Nov 7, 2018

Threat report for 2018-11-06

DATA BREACH & DATA LOSS

  1. HSBC Data Breach Hits Online Banking Customers
  2. My Health Record data misuse penalties raised
  3. Holiday Suppliers Already Under Assault by Fileless Malware Campaign
  4. Election Day: Five Security Experts Conclude that Georgia’s Online Voter Database is Easily Hackable
  5. HSBC Bank Confirms US Data Breach
  6. UK Regulator Calls for Tougher Rules on Personal Data Use
  7. HSBC Bank USA Warns Customers of Data Breach
  8. HSBC Bank Data Breach Exposed Account Numbers, Balances, and More
  9. Samsung, Crucial’s Flawed Storage Drive Encryption Leaves Data Exposed
  10. Why business can't keep the public safe from data breaches
  11. It’s thought that the private message data was obtained via a malicious browser extension that scraped the data from users’
  12. Alert: Emotet is Back with Major Spam Campaign, Email Exfiltration Module
  13. Azorult Malware Spread by New Ramnit Campaign
  14. Pocket iNet ISP Exposed 73GB of Corporate Data Online
  15. HSBC Bank Notifies Customers of Data Breach
  16. Business email compromise made easy for cybercriminals as 12.5 million company email inboxes and 33,000 finance department credentials openly accessible
  17. Wealthy Moscow residents' data leaked in Akado Telecom incident
  18. New attack by Anonymous Italy: personal data from ministries and police have been released online

DENIAL-OF-SERVICE

Nil

MALVERTISING

Nil

PHISHING

  1. ThreatList: Despite Fraud Awareness, Password Reuse Persists for Half of U.S. Consumers
  2. Zombie Phish
  3. Login VSI announces Release 3 of Login PI for proactive monitoring
  4. Spam and phishing in Q3 2018
  5. GPU side channel attacks can enable spying on web activity, password stealing
  6. Our crucible SoC OTP fusing tool now support graphical mapping of fusemap definition files. This, other than being very pretty, facilitates
  7. Social Media Brand Impersonators Go #Phishing: 3 Emerging Tactics from ZeroFOX Research
  8. Gift Card Phishing Scam Using Email Addresses of Bosses’ is Latest Trend Adopted by Scammers
  9. Samsung & Crucial Storage Device Vulnerability Allow Attackers to Break the Password & Access the Entire Device Data
  10. Just half of Fortune 500 companies have installed DMARC, a tool that guards against email phishing scams, according to new

WEB DEFACEMENT

  1. Anonymous Hackers Syndicate Defaces Huge Number of Websites of Gabon Government

BOTNET

  1. Zombie Phish
  2. VB2018 paper: Uncovering the wholesale industry of social media fraud: from botnet to bulk reseller panels
  3. Shellbot Botnet Targets IoT devices and Linux servers

RANSOMWARE

  1. Ransomware Keeps Ringing in Profits for Cybercrime Rings
  2. New ransomware spotted using DiskCryptor
  3. We're hosting a lunch and learn event geared towards endpoint #security and #ransomware, with technology partner @SentinelOne. Please join us on

CRYPTOMINING & CRYPTOCURRENCIES

  1. Group-IB and CryptoIns introduce the world’s first insurance against cyber threats for cryptocurrency exchanges
  2. Hackers Breach StatCounter To Hijack Bitcoin Transactions
  3. StatCounter Hacked to Inject Malicious Script in gate.io Cryptocurrency Exchange
  4. VMware Unveils New Blockchain Service
  5. Hackers breach StatCounter to hijack Bitcoin transactions on Gate.io exchange
  6. Backdoors Installed via macOS Cryptocurrency App
  7. Supply-chain attack on cryptocurrency exchange
  8. Supply-chain attack on cryptocurrency exchange
  9. Why are fake Elon Musk bitcoin scams running rife on Twitter right now?
  10. How IAM is Evolving in the Blockchain Era
  11. A Blockchain Solution for Data Provenance Using Hyperledger Fabric
  12. Watch Out for the “Programmer Who Cracked Your Email” Bitcoin Scam

MALWARE

  1. US DoD’s first malware submissions to Google-bought VirusTotal is Russia-linked LoJack
  2. Holiday Suppliers Already Under Assault by Fileless Malware Campaign
  3. StatCounter Hacked to Inject Malicious Script in gate.io Cryptocurrency Exchange
  4. It’s thought that the private message data was obtained via a malicious browser extension that scraped the data from users’
  5. Malware Execution via Microsoft Word Embedded Video
  6. Azorult Malware Spread by New Ramnit Campaign
  7. Private messages from 81,000 hacked Facebook accounts were for sale online. The information was obtained through malicious browser extensions, such as
  8. Worst malware and threat actors of 2018 so far
  9. #ThreatFabric discovers #NeoBot Android Banking Trojan (#Exobot spawn) in #GooglePlay with 10,000+ installs Please contact us if your interested in

EXPLOIT

  1. Exploit Developer Discovers Zero-Day Microsoft Edge Vulnerability Triggering RCE Attacks

VULNERABILITY

  1. Apache Struts Vulnerability Would Allow System Takeover
  2. Hack the Air Force 3.0 Bug Bounty Announced by USAF
  3. Android November update fixes flaws galore
  4. Zero-Day Vulnerability Explained
  5. WordPress Design Flaw + WooCommerce Vulnerability Leads to Site Takeover
  6. Flaws in several self-encrypting SSDs allows attackers to decrypt data they contain
  7. Side-Channel Vulnerability PortSmash Steals Keys
  8. Apache Struts Warns Users of Two-Year-Old Vulnerability
  9. Apache Struts Warns Users of Two-Year-Old Vulnerability
  10. Apache Struts 2.3.x vulnerable to two year old RCE flaw
  11. IBM Watson will be used by NIST to assign CVSS scores to vulnerabilities
  12. Security firm Armis has discovered two vulnerabilities in Bluetooth Chips from several networking industry leaders.
  13. Hidden Costs of IoT Vulnerabilities
  14. Evernote for Windows patch resolves stored XSS vulnerability
  15. Exploit Developer Discovers Zero-Day Microsoft Edge Vulnerability Triggering RCE Attacks
  16. How testing perspectives helps find application security flaws
  17. PortSmash Side-Channel Vulnerability – Another Threat For Intel CPUs
  18. U.S. Air Force Announces Third Bug Bounty Program
  19. CVE-2018-11759: Apache mod_jk Access Control Bypass Vulnerability
  20. High risk vulnerability discovered in Sauter CASE Suite building automation software
  21. Apache Struts Team Urges Users for Library Update to Plug Years-Old Bugs
  22. Samsung & Crucial Storage Device Vulnerability Allow Attackers to Break the Password & Access the Entire Device Data
  23. Flaws in Popular Self-Encrypting SSDs Let Attackers Decrypt Data
  24. Apple Patches Critical iOS, macOS and watchOS Flaws
  25. Multiple Cisco Vulnerabilities Threat Alert
  26. Vulnerability in Icecast can collapse online radio stations
  27. Two zero-day vulnerabilities expose millions of access points
  28. Gitlab v11.4.5 release: fix bugs
  29. Symantec acquires Appthority to enhance protection from mobile application vulnerabilities
at
Labels: