Nov 13, 2018

Threat report for 2018-11-12

DATA BREACH & DATA LOSS

  1. Cylance: Spy campaign targeting Pakistani officials installs malware, then surrenders
  2. StatCounter Compromise
  3. Emotet Campaign Ramps Up with Mass Email Harvesting Module
  4. 2018 On Track to Be One of the Worst Ever for Data Breaches
  5. U.S. Chip Cards Are Being Compromised in the Millions
  6. Third-party data breach exposes info of Alabama hospital job applicants
  7. Small number of HSBC customer accounts compromised in data breach. Often hackers will make use of user names and passwords compromised
  8. Popular Data Storage Devices Compromised Due to Flawed Security
  9. U.S. Chip Cards Are Being Compromised in the Millions:
  10. What is behind the growing trend of business email compromise attacks? Learn more from expert Michael Cobb of @thehairyITdog.
  11. The History of Data Breaches
  12. Cisco Inadvertently Leaked In-House Dirty COW Exploit Code In Its Software
  13. Emotet Campaign Ramps Up with Mass Email Harvesting Module
  14. Reported breaches in the first 9 months of 2018 exposed 3.6 billion records
  15. ADHA privacy boss reportedly quits as My Health Record faces first big test

DENIAL-OF-SERVICE

Nil

MALVERTISING

Nil

PHISHING

  1. Unable to remember his password, man sent letter bomb to Bitcoin exchange
  2. Avast Improves Phishing Detection | Avast
  3. Phishing Training is a Tool, Not a Solution

WEB DEFACEMENT

Nil

BOTNET

  1. Hacking the hackers – IOT botnet author adds his own backdoor on top of a ZTE router backdoor
  2. Botnet pwns 100,000 routers using ancient security flaw

RANSOMWARE

  1. #SamSam #ransomware targeted 67 organizations in 2018, according to @symantec research. By @MaddieBacon11
  2. Ransomware Assault Strikes Toronto Company, which Sells Data Belonging to Ontario Residents
  3. Unearthing Ransomware Characteristics Using Classification Taxonomy

CRYPTOMINING & CRYPTOCURRENCIES

  1. How CIOs can manage blockchain security: 4 tips
  2. Unable to remember his password, man sent letter bomb to Bitcoin exchange
  3. A new malware that targets #cryptocurrency investors through #MacOS and chat platforms was recently discovered. Learn how this #malware works
  4. Cryptomining malware using Windows Installer to remain hidden
  5. Chinese Head Fired After Cryptomining at School
  6. Elon Musk BITCOIN Twitter scam, a simple and profitable fraud for crooks

MALWARE

  1. Cylance: Spy campaign targeting Pakistani officials installs malware, then surrenders
  2. Hackers Abuse Critical Bug in Microsoft Office Online Video Feature To Deliver Malware
  3. Hacking the hackers – IOT botnet author adds his own backdoor on top of a ZTE router backdoor
  4. Malware-Laced App Lurked on Google Play For a Year
  5. Malware of the 90s: Remembering the Michelangelo and Melissa viruses
  6. A new malware that targets #cryptocurrency investors through #MacOS and chat platforms was recently discovered. Learn how this #malware works
  7. Hide and Script: Inserted Malicious URLs within Office Documents’ Embedded Videos
  8. Google’s data charts path to avoiding malware on Android
  9. U.S. Cyber Command #malware samples will be shared to #VirusTotal by the Cyber National Mission Force and one expert said
  10. Cryptomining malware using Windows Installer to remain hidden
  11. An #Android app booby-trapped with #malware was recently taken down from Google Play — after being available for download for
  12. How does new MacOS malware target users through chat?
  13. How does your enterprise ensure a secure #ApplicationSecurityTesting process?
  14. Happy #Monday, #CyberSecurity folks! Catch up on the #blog, and discover how fileless #malware is changing how organizations treat
  15. Overt Command and Control is now live! Check out @william_knows & @nmonkee's talk at this year's #BlueHatv18 exploring the reality

EXPLOIT

  1. How to Perform Manual SQL Injection With Error Based String Method
  2. Cisco Inadvertently Leaked In-House Dirty COW Exploit Code In Its Software
  3. Hackers Exploit Flaw in GDPR Compliance Plugin for WordPress

VULNERABILITY

  1. Hackers Abuse Critical Bug in Microsoft Office Online Video Feature To Deliver Malware
  2. DJI Drone Web App Security Flaw Could Let Attackers Take Over Drones
  3. CVE-2018-6981, CVE-2018-6982: uninitialized stack memory usage vulnerabilities on VMware ESXi, Workstation, and Fusion
  4. Flaw in WordPress plugin allowed unauthorized admin access, backdoors
  5. Steam Bug Allowed Unlimited Free Downloads
  6. Steam bug exposes license keys for every game available on platform
  7. Botnet pwns 100,000 routers using ancient security flaw
  8. Used Data Storage Devices Have Security Flaws
  9. Patched-up Adobe ColdFusion vulnerability exploited by hackers
  10. A critical flaw in GDPR compliance plugin for WordPress exploited in the wild
  11. New Acunetix Build Adds Detection for CSP, SRI, Node.js, and Ghostscript RCE Vulnerabilities
  12. Cisco ASA Security Product Denial-of-Service Vulnerability (CVE-2018-15454) Threat Alert
  13. Norway’s IT industry must tackle security vulnerabilities
  14. In this week’s ShadowTalk, the team debates the benefits/drawbacks of bug bounty programs, how you should consider operational value when
  15. Hackers Exploit Flaw in GDPR Compliance Plugin for WordPress
  16. Multiple Vulnerabilities Discovered In Roche Handheld Medical Devices
  17. DOD file sharing tool disabled due to vulnerability
at
Labels: