Nov 10, 2018

Threat report for 2018-11-09

DATA BREACH & DATA LOSS

  1. Email Stealing Emotet Banking Trojan Resurrected in New Extensive Spam Campaign
  2. Oops: Cisco accidentally leaked in-house Dirty COW exploit code with biz conf call software
  3. Bug Bounty Hunter Ran ISP Doxing Service
  4. DJI drone hack could have exposed sensitive data
  5. Emotet launches major new spam campaign
  6. .@ablaich: “Breaches that include personally identifiable information are always dangerous because they can lead to identity theft... they can also
  7. Canada Post leaks sensitive information of thousands of cannabis buyers
  8. D93 staff accounts compromised through a phishing scam
  9. Drone vulnerability could compromise enterprise data
  10. "If the schemas prove not to be compatible, a backup of the previous version of a database must be used
  11. Exposed data of nearly 700k American Express India customers
  12. Nearly 700,000 Plaintext Records of American Express India Customers Personal Info Exposed Online

DENIAL-OF-SERVICE

  1. 'DerpTroll' derps into plea deal, admits DDoS attacks on EA, Steam, Sony game servers
  2. DerpTrolling game server DDoS attacker pleads guilty
  3. Sony DDoS-er 'DerpTrolling' Pleads Guilty
  4. Notorious "DerpTrolling" Pleads Guilty to DDoS Attacks on EA & Sony

MALVERTISING

Nil

PHISHING

  1. Trickbot Malware Added Password And Browser History Stealing
  2. Man Sent Letter Bomb To Bitcoin Firm Over Password Reset
  3. This banking malware just added password and browser history stealing to its playbook
  4. This banking #malware just added #password and browser history stealing to its playbook https://zd.net/2Pl6v31 via @ZDNet & @dannyjpalmer
  5. Phishing Attempts Soar to 137 Million in Q3
  6. Phishing now possible by exploiting online video function vulnerability in Word
  7. D93 staff accounts compromised through a phishing scam
  8. 5 Ways #Cybercriminals Can Access Your Emails Without #Phishing | Check out the full infographic here:
  9. Criminals are targeting cardless ATMs with the help of SMS text-based phishing (aka smishing) to drain bank accounts using stolen

WEB DEFACEMENT

Nil

BOTNET

  1. Spammer scum hack 100,000 home routers via UPnP vulns to craft email-flinging botnet
  2. This Week in Security News: Fake Apps & Malicious Bots
  3. New spam botnet infects over 100,000 home routers
  4. A new spam #botnet took advantage of a UPnP vulnerability to infect over 100,000 home routers in India, China and
  5. IoT botnet BCMUPnP_Hunter targets routers with vulnerable UPnP feature
  6. BCMPUPnP_Hunter Botnet infected 400k routers to turn them in email spammers

RANSOMWARE

  1. Ransomware Still the Top Malware Threat During 2018 According to Europol
  2. The Week in Ransomware - November 9th 2018 - Mostly Dharma Variants
  3. Kraken Ransomware
  4. Are you prepared for #ransomware? Download this how-to guide to learn how to prepare for and detect an attack before

CRYPTOMINING & CRYPTOCURRENCIES

  1. StatCounter fingers cache-poisoning caper for Bitcoin-slurping JavaScript hijack
  2. Cryptomining Malware Uses Rootkit to Hide on Infected Linux Systems
  3. Stealthy Crypto-Mining Malware Evades Detection
  4. Man Sent Letter Bomb To Bitcoin Firm Over Password Reset
  5. Linux cryptocurrency miners are installing rootkits to hide themselves
  6. Chinese headmaster fired after setting up his own secret cryptomining rig at school
  7. Kraken Ransomware
  8. Chinese headmaster fired after setting up his own secret cryptomining rig at school
  9. No, You Don't Need a Blockchain
  10. Canadian Uni Shutters Network After Cryptomining Attack
  11. Hackers hide malware in the Windows installation files to mine cryptocurrency
  12. Visiting Bitcoin City.
  13. Seagate and IBM Work Together to Help Reduce Global Hard Drive Counterfeiting with Blockchain Technology

MALWARE

  1. Hackers Target Bitcoins and USCYBERCOM Shares Malware | Avast
  2. Koadic: Security Defense in the Age of LoL Malware, Part IV
  3. Email Stealing Emotet Banking Trojan Resurrected in New Extensive Spam Campaign
  4. Ransomware Still the Top Malware Threat During 2018 According to Europol
  5. The Pentagon is Publishing Foreign Nation-State Malware
  6. Cryptomining Malware Uses Rootkit to Hide on Infected Linux Systems
  7. Stealthy Crypto-Mining Malware Evades Detection
  8. Advanced tools: Process Hacker
  9. Trickbot Malware Added Password And Browser History Stealing
  10. This Week in Security News: Fake Apps & Malicious Bots
  11. "Inception Attackers" Combine Old Exploit and New Backdoor
  12. Playbook Fridays: Domain Spinning Workbench Spaces App
  13. This banking malware just added password and browser history stealing to its playbook
  14. South Korean Hackers Arrested for Infecting Cryto Mining Malware
  15. #Cyberespionage hackers have used stolen #DigitalCertificates to steal data. Expert Michael Cobb of @thehairyITdog explains how hackers sign Plead
  16. This banking #malware just added #password and browser history stealing to its playbook https://zd.net/2Pl6v31 via @ZDNet & @dannyjpalmer
  17. The Morris Worm Turns 30
  18. Idaho Falls School District Struck by a Computer Virus Attack
  19. OSX/SurfBuyer: Real malware is in the eye of the device holder
  20. How is Plead malware used for cyberespionage attacks?
  21. VirusTotal and USCyberCom Join Forces To Identify Malware
  22. Hackers hide malware in the Windows installation files to mine cryptocurrency
  23. U.S. Cyber Command #malware samples will be shared to #VirusTotal by the Cyber National Mission Force and one expert said

EXPLOIT

  1. Oops: Cisco accidentally leaked in-house Dirty COW exploit code with biz conf call software
  2. "Inception Attackers" Combine Old Exploit and New Backdoor

VULNERABILITY

  1. U.S. Air Force announced Hack the Air Force 3.0, the third Bug Bounty Program
  2. Recently-Patched Adobe ColdFusion Flaw Exploited By APT
  3. Zero-day in popular WordPress plugin exploited in the wild to take over sites
  4. Bug Bounty Hunter Ran ISP Doxing Service
  5. VMware releases security patches for a critical virtual machine escape flaw
  6. Infosec Problems For 2019 and Beyond: Patching, Bug Bounties and Hype
  7. VMware Patches VM Escape Flaw Disclosed at Chinese Hacking Contest
  8. Inception Attackers Target Europe with Year-old Office Vulnerability
  9. Flaws in Roche Medical Devices Can Put Patients at Risk
  10. Inception hackers target European organisations with old Office flaw
  11. A new spam #botnet took advantage of a UPnP vulnerability to infect over 100,000 home routers in India, China and
  12. Serious XSS Vulnerability Patched in Evernote
  13. Update now! WordPress sites vulnerable to WooCommerce plugin flaw
  14. Phishing now possible by exploiting online video function vulnerability in Word
  15. Vulnerabilities in Our Infrastructure: 5 Ways to Mitigate the Risk
  16. Cisco fixes two critical bugs, recommends workaround for a third
  17. Drone vulnerability could compromise enterprise data
  18. US Air Force invites white hats to find hackable flaws, again
  19. Prioritizing Flaws Based on Severity Increasingly Ineffective: Study
  20. DJI Drone Can be Hacked using New Vulnerability To Steal Drone’s Flight logs, Photos & Videos
  21. Adobe ColdFusion Vulnerability Exploited in the Wild
  22. Combination of bugs in WordPress and WooCommerce allows website hijacking
  23. Hack the Air Force 3.0 – New vulnerability bounty program
at
Labels: