Threat report for 2018-11-21

DATA BREACH & DATA LOSS

1. Email Addresses and Phone Numbers of More than 60 Million Users Exposed by USPS
2. A flaw in US Postal Service website exposed data on 60 Million Users
3. Emotet Banking Trojan Uses Stolen Templates to Boost Phishing Campaign Numbers
4. Amazon Customer Email Addresses Leaked Because of 'Technical Error'
5. Google Taking Over Health Records Raises Patient Privacy Fears
6. Amazon tech error leaks customers’ email addresses
7. USPS Site Exposed Data on 60 Million Users
8. Vision Direct Deals With Customer Data Leak
9. Amazon suffers data breach days before Black Friday
10. Emotet’s Thanksgiving Campaign Delivers New Recipes for Compromise
11. Researchers Reveal Identity of Hacker Behind Massive Data Breaches
12. Record Retention
13. A hacker known as #Tessa88 offered several compromise databases obtained from LinkedIn, MySpace and other companies. Now Recorded Future believes
14. The promised integration with #HaveIBeenPwned is expanding in #FirefoxMonitor with new breach alerts when a user visits a recently compromised
15. Amazon warns customers it leaked their names and email addresses
16. Amazon leaks users' email addresses due to 'technical error'
17. High Tail Hall data breach exposes over 400,000 furry fans
18. Facebook Ads Urge Its Staff To Leak Secrets
19. Amazon Suffers Data Breach Days Before Black Friday
20. New Wine in Old Bottle: New Azorult Variant Found in FindMyName Campaign using Fallout Exploit Kit
21. Despite early speculation, experts concluded the BGP route leak that sent Google traffic through China and Russia was due to
22. Amazon UK is notifying a data breach to its customers days before Black Friday
23. New Campaign by APT Group Sofacy Discovered using new Malware Named Cannon
24. White House admits Ivanka Trump used private email for government business
25. .@Amazon unveils new settings to help users avoid S3 data leaks, but UpGuard's Chris Vickery, who uncovered most #AWS exposures,
26. How have #phishing campaigns threatened your #EnterpriseSecurity system?
27. Weekly Threat Briefing: Russian APT Comes Back to Life with New US Spear-phishing Campaign
28. Amazon Data Leak Exposes Email Addresses Right Before Black Friday
29. Yikes...#Instagram Accidentally Exposed Some Users' #Passwords In Plaintext
30. APAC consumers want IoT devices, but fear data leaks
31. OUR BLACK FRIDAY DEALS ARE LIVE! Get 50% off from FREEDOME VPN and TOTAL subscriptions with coupon code BLACKFRIDAY. Buy now:
32. Russia Linked Group Resurfaces With Large-Scale Phishing Campaign

DENIAL-OF-SERVICE

Nil

MALVERTISING

33. New OceanLotus watering hole attacks target southeast Asia

PHISHING

34. Phishing: It's all too easy on mobile devices
35. Emotet Banking Trojan Uses Stolen Templates to Boost Phishing Campaign Numbers
36. Black Friday Phishing Dos and Don’ts
37. Bah HumBUG: 5 Recent Holiday Phishing Samples You Need to Watch Out For
38. Phishing Emails with .COM Extensions Are Hitting Finance Departments
39. Black Friday & Cyber Monday Deals: Phishing and Site Skimmers
40. #CyberMonday Tip 1: Be careful of phishing scams claiming to be from a package-delivery company with links to tracking information. AVG
41. How have #phishing campaigns threatened your #EnterpriseSecurity system?
42. Weekly Threat Briefing: Russian APT Comes Back to Life with New US Spear-phishing Campaign
43. Yikes...#Instagram Accidentally Exposed Some Users' #Passwords In Plaintext
44. #Gmail Glitch Enables Anonymous Messages in #Phishing Attacks:
45. Phishing Scams Serious Problem for Canada’s Global Affairs
46. Microsoft now lets you log into Outlook, Skype, Xbox Live without a password
47. Russia Linked Group Resurfaces With Large-Scale Phishing Campaign

WEB DEFACEMENT

Nil

BOTNET

48. Outlaw Group Botnet Enhanced
49. A new #botnet -- #Mylobot -- has shown new, complex levels of tools and techniques that are subsequently altering botnet
50. New Hacking Group Outlaw Distributing Botnet to Scan The Network & Perform Cryptocurrency-Mining & Brute-Force Attack

RANSOMWARE

51. City of Valdez, Alaska admits to paying off ransomware infection
52. Malaysia’s largest media company becomes victim of a ransomware attack

CRYPTOMINING & CRYPTOCURRENCIES

53. Malware Moves: Attackers Retool for Cryptocurrency Theft
54. New Hacking Group Outlaw Distributing Botnet to Scan The Network & Perform Cryptocurrency-Mining & Brute-Force Attack
55. Signing and Verifying Ethereum Signatures
56. US Department of Justice is investigating Tether for manipulation of market prices
57. Worried about cryptojacking? Check out how SentinelOne Detects and Protects from GhostMiner CryptoMiner

MALWARE

58. Emotet Banking Trojan Uses Stolen Templates to Boost Phishing Campaign Numbers
59. Lazarus APT Uses Modular Backdoor to Target Financial Institutions
60. What Is Windows PowerShell (And Could It Be Malicious)?
61. Take a Look at L0rdix, The Super Malware Toolkit of 2018
62. Mirai Used as Payload in Hadoop YARN Vulnerability
63. 500K Android users hit with malware, and what to do if you're infected
64. Russian Cozy Bear cyberspies awake from hibernation to sling spyware
65. 13 Malware-Laden Fake Apps on Google Play
66. Italian Naval Industry Attacked By MartyMcFly Malware
67. Sofacy APT unleashes new 'Cannon' trojan
68. New Pterodo Backdoor Malware Detected By Ukraine
69. New Campaign by APT Group Sofacy Discovered using new Malware Named Cannon
70. Malicious programs disguised as racing games on Google Play
71. How is Plead #malware used for #cyberespionage attacks? Learn more with Michael Cobb of @thehairyITdog.
72. Conficker: A 10-year retrospective on a legendary worm
73. Malware Moves: Attackers Retool for Cryptocurrency Theft
74. Infowars Online Store Got Infected with Card Skimming Malware
75. Awake Security uncovers malicious intent across on-premise, IoT and cloud infrastructure
76. Centreon releases Remote Server functionality for cross-domain monitoring of multi-site IT operations
77. Fancy Bear APT Uses New Cannon Trojan to Target Government Entities
78. "Luiz O Pinto" pushed 500,000+ installs of malware via Google Play, in ~1 week.
79. Uncover virtual hosts of domain with Fierce
80. Sofacy APT Takes Aim with Novel ‘Cannon’ Trojan
81. How to find, is link malicious/URL or not
82. Worried about cryptojacking? Check out how SentinelOne Detects and Protects from GhostMiner CryptoMiner

EXPLOIT

83. Attackers Exploit Recently Patched Popular WordPress Plugin
84. New Wine in Old Bottle: New Azorult Variant Found in FindMyName Campaign using Fallout Exploit Kit
85. Exploit Windows Remote PC with EternalBlue & DoublePulsar Exploit through Metasploit
86. Worried about cryptojacking? Check out how SentinelOne Detects and Protects from GhostMiner CryptoMiner

VULNERABILITY

87. Pen-test at Dropbox turns up three Apple 0-day bugs
88. A flaw in US Postal Service website exposed data on 60 Million Users
89. Facebook increases rewards for its bug bounty program and facilitate bug submission
90. Spoofed addresses and anonymous sending: new Gmail bugs make for easy pickings
91. Mirai Used as Payload in Hadoop YARN Vulnerability
92. Facebook entices researchers with $40,000 reward for account takeover vulnerabilities
93. Major Flaws Found in IT Pentagon Processes After First Ever Financial Audit
94. How a Security Test for DropBox Revealed 3 Apple Zero Day Vulnerabilities
95. Adobe issues fix for Flash bug allowing remote code execution
96. A new vulnerability was discovered to affect #Bluetooth #firmware or operating system software drivers. Learn what this vulnerability is and
97. German eID Authentication Flaw Lets You Change Identity
98. Hackers target Drupal servers chaining several flaws, including Drupalgeddon2 and DirtyCOW
99. New vulnerabilities are coming faster than you can fix them
100. Red Hawk – Open Source Information Gathering and Vulnerability Scanning Tool
101. Hackers target critical WordPress plugin flaw to install backdoors and create admin accounts
102. Hackers target critical WordPress plugin flaw to install backdoors and create admin accounts
103. Experts found flaws in Dell EMC and VMware Products. Patch them now!
104. From directory traversal to direct travesty: Crash, hijack, siphon off this TP-Link VPN box via classic exploitable bugs
105. A @DLink #router vulnerability was used to send banking users to a fake site in order to steal #UserCredentials. Learn
106. Adobe plugs critical RCE Flash Player flaw, update ASAP! Exploitation may be imminent
107. Patches Released for Flaws Affecting Dell EMC, VMware Products
108. Adobe Fixes Critical Flash Vulnerability with
109. Facebook Increases Rewards for Account Hacking Vulnerabilities
110. Adobe Flash Player Update Released for Remote Code Execution Vulnerability
111. Facebook Boosts Bug Bounty Payouts for Account Takeover Flaws
112. Hacker got Rewarded for Discovering a Critical Steam Bug
113. CVE-2018-15981: Adobe Flash Player Arbitrary Code Execution Vulnerability
114. Major Flaws Found in IT Pentagon Processes After First Ever Financial Audit