Threat report for 2018-11-26

DATA BREACH & DATA LOSS

1. Knuddels Flirt App Slapped with Hefty Fine After Data Breach
2. When Do You Need to Report a Data Breach?
3. USPS, Amazon Data Leaks Showcase API Weaknesses
4. How Pirated Versions of ‘Super Smash Bros. Ultimate’ Leaked Weeks Before Release
5. Despite growing concerns about cybersecurity and the number of data breach incidents in the news, many employees still have bad
6. Trivial Spotify Phishing Campaign Targets Users To Steal Login Credentials
7. Phishing Campaign targeting French Industry
8. Russia Plans To tighten Data Protection Owing To Intelligence Leaks
9. German Social Media Provider Fined €20K for Data Breach
10. No need to compromise freedom for security - Europol audience told
11. HR Software Firm PageUp Finds No Evidence of Data Theft
12. Internal negligence to blame for most data breaches involving personal health information
13. Sextortion 2.0: We have continued to monitor the campaigns and have seen a recent change in tactics, with some unusual
14. An ongoing phishing campaign is targeting French industry, @FSLabs finds.
15. Phishing Campaign targeting French Industry
16. My Health Record opt-out officially extended to January 31

DENIAL-OF-SERVICE

Nil

MALVERTISING

Nil

PHISHING

17. Holiday Season: Cybercriminals are Phishing All The Way
18. Half of all Phishing Sites Now Have the Padlock
19. Easy as APT: Spear phishing highlighted as ongoing threat for 2019
20. Trivial Spotify Phishing Campaign Targets Users To Steal Login Credentials
21. Phishing Campaign targeting French Industry
22. 50% use password managers to store login details
23. An ongoing phishing campaign is targeting French industry, @FSLabs finds.
24. Phishing Campaign targeting French Industry
25. Beware!! Cyber Criminals Launching Serious Phishing Attack that Target Spotify Customers

WEB DEFACEMENT

Nil

BOTNET

26. Democrats Introduce Bill for Stopping Automated Grinch Bots from Ruining Xmas

RANSOMWARE

27. Ransomware attack disrupted emergency rooms at Ohio Hospital System
28. Mobile Rotexy Malware Touts Ransomware, Banking Trojan Functions
29. Ransomware Attack Forced Ohio Hospital System to Divert ER Patients
30. A new ransomware -- dubbed #Thanatos #ransomware -- was found encrypting data but not decrypting it despite victims paying the

CRYPTOMINING & CRYPTOCURRENCIES

31. Hacker backdoors popular JavaScript library to steal Bitcoin funds
32. Harberger Taxes on Ethereum
33. OSX.Dummy #malware has been discovered to use chat platforms in order to target #cryptocurrency investors. Learn more with expert @lewisnic
34. Cryptocurrency threat predictions for 2019
35. Crypto Mining Malware Infects Make-A-Wish-Foundation Website
36. Experts found a new powerful modular Linux cryptominer

MALWARE

37. Lenovo to Pay $7.3 Million in Settlement for Installing Adware on 800K Notebooks
38. 13 Newly Discovered Malicious Apps, Deleted By Google From the Play Store
39. What is Data Classification? Guidelines and Process
40. Mobile Rotexy Malware Touts Ransomware, Banking Trojan Functions
41. Subscribe to the relaunched Virus Bulletin eNews newsletter
42. Play Store Malware Infects Half a Billion
43. Microsoft PowerPoint as Malware Dropper
44. OSX.Dummy #malware has been discovered to use chat platforms in order to target #cryptocurrency investors. Learn more with expert @lewisnic
45. Ukrainian Police Nab Suspected RAT-Slinger
46. Crypto Mining Malware Infects Make-A-Wish-Foundation Website

EXPLOIT

Nil

VULNERABILITY

47. Microsoft launches review after a trio of Azure bugs locked users out of Office 365
48. Did UK city council over-react to a vulnerability report in its recycling app or not?
49. Linux Kernel is affected by two DoS vulnerabilities still unpatched
50. DoS Vulnerabilities Impact Linux Kernel
51. Apache Hadoop Spins Cracking Code Injection Vulnerability YARN
52. Siemens patches major firewall flaw, other vulnerabilities
53. #Bluetooth devices might be at risk after a new Bluetooth vulnerability was found targeting #firmware and #OperatingSystem software drivers. Learn
54. U.S. Postal Service API Flaw Exposes Data of 60 Million Customers
55. Positive Technologies researchers recently found two serious vulnerabilities that target NCR's #ATMs. Learn how a "black box attack" was involved
56. Discover how a @DLink #router vulnerability targeted a banking site to steal #UserCredentials with expert Judith Myerson.
57. For recent big data software vulnerabilities, botnets and coin mining are just the beginning
58. Frost & Sullivan Commends Rapid7 for Capturing Nearly a Quarter Share of the Global Vulnerability Management Market