Sep 21, 2018

Threat report for 2018-09-20

DATA BREACH

  1. 14 million customer records exposed in GovPayNow leak
  2. State Department email breach leaks employee PII
  3. Magecart data breach possibly avoidable -magecart-data-breach-possibly-avoidable/ …
  4. Adams County clerk resigns over role in data breach
  5. ICO to Fine Equifax £500,000 for 2017 Data Breach   via
  6. Pegasus spyware spotted in 45 countries, many with questionable human rights records
  7. State Department: Some Employee Info Possibly Exposed in Security Incident   via
  8. This breach is a great example of how CT logs can be useful as an early indicator of an ongoing attack campaign. Orgs should be monitoring CT for certificates issued to look-alike domains to improve their situational awareness. -magazine.com/news/magecart-skimmed-newegg-cards/ …
  9. Data commissioner fines Equifax £500,000 for US data breach affecting UK customers
  10. Newegg Electronic Retailers Suffered a Data Breach and Hackers Stole Customers Credit Card Data
  11. LG V40 ThinQ Alleged Specifications Sheet Leaked; Reveals 8GB RAM Model With a 6.4-Inch Display, but No Triple-Rear-Camera
  12. ICO to Fine Equifax £500,000 for 2017 Data Breach   via
  13. UK organisations’ email accounts used in mass phishing campaigns
  14. Threat Spotlight: Barracuda study finds account takeover incidents widespread, most commonly used for phishing campaigns
  15. 7GB of Medical Data Publicly Exposed Thanks to Misconfigured AWS S3 Bucket
  16. The public's trust, politics and race, and dignity for the LGBT community: MP Murali Pillai goes On the Record
  17. US State Department confirms data breach to unclassified email system
  18. Researcher discovers buffer overflow vulnerability in Microsoft's JET Database Engine
  19. HMRC Tax Refund Scam via Phishing Campaign
  20. China Arrests Suspect for Customer Data Leak at Accor Partner
  21. State Department Email Breach Exposed Personal Data Of Employees
  22. Equifax fined £500,000 over customer data breach
  23. Privacy advocates have failed to engage on My Health Record
  24. UK Regulator Fines Equifax £500,000 Over 2017 Data Breach
  25. GovPayNow Leak of 14M+ Records The All Time Low in Processing
  26. State Department: Some Employee Info Possibly Exposed in Security Incident   via

DENIAL-OF-SERVICE

  1. Snap! Adobe patches, sneaky Android botnets, Alexa invasion, robot skins
  2. The makers of the Mirai IoT-hijacking botnet are sentenced   via
  3. 3 Drivers Behind the Increasing Frequency of DDoS Attacks
  4. New XBash malware combines features from ransomware, cryptocurrency miners, botnets, and worms
  5. : The 3 people suspected of the have escaped jail after agreeing to provide “substantial assistance” to the in ongoing cases. Read more about this story here:   .twitter.com/Yzb9wM7KzU
  6. 3 Drivers Behind the Increasing Frequency of DDoS Attacks
  7. This Russian botnet mimics your click to prevent Android device factory resets
  8. FBI wants to keep “helpful” Mirai botnet authors around
  9. The makers of the Mirai IoT-hijacking botnet are sentenced   via
  10. Mirai botnet developers collaborate with the FBI
  11. Identifying botnets before an attack: The new DARPA challenge
  12. US Signal partners with Cloudflare to deliver DDoS protection service

MALVERTISING

Nothing to report

DATA LEAK

  1. Hackers Uploaded Fake Apps into Google Play Store to Steal Credit card details and Login Credentials

PHISHING

  1. Account Takeover Attacks Become a Phishing Fave
  2. Account Takeover Attacks Result in Phishing Scams  pic.twitter.com/hR2kSqlpCN
  3. Malicious Login Attempts Spike in Finance, Retail  pic.twitter.com/OQPWqymDRB
  4. Account Takeover Attacks Result in Phishing Scams -magazine.com/news/account-takeover-attacks-result-in?utm_source=twitterfeed&utm_medium=twitter …
  5. Malicious Login Attempts Spike in Finance, Retail -magazine.com/news/malicious-login-attempts-spike-in?utm_source=twitterfeed&utm_medium=twitter …
  6. Account Takeover Attacks Become a Phishing Fave
  7. : malware detections have soared 273% since 2017 according to new stats from . The most popular way to spread is brute-forcing of passwords, used in 93% of detected attacks. Read more here:   .twitter.com/Ct8Z7qckRC
  8. UK organisations’ email accounts used in mass phishing campaigns
  9. Threat Spotlight: Barracuda study finds account takeover incidents widespread, most commonly used for phishing campaigns
  10. Hackers Uploaded Fake Apps into Google Play Store to Steal Credit card details and Login Credentials
  11. HMRC Tax Refund Scam via Phishing Campaign
  12. Phishing finance apps make way back into Google Play
  13. Manipulation tactics that you fall for in phishing attacks

WEB DEFACEMENT

Nothing to report

MALWARE

  1. US authorities Have Pardoned Authors of Mirai Ransomware in Return For Government “Cooperation”
  2. Domain Joined Outlook 2016 Issues - 0x8004011D
  3. Report: Cryptomining malware detections up more than 459 percent since 2017
  4. Bad actors are sizing up systems via lightweight recon before attack, researchers at Proofpoint said:
  5. The rate at which new threats appear now requires a much greater reliance on threat intelligence. Learn more about its opportunities and challenges in our .  pic.twitter.com/bEh9MKP6nS
  6. Malicious Login Attempts Spike in Finance, Retail  pic.twitter.com/OQPWqymDRB
  7. Malicious Login Attempts Spike in Finance, Retail -magazine.com/news/malicious-login-attempts-spike-in?utm_source=twitterfeed&utm_medium=twitter …
  8. New XBash malware combines features from ransomware, cryptocurrency miners, botnets, and worms
  9. Pegasus spyware spotted in 45 countries, many with questionable human rights records
  10. Book Review: Malware Data Science
  11. Increased Use of a Delphi Packer to Evade Malware Classification
  12. Hundreds of Indian Government Websites Hit with Cryptojacking Malware
  13. This breach is a great example of how CT logs can be useful as an early indicator of an ongoing attack campaign. Orgs should be monitoring CT for certificates issued to look-alike domains to improve their situational awareness. -magazine.com/news/magecart-skimmed-newegg-cards/ …
  14. Mitigate Risk From Malicious and Accidental Insiders
  15. : malware detections have soared 273% since 2017 according to new stats from . The most popular way to spread is brute-forcing of passwords, used in 93% of detected attacks. Read more here:   .twitter.com/Ct8Z7qckRC
  16. Sustes Malware: CPU for Monero
  17. Report: Cryptomining malware detections up more than 459 percent since 2017
  18. Threats posed by using RATs in ICS
  19. Report Reveals Widespread Use of Pegasus Spyware
  20. GovPayNow Leak of 14M+ Records The All Time Low in Processing
  21. Evil Clone Attack – Hackers Injecting Crypto-mining Malware into Legitimate PDF Software
  22. Newegg hacked: The new victim of Magecart malware
  23. How to detect and remove a virus from your Android phone | Avast

EXPLOIT

  1. : Hackers say and have been the easiest attack vectors to exploit this year. 56% of said that social engineering is the fastest account seizing technique to use on them. Read more here:   .twitter.com/e5ogD8VYWT
  2. Researcher discovers buffer overflow vulnerability in Microsoft's JET Database Engine

VULNERABILITY

  1. Android bug bounty tops $3m in third year, but pay flattens out
  2. Facebook Bug Bounty opens to reward access token exposure
  3. Bug hunters fail third year in a row to get top prize in Android hacking program
  4. Cisco Issues New Warning for 6-Month-Old Critical Bug in IOS XE
  5. Guarding the Gate: Cybersecurity De-Mystified
  6. Researcher discovers buffer overflow vulnerability in Microsoft's JET Database Engine
  7. Interview with Daniel Stenberg: His thoughts on the Curl Bug Bounty Program
  8. Western Digital goes quiet on unpatched MyCloud flaw
  9. CVE-2018-0150: Cisco IOS XE Software Static Credential Vulnerability
  10. Adobe releases patch out of schedule to squash critical code execution bug
  11. Cisco IOS XE Software Static Credential Vulnerability
  12. Adobe issued a critical out-of-band patch to address CVE-2018-12848 Acrobat flaw
  13. Ubuntu Released Security Updates & Fixed Multiple Critical Vulnerabilities
  14. Vulnerability in My cloud devices exposes sensitive information
  15. Western Digital My Cloud vulnerability, let’s hacker gives full access
  16. Guarding the Gate: Cybersecurity De-Mystified
at
Labels:

Region brief for 2018-09-20

ASIA

  1. Hundreds of Indian Government Websites Hit with Cryptojacking Malware
  2. The public's trust, politics and race, and dignity for the LGBT community: MP Murali Pillai goes On the Record
  3. China Arrests Suspect for Customer Data Leak at Accor Partner

OCEANIA

  1. Privacy advocates have failed to engage on My Health Record

NORTH AMERICA

  1. A worrying future for the next generation?
  2. US authorities Have Pardoned Authors of Mirai Ransomware in Return For Government “Cooperation”
  3. Book Review: Malware Data Science
  4. Wyden: Tech company has told multiple senators of foreign hacking attempts
  5. Data commissioner fines Equifax £500,000 for US data breach affecting UK customers
  6. LG V40 ThinQ Alleged Specifications Sheet Leaked; Reveals 8GB RAM Model With a 6.4-Inch Display, but No Triple-Rear-Camera
  7. 7GB of Medical Data Publicly Exposed Thanks to Misconfigured AWS S3 Bucket
  8. US State Department confirms data breach to unclassified email system
  9. Threats posed by using RATs in ICS
  10. GovPayNow Leak of 14M+ Records The All Time Low in Processing
  11. Card Data-Scraping Magecart Code Found on Newegg
  12. Mirai botnet developers collaborate with the FBI
  13. US Signal partners with Cloudflare to deliver DDoS protection service

SOUTH AMERICA

Nothing to report

EUROPE

  1. New Magecart victims ABS-CBN and Newegg are just the tip of the iceberg
  2. Magecart Strikes Again, Siphoning Payment Info from Newegg
  3. Wyden: Tech company has told multiple senators of foreign hacking attempts
  4. Data commissioner fines Equifax £500,000 for US data breach affecting UK customers
  5. UK organisations’ email accounts used in mass phishing campaigns
  6. Newegg Inc. Suffers Hack, Credit Card Data Stolen
  7. This Russian botnet mimics your click to prevent Android device factory resets
  8. HMRC Tax Refund Scam via Phishing Campaign
  9. NewEgg Network is attacked by hackers
  10. UK Regulator Fines Equifax £500,000 Over 2017 Data Breach
  11. Magecart cybercrime group stole customers’ credit cards from Newegg electronics retailer
  12. Latest Hacking News Podcast
  13. Newegg hacked: The new victim of Magecart malware
  14. Western Digital My Cloud vulnerability, let’s hacker gives full access

AFRICA

Nothing to report
at
Labels:

