Threat report for 2018-11-15

DATA BREACH & DATA LOSS

1. My Health Record extension highlights lingering security, privacy concerns
2. Firefox Now Alerts You of Website Data Breaches While You're Browsing the Web
3. Survey Says: Bad PR Due to Data Breach News, Very Bad for Businesses
4. Firefox warns if the website you're visiting suffered a data breach
5. 20% of MageCart-compromised merchants get reinfected within days
6. 20% of MageCart-compromised merchants get reinfected within days
7. Today #GroupIB detected a massive phishing campaign sent to Russian banks from a fake email address purporting to belong to
8. Report: Microsoft’s enterprise products covertly gather personal data on users
9. Massive Data Leaks Keep Happening Because Big Companies Can Afford to Lose Your Data
10. A #phishing campaign was recently found to be hijacking the traffic of @Trezor user #cryptocurrency wallets. Learn how such an
11. Law firm uncovers exposed sensitive details about top attorney online. @mazzazone gives the details:
12. #tRat: New modular #RAT appears in multiple email campaigns: http://ow.ly/1nsX50jHzgd via the Proofpoint @threatinsight research team.
13. Nordstrom is notifying employees of a data breach that exposed their personal information, including names, Social Security numbers, dates of
14. Data breach at Nordstrom
15. My Health Record remains opt-out as Senate passes privacy amendments
16. Symantec Honored for its Collaboration With Leading Industry Group to Protect Against Business Email Compromise Scams

DENIAL-OF-SERVICE

Nil

MALVERTISING

Nil

PHISHING

17. G Suite Adds Advanced Password Controls
18. Man Sends Bomb to Cryptopay for Denying a Password Change Request
19. Phishing Attack Causes Breach at Southwest Washington Regional Surgery Center
20. 5 Ways #Cybercriminals Can Access Your Emails Without #Phishing [Infographic]:
21. Phishing Emails with .COM Extensions Are Hitting Finance Departments
22. Today #GroupIB detected a massive phishing campaign sent to Russian banks from a fake email address purporting to belong to
23. A #phishing campaign was recently found to be hijacking the traffic of @Trezor user #cryptocurrency wallets. Learn how such an
24. Phishing fraudsters set their sights on online storage portals
25. 'DarkGate' miner, password-stealer could open up world of hurt for Windows users
26. Learn why @Google chose U2F authentication over OTP to eliminate #PhishingEmails from expert Michael Cobb of @thehairyITdog.
27. Vade Secure launches IsItPhishing Threat Detection to help SOCs identify phishing URLs
28. Smashing Security #104: The world’s most evil phishing test, and cyborgs in the workplace

WEB DEFACEMENT

Nil

BOTNET

29. Deep Instinct recently blogged about a new #botnet -- dubbed #Mylobot -- that has shown new, complex tools and techniques.
30. Bots on a plane? Bad bots cause unique cyber-security issues for airlines

RANSOMWARE

31. Should Windows Users Worry About Ransomware in 2019?
32. 500 Percent Increase in macOS/iOS Ransomware Attacks During 1H 2018
33. Ransomware Continues to Be Top Threat to Small Companies
34. Ransomware Attack Strikes Media Prima

CRYPTOMINING & CRYPTOCURRENCIES

35. Linux Based Crypto-Mining Malware
36. Official Google Twitter account hacked in Bitcoin scam
37. A #phishing campaign was recently found to be hijacking the traffic of @Trezor user #cryptocurrency wallets. Learn how such an
38. How is the Trezor cryptocurrency online wallet under attack?
39. Cryptocurrency fraud is the exception, not the rule
40. Fake cryptocurrency Wallets Apps on Google Play Steal User Credentials and Mimic as Legitimate Wallets
41. Access Control Acronyms: ACL, RBAC, ABAC, PBAC, RAdAC, and a Dash of CBAC
42. Cryptowerk introduces blockchain-based technology to certify data integrity of digital assets
43. The ABC of the Hong Kong tech scene: A - AI, B - blockchain, C - cloud

MALWARE

44. Proofpoint: Hackers testing new reconnaissance malware on financial institutions
45. A RAT Just Made It in the Global Threat Index’s Top 10
46. Ahead of Black Friday, Rash of Malware Families Takes Aim at Holiday Shoppers
47. Cyber Crooks Diversify Business with Multi-Intent Malware
48. Linux Based Crypto-Mining Malware
49. Cloud, China, Generic Malware Top Security Concerns for 2019
50. Brazilian Users Under Attack From Metamorfo Banking Trojan
51. #WebCache poisoning poses a serious threat to #BrowserSecurity. Learn how #hackers can use unkeyed inputs for malicious intent from expert
52. 14 Malware Families Targeting E-Commerce Brands Ahead of Black Friday
53. #tRat: New modular #RAT appears in multiple email campaigns: http://ow.ly/1nsX50jHzgd via the Proofpoint @threatinsight research team.
54. Carpet (IT) to Concrete (OT) – The Evolution of Internet-Based Malware
55. Creating and Analyzing a Malicious PDF File with PDF-Parser Tool
56. I forgot to follow up on this… According to Apple, the process could take up to 7 days. It

EXPLOIT

57. Fresh exploit takes the shackles off disabled PHP functions
58. What is the impact of cyber espionage? @MikaSusiEK from Confederation of Finnish Industries EK discusses, how to tackle the growing

VULNERABILITY

59. Vulnerability: Emojis can kill Skype for Business
60. IRCTC Free Insurance Bug That Puts Millions of Passenger Data Under Risk
61. Unpatched Microsoft Word Video Feature Vulnerability is Being Exploited In The Wild
62. 7 New Meltdown and Spectre Level Vulnerabilities Discovered that Affected ARM, Intel & AMD CPU’s
63. Two whitehats receive $60,000 in rewards for successfully finding iOS 12.1 vulnerabilities
64. VMware Virtual Machine Escape Vulnerabilities (CVE-2018-6981 and CVE-2018-6982) Threat Alert
65. Cisco Stealthwatch Management Console and Unity Express Critical Vulnerabilities Threat Alert
66. Popular AMP Plugin for WordPress Patches Critical Flaw – Update Now
67. Is Your Vulnerability Management Program Efficient and Successful?
68. Find vulnerabilities using nikto
69. Facebook fixed a new security bug
70. 63 new vulnerabilities found in Windows