Daily brief for 2018-09-14

Asia

1. China-linked APT10 Hackers Update Attack Techniques
2. Well-known Middle Eastern hacking group keeps updating its arsenal
3. Iran-Linked OilRig APT group targets high-ranking office in a Middle Eastern nation
4. Illegal Patch Allows Easier Access to India's Aadhaar Biometric Database
5. Chinese Cyber Espionage Group APT10 Delivers UPPERCUT Backdoor Via Malicious Word Documents
6. N. Korea Calls Sony, Wannacry Hack Charges Smear Campaign
7. North Korean hacker officially charged for the WannaCry attacks

World

1. Evaluating the Threatscape One Year After NotPetya Ransomware Attack
2. Security news: More phishing, Canada pays ransom, SMBs are a target | Avast
3. Well-known Middle Eastern hacking group keeps updating its arsenal
4. Iran-Linked OilRig APT group targets high-ranking office in a Middle Eastern nation
5. Military, Government Users Just as Bad About Password Hygiene as Civilians
6. Chinese Cyber Espionage Group APT10 Delivers UPPERCUT Backdoor Via Malicious Word Documents
7. N. Korea Calls Sony, Wannacry Hack Charges Smear Campaign
8. Major US mobile carriers want to be your password
9. Russian man accused of running Kelihos botnet pleads guilty
10. North Korean hacker officially charged for the WannaCry attacks
11. Law firm begins legal action for data theft in British Airways
12. Malware-as-a-Service – New Black Rose Lucy Malware Targets Android Devices With a Special Logic for Xiaomi Phones

Attacks

1. Jaxx Cryptocurrency wallet phishing campaign shut down
2. Cryptojacking campaign targets add-ons for popular streaming app Kodi
3. How to Protect Against Phishing Attacks that Follow Natural Disasters
4. Survey: Nearly one-third of breached companies reported job losses after data breach
5. Survey: Nearly one-third of breached companies reported job losses after data breach
6. MEGA Chrome extension compromised to steal credentials and cryptocurrency
7. Security news: More phishing, Canada pays ransom, SMBs are a target | Avast
8. Russians and Latvians in DOJ crosshairs for cybercrimes, including running the Kelihos botnet
9. Data breaches affect stock performance in the long run, study finds
10. Cobalt Gang phishing campaign targets Eastern Europeans with CobInt backdoor-downloader
11. Military, Government Users Just as Bad About Password Hygiene as Civilians
12. One-Third of Data Breaches Led to People Losing Jobs: Kaspersky
13. DDoS attacks: Students blamed for many university cyber attacks
14. Illegal Patch Allows Easier Access to India's Aadhaar Biometric Database
15. N. Korea Calls Sony, Wannacry Hack Charges Smear Campaign
16. Major US mobile carriers want to be your password
17. Russian man accused of running Kelihos botnet pleads guilty
18. Veeam Publicly Exposed 445 Million Customers Records Of its Marketing Database
19. Cold Boot Attacks – Hackers Can Unlock All the Modern Computers and Steal Encryption Keys & Passwords
20. Law firm begins legal action for data theft in British Airways

Threats

1. Zerodium announced Tor vulnerability on Twitter -announced-tor-vulnerability-on-twitter/ …
2. FragmentSmack vulnerability also affects Windows, but Microsoft patched it
3. Google’s desktop update for Chrome squashes two bugs
4. The Week in Ransomware - September 14th 2018 - Kraken, Dharma, & Matrix
5. Evaluating the Threatscape One Year After NotPetya Ransomware Attack
6. Colorado firm claims ransomware attack behind closure
7. Uptick in malware designed to size up targets before launching full payload
8. Fallout Exploit Kit Pushing the SAVEfiles Ransomware
9. Microsoft Office 365 Customers Get Protection Against Malicious Macros
10. Canadian town bows to ransomware attack, will pay attackers
11. From PoC to Pwned: New Exploits Appear in Attacks Just Days After Disclosure
12. Kraken Cryptor Ransomware Masquerading as SuperAntiSpyware Security Program
13. Cobalt Gang phishing campaign targets Eastern Europeans with CobInt backdoor-downloader
14. Honolulu-based Fetal Diagnostic Institute of the Pacific hit with ransomware
15. Chinese Cyber Espionage Group APT10 Delivers UPPERCUT Backdoor Via Malicious Word Documents
16. Apple’s Safari and Microsoft’s Edge browsers contain spoofing bug
17. Malware-as-a-Service – New Black Rose Lucy Malware Targets Android Devices With a Special Logic for Xiaomi Phones

Crime

1. Cryptojacking campaign targets add-ons for popular streaming app Kodi
2. How to Protect Against Phishing Attacks that Follow Natural Disasters
3. Russian man accused of running Kelihos botnet pleads guilty
4. Law firm begins legal action for data theft in British Airways

Politics

1. Chinese Cyber Espionage Group APT10 Delivers UPPERCUT Backdoor Via Malicious Word Documents