Sector brief for 2018-09-20

HEALTHCARE

  1. 7GB of Medical Data Publicly Exposed Thanks to Misconfigured AWS S3 Bucket

TRANSPORT

  1. US Signal partners with Cloudflare to deliver DDoS protection service

BANKING & FINANCE

  1. Malicious Login Attempts Spike in Finance, Retail  pic.twitter.com/OQPWqymDRB
  2. Malicious Login Attempts Spike in Finance, Retail -magazine.com/news/malicious-login-attempts-spike-in?utm_source=twitterfeed&utm_medium=twitter …
  3. New Magecart victims ABS-CBN and Newegg are just the tip of the iceberg
  4. Magecart Strikes Again, Siphoning Payment Info from Newegg
  5. Newegg Electronic Retailers Suffered a Data Breach and Hackers Stole Customers Credit Card Data
  6. Newegg Inc. Suffers Hack, Credit Card Data Stolen
  7. Hackers Uploaded Fake Apps into Google Play Store to Steal Credit card details and Login Credentials
  8. HMRC Tax Refund Scam via Phishing Campaign
  9. Phishing finance apps make way back into Google Play
  10. NewEgg Network is attacked by hackers
  11. UK Regulator Fines Equifax £500,000 Over 2017 Data Breach
  12. Magecart cybercrime group stole customers’ credit cards from Newegg electronics retailer
  13. Manipulation tactics that you fall for in phishing attacks
  14. GovPayNow Leak of 14M+ Records The All Time Low in Processing
  15. Card Data-Scraping Magecart Code Found on Newegg

INFORMATION & TELECOMMUNICATION

Nothing to report

FOOD

Nothing to report

WATER

Nothing to report

ENERGY

Nothing to report

PUBLIC SERVICE

  1. Wyden: Tech company has told multiple senators of foreign hacking attempts
at
Labels:

Daily brief for 2018-09-20

ASIA

  1. Hundreds of Indian Government Websites Hit with Cryptojacking Malware
  2. The public's trust, politics and race, and dignity for the LGBT community: MP Murali Pillai goes On the Record
  3. China Arrests Suspect for Customer Data Leak at Accor Partner

WORLD

  1. A worrying future for the next generation?
  2. US authorities Have Pardoned Authors of Mirai Ransomware in Return For Government “Cooperation”
  3. Book Review: Malware Data Science
  4. New Magecart victims ABS-CBN and Newegg are just the tip of the iceberg
  5. Magecart Strikes Again, Siphoning Payment Info from Newegg
  6. Wyden: Tech company has told multiple senators of foreign hacking attempts
  7. Data commissioner fines Equifax £500,000 for US data breach affecting UK customers
  8. LG V40 ThinQ Alleged Specifications Sheet Leaked; Reveals 8GB RAM Model With a 6.4-Inch Display, but No Triple-Rear-Camera
  9. UK organisations’ email accounts used in mass phishing campaigns
  10. Newegg Inc. Suffers Hack, Credit Card Data Stolen
  11. This Russian botnet mimics your click to prevent Android device factory resets
  12. 7GB of Medical Data Publicly Exposed Thanks to Misconfigured AWS S3 Bucket
  13. US State Department confirms data breach to unclassified email system
  14. HMRC Tax Refund Scam via Phishing Campaign
  15. Threats posed by using RATs in ICS
  16. NewEgg Network is attacked by hackers
  17. Privacy advocates have failed to engage on My Health Record
  18. UK Regulator Fines Equifax £500,000 Over 2017 Data Breach
  19. Magecart cybercrime group stole customers’ credit cards from Newegg electronics retailer
  20. GovPayNow Leak of 14M+ Records The All Time Low in Processing
  21. Latest Hacking News Podcast
  22. Card Data-Scraping Magecart Code Found on Newegg
  23. Newegg hacked: The new victim of Magecart malware
  24. Mirai botnet developers collaborate with the FBI
  25. Western Digital My Cloud vulnerability, let’s hacker gives full access
  26. US Signal partners with Cloudflare to deliver DDoS protection service

ATTACKS

  1. 14 million customer records exposed in GovPayNow leak
  2. State Department email breach leaks employee PII
  3. Magecart data breach possibly avoidable -magecart-data-breach-possibly-avoidable/ …
  4. Adams County clerk resigns over role in data breach
  5. Snap! Adobe patches, sneaky Android botnets, Alexa invasion, robot skins
  6. Account Takeover Attacks Become a Phishