Threat report for 2018-11-20
DATA BREACH & DATA LOSS
- ESET: Vietnamese hacking group hijacks Southeast Asian sites in watering hole campaign
- jQuery File Upload Disclosure Due Diligence
- APT29 Re-Emerges After 2 Years with Widespread Espionage Campaign
- APT29 Re-Emerges After 2 Years with Widespread Espionage Campaign
- Voxox leak: Millions of SMS messages exposed
- Second WordPress hacking campaign underway, this one targeting AMP for WP plugin
- Vision Direct Reveals Data Breach
- Instagram glitch exposed some user passwords
- OSIsoft Warns Employees, Contractors of Data Breach
- Two Young Men Jailed for Involvement in TalkTalk Data Breach
- tRat: New Modular RAT Appears in Multiple Email Campaigns
- Emotet Campaigns Persist, Utilize Updated Tactics and Techniques
- Mac users using Exodus cryptocurrency wallet targeted by a small spam campaign
- AWS moves to curb S3 data leaks, but Chris Vickery is doubtful
- TalkTalk hackers jailed for role in £77m data breach
- CarBlues – Bluetooth Vehicle Hack Exploit Affects Millions Of Vehicles Exposing Users PII
- 2018 holiday travel period expected to be the busiest travel season on record
- Vision Direct 'fesses up to hack that exposed customer names, payment cards
- Dutch audit finds Microsoft Office leaks confidential data
- Cozy Bear tracks: Phishing campaign looks like work of Russian APT group
- Instagram Patched A Data Download Tool Bug That Exposed Users Passwords
- Two TalkTalk hackers jailed for 2015 data breach that cost it £77 million
DENIAL-OF-SERVICE
- Tech Docs: Keep Out of the Flood Zone with DoS Protection
MALVERTISING
- ESET: Vietnamese hacking group hijacks Southeast Asian sites in watering hole campaign
- Malvertising in Apple Pay Targets iPhone Users
- OceanLotus: New watering hole attack in Southeast Asia
- OceanLotus: New watering hole attack in Southeast Asia
- Confiant spots major malvertising attack
PHISHING
- Gmail Glitch Enables Anonymous Messages in Phishing Attacks
- Emotet Returns with Thanksgiving Theme and Better Phishing Tricks
- Emotet Returns with Thanksgiving Theme and Better Phishing Tricks
- Russia’s Elite Hackers May Have New Phishing Tricks
- TEMP.Periscope Spearphishing
- Report: Emotet makes phishing lures more convincing by scraping victims' emails
- Zscaler ThreatLabZ Phishing Roundup
- A little phishing knowledge may be a dangerous thing
- Cozy Bear tracks: Phishing campaign looks like work of Russian APT group
WEB DEFACEMENT
Nil
BOTNET
- 200K Outlaw Botnet Uses SSH Brute Forcing to Propagate, Monero Mining for Profit
RANSOMWARE
- Dharma Ransomware Variant Discovered
- For Smbs Ransomware Attacks still the Greatest Online Threat
- Targeted ransomware attacks on the rise in 2018, NCSC warns
- 2019 Security Predictions – Utilities and Industrial Control Systems Targeted with Ransomware
CRYPTOMINING & CRYPTOCURRENCIES
- 200K Outlaw Botnet Uses SSH Brute Forcing to Propagate, Monero Mining for Profit
- Mac users using Exodus cryptocurrency wallet targeted by a small spam campaign
- Microsoft Releases Azure Blockchain Development Kit
- Google Account Hacked for Fake Bitcoin Reward
- Google, Target Hit by Twitter Bitcoin Scam Account Hacks
MALWARE
- Down But Not Out, WannaCry Malware Continues to Infect Unpatched Windows PCs
- Infamous Russian Hacking Group Used New Trojan in Recent Attacks
- 560,000 Duped Into Installing Android Malware in the Form of Fake Driving Games
- DirtyCOW Is Back In Backdoor Attack Targeting Drupal Web Servers
- Inserted Malicious URLs within Office Documents’ Embedded Videos
- Russian hackers are trying out this new malware against US and European targets
- Russian hackers are trying out this new malware against US and European targets
- Sofacy Continues Global Attacks and Wheels Out New ‘Cannon’ Trojan
- tRat: New Modular RAT Appears in Multiple Email Campaigns
- Scumbags cram Make-A-Wish website with coin-mining malware
- DirtyCOW is back in backdoor attack targeting Drupal Web Servers
- The wiper #malware that briefly disrupted the Winter #Olympics earlier this year appears to be back - now with a
- 13 Malicious Apps in Google Play With More than 560,000+ Installs
EXPLOIT
- Hackers Exploit Vulnerability in WP GDPR Compliance Plugin – Update Now
- CarBlues – Bluetooth Vehicle Hack Exploit Affects Millions Of Vehicles Exposing Users PII
VULNERABILITY
- Instagram bug exposes user passwords
- Critical Adobe Flash Bug Impacts Windows, macOS, Linux and Chrome OS
- Hackers target Drupal servers chaining several flaws, including Drupalgeddon2 and DirtyCOW
- Flash Player Type Confusion Critical Vulnerability, Another Reason Not to Use It
- Flash Player Update Patches Disclosed Code Execution Flaw
- Attackers Target Drupal Web Servers with Chained Vulnerabilities
- WordPress GDPR Plug-in Contains Privilege Escalation Flaw
- Hackers Exploit Vulnerability in WP GDPR Compliance Plugin – Update Now
- Almost 50 Percent of 2018 Vulnerabilities Can Be Exploited Remotely
- TP-Link fixes 2 Remote Code Execution flaws in TL-R600VPN SOHO Router and other issues
- Raft of flaws discovered in MiSafes child-monitoring devices
- Instagram Patched A Data Download Tool Bug That Exposed Users Passwords
- Can a D-Link router vulnerability threaten bank customers?
- 3 New Code Execution Flaws Discovered in Atlantis Word Processor
- Vulnerability Spotlight: Multiple remote code execution vulnerabilities in Atlantis Word Processor
- Apache OpenOffice 4.1.6 release: important bug fixes and security fixes
- Almost 50 Percent of 2018 Vulnerabilities Can Be Exploited Remotely
- #BluetoothDevices might be at risk after a new #Bluetooth vulnerability was found targeting #firmware or operating system software drivers. Learn