 Facebook User Accounts Compromised
12. "If an organization created #DMARC records for the first time, it would encounter syntax and content issues -- one of
13. Kemp Cites Voter Database Hacking Attempt, Gives No Evidence
14. "A lot of people in Congress are concerned that the Facebook influence campaigns are about the midterms, but to me
15. "Shipbuilder Austal Ltd said on Thursday its Australian business had detected and responded to a data breach"

DENIAL-OF-SERVICE

16. What were the DDoS numbers for Q2 & Q3 2018?
17. A cybersecurity lesson: educational sites suffer rise in DDoS attacks in Q3

MALVERTISING

Nil

PHISHING

18. Almost 300 Percent Increase in eCommerce Phishing Attacks in Q3 2018
19. Inception Group Uses POWERSHOWER Backdoor in Two-Stage Spear Phishing Attacks
20. How to use Firefox Master Password.
21. Why you should be using a password manager
22. How did @Google eliminate successful #PhishingAttacks? Learn how employees used U2F authentication and physical #SecurityKeys to defend against phishing from
23. Password Constraints and Their Unintended Security Consequences
24. Cybercriminals Using SMS Phishing Attack to Rob Cardless ATM
25. How can U2F authentication end phishing attacks?
26. Phishing attacks up by 297 percent across eCommerce in Q3 2018

WEB DEFACEMENT

Nil

BOTNET

27. Shellbot Botnet Targets Linux, Android Devices
28. Original Mirai botnet creator hit with hefty financial sentence

RANSOMWARE

29. #SamSam #ransomware continues to be a thorn in the side of organizations in the U.S. with targeted ransomware campaigns continuing,
30. Researchers found #Kraken #ransomware has become more popular after being packaged in the Fallout #ExploitKit and becoming part of an

CRYPTOMINING & CRYPTOCURRENCIES

31. No, blockchain isn't the answer to our voting system woes
32. Fake Elon Musk Twitter Bitcoin Scam Earned 180K in One Day
33. Another wave of Elon Musk bitcoin scams spread by verified Twitter accounts
34. Researchers found #Kraken #ransomware has become more popular after being packaged in the Fallout #ExploitKit and becoming part of an
35. Blockhead makes blockchain easy for developers
36. The building blocks of blockchain-based digital identity

MALWARE

37. Inception Group Uses POWERSHOWER Backdoor in Two-Stage Spear Phishing Attacks
38. Inside SearchPageInstaller | macOS Malware Deploys a MITM Attack
39. Malware of the 1980s: Looking back at the Brain Virus and the Morris Worm
40. Why malware attacks should no longer be a problem for businesses
41. Android Rat – TheFatRat to Hack and Gain access to Targeted Android Phone
42. Scammers Ride on Popular Vote411 Voter Info Site to Push Scareware Alerts
43. How to Get Rid of Cortana Runtime Broker CPU Miner Virus
44. Fake malicious @RSAsecurity #SecurID malware in pre-release state on @GooglePlay: - Currently gathering information (profiling) the mobile device it is installed
45. Video analysis of Android banking Trojan found on Google Play (Red Alert 2)
46. Recently there have been a lot of packed Android malware around, so I decided to write a blog-post on how

EXPLOIT

47. PoC Available for Microsoft Edge Zero-Day RCE, Exploit Under Development
48. Security researchers exploit Intel hyperthreading flaw to break encryption

VULNERABILITY

49. Apache warns Struts 2.3 is using a library with a two year old critical flaw
50. Online Radio Stations at Risk from Icecast Flaw
51. PoC Available for Microsoft Edge Zero-Day RCE, Exploit Under Development
52. Flaws In Self-Encrypting SSDs Let Attackers Bypass Encryption
53. New Side-Channel Vulnerability Leaks Sensitive Data From Intel Chips
54. Why Are Deserialization Vulnerabilities So Popular?
55. Flaws in self-encrypting SSDs let attackers bypass disk encryption
56. [SingCERT] Technical Advisory on Vulnerabilities in Bluetooth Low Energy Chips by Texas Instruments (CVE-2018-16986 and CVE-2018-7080)
57. Inception Attackers Target Europe with Year-old Office Vulnerability
58. Kemp Investigates Dems, Not the Reported Vulnerability
59. Flaws in Popular SSD Drives Bypass Hardware Disk Encryption
60. Flaw in Icecast streaming media server allows to take off online Radio Stations
61. Security researchers exploit Intel hyperthreading flaw to break encryption
62. .@ArmisSecurity researchers discovered two chip-level #Bluetooth vulnerabilities -- dubbed #Bleedingbit -- that could allow pseudo #RemoteCodeExecution on wireless access points.
63. Vulnerabilities’ CVSS scores soon to be assigned by AI
64. Cisco Products Affected By A Zero-Day SIP Inspection Vulnerability Exploited In The Wild
65. High severity XML external entity flaw affects Sauter building automation product
66. Security firm Armis has discovered two vulnerabilities in Bluetooth Chips from several networking industry leaders.
67. Critical 'Bleedingbit' flaws found in microcontrollers used by Wi-Fi access points
68. Mozilla Patched Multiple Security Vulnerabilities in Thunderbird 60.3
69. Apple Patched Multiple XNU Kernel Vulnerabilities In MacOS And iOS
70. Companies implementing DevSecOps address vulnerabilities faster than others
71. The Ultimate Guide to Bug Bounty Platforms
72. PortSmash – A New Side Channel Vulnerability in SMT/Hyper-Threading That Allows Attackers To Steal Sensitive Data
73. Security Think Tank: Three ways to safeguard against application layer vulnerabilities
74. Security Bug in Icecast Puts Online Radio Stations At Risk
75. Researchers discover new zero-day vulnerability in EDGE browser