Nov 15, 2018

Threat report for 2018-11-13

DATA BREACH & DATA LOSS

  1. Cathay Pacific In Hot Water: Data Breach Started March 2018, Not October 2018
  2. Cathay Says 'Most Intense' Period of Data Breach Lasted Months
  3. Nordstrom Reveals Data Breach, Sensitive Employee Information Exposed
  4. Nordstrom Data Breach Exposes Employee Information
  5. Nordstrom Quick to Tell Employees of a Data Breach
  6. Former Employee Accessed Medical Records For Nearly a Year
  7. Sophisticated cyber-espionage campaign targeting Pakistani government and air force
  8. Dropbox Account Phishing Campaign
  9. The Ontario Cannabis Store has reported a data breach that took place Nov. 1 through the Canada Post and affected
  10. Another Facebook Bug Could Have Exposed Your Private Information
  11. Google Services down due to BGP leak, traffic hijacked through Russia, China, and Nigeria
  12. Sophisticated Campaign Targets Pakistan's Air Force
  13. Google Services Inaccessible Due to BGP Leak
  14. Beware !! Worlds Most Active Malware Emotet Launching New Campaign With Malicious Word and PDF Attachments
  15. Compromised security in millions of cards in the US
  16. Leak: Windows 10 October Update will be re-launched tomorrow

DENIAL-OF-SERVICE

Nil

MALVERTISING

  1. Malvertising is what happens when attackers buy ad space in popular, legit websites and load them with ads infected by

PHISHING

  1. Why Gen Z has the most dangerous password practices
  2. Dropbox Account Phishing Campaign
  3. Password manager: 85% want their password to be protected against hackers
  4. How did @Google eliminate successful #PhishingAttacks? Learn how employees used U2F authentication and physical #SecurityKeys to defend against phishing from
  5. To help you rule out the worst password ideas, FrontNet has put together a list of the 25 words passwords

WEB DEFACEMENT

Nil

BOTNET

  1. Security cameras – a latent botnet network?
  2. A new #botnet -- #Mylobot -- has shown new, complex levels of tools and techniques that are subsequently altering botnet
  3. New #spam #botnet infected over 100,000 home routers through a UPnP vulnerability, according to researchers at @360Netlab. By @MaddieBacon11
  4. How does the Mylobot botnet differ from a typical botnet?

RANSOMWARE

  1. What MSPs can learn from Datto’s Channel Ransomware Report
  2. Premier Media Conglomerate of Malaysia, Falls for Ransomware Infection
  3. Why WannaCry ransomware is still a threat to your PC
  4. Ransomware no. 1 cyberthreat to SMBs, and the average attack costs $47K
  5. Ransomware Attack on City of Muscatine Shutdown Several Servers

CRYPTOMINING & CRYPTOCURRENCIES

  1. Fake Crypto Wallet Apps Discovered in Google Play, Built Using Drag-n-Drop
  2. Target and other high profile Twitter accounts exploited for cryptocurrency scams
  3. Cryptocurrency Mining Malware uses Various Evasion Techniques.
  4. The Tactic Cybercriminals Use to Steal Bitcoin
  5. Attacker hijacks Elon Musk Twitter account to implement fake bitcoin fraud
  6. Data61 and CBA demonstrate blockchain welfare payments
  7. WebCobra Malware Uses Victims’ Computers to Mine Cryptocurrency
  8. WebCobra Malware Uses Victims’ Computers to Mine Cryptocurrency
  9. Illegal cryptocurrency mining
  10. Twitter grapples with fake Elon Musk accounts promoting bitcoin scams

MALWARE

  1. Triton ICS Malware
  2. Scare Force: Pakistan military hit by Operation Shaheen malware
  3. Pakistan Military Hit By Operation Shaheen Malware
  4. That Domain You Forgot to Renew? Yeah, it’s Now Stealing Credit Cards
  5. What’s on Our Minds for 2019? Key Themes from the RSA Speaker Selection Process
  6. It’s Amateur Hour in the World of Spyware and Victims Will Pay the Price
  7. Cryptocurrency Mining Malware uses Various Evasion Techniques.
  8. Call Recorder App on Google Play with Over 5,000 Installs Contains Hidden Malware Dropper
  9. #Gallmaker eschews custom malware, uses living off the land and publicly available #hack tools. Find out more:
  10. Using Machine Learning to Cluster Malicious Network Flows From Gh0st RAT Variants
  11. How is Plead #malware used for #cyberespionage attacks? Learn more with Michael Cobb of @thehairyITdog.
  12. U.S. Cyber Command #malware samples will be shared to #VirusTotal by the Cyber National Mission Force and one expert said
  13. Beware !! Worlds Most Active Malware Emotet Launching New Campaign With Malicious Word and PDF Attachments
  14. WebCobra Malware Uses Victims’ Computers to Mine Cryptocurrency
  15. WebCobra Malware Uses Victims’ Computers to Mine Cryptocurrency
  16. 12 Warning Signs That Help Identify Malware Infection

EXPLOIT

  1. Attackers exploit flaw in GDPR-themed WordPress plugin to hijack websites
  2. Ruby taken off the rails by deserialization exploit
  3. Attackers exploit GDPR compliance plug-in for WordPress

VULNERABILITY

  1. Microsoft’s Patch Tuesday updates for November 2018 fix actively exploited Windows flaw
  2. Microsoft Patches Zero-Day Bug in Win7, Server 2008 and 2008 R2
  3. Microsoft Patches Actively Exploited Windows Vulnerability
  4. Fixed Facebook Privacy Bug Could Have Allowed Bad Actors to Steal Personal Info
  5. Microsoft patches Windows zero-day used by multiple cyber-espionage groups
  6. Adobe Patches Disclosed Acrobat Vulnerability
  7. SAP Patches Critical Vulnerability in HANA Streaming Analytics
  8. Facebook flaw opened your profile to data thieves
  9. Adobe Releases Security Update for Acrobat Vulnerability with Public PoC
  10. Unpatched Android OS Flaw Allows Adversaries to Track User Location
  11. Microsoft Patch Tuesday Recap: 12 Critical Bugs Fixed
  12. Adobe Fixes Acrobat and Reader Flaw With Publicly-Available PoC
  13. Facebook Patches Another User Data Harvesting Bug
  14. XSS Vulnerability in Evernote Allows Local File Execution
  15. Vulnerabilities in Solid-State Drives Can Be Exploited to Decrypt Data
  16. Side-Channel Vulnerability Could Be Exploited to Steal Data
  17. Zero-Day Vulnerability in Cisco Products Could Cause DoS Condition
  18. Attackers exploit flaw in GDPR-themed WordPress plugin to hijack websites
  19. Facebook Bug Let Websites Access Private User Data
  20. Microsoft November 2018 Patch Tuesday Fixes 12 Critical Vulnerabilities
  21. Facebook patches another bug that could have allowed mass-harvesting of user data
  22. Microsoft Patch Tuesday — November 2018: Vulnerability disclosures and Snort coverage
  23. Another Facebook Bug Could Have Exposed Your Private Information
  24. New #spam #botnet infected over 100,000 home routers through a UPnP vulnerability, according to researchers at @360Netlab. By @MaddieBacon11
  25. Microsoft Word Doc bug using online video feature found in wild
  26. Check Point Researchers Reported Vulnerabilities in Market-Leading Drone Platform, Enabling Manufacturer to Bolster Security
  27. Zero Day vulnerability in VirtualBox is disclosed
at
Labels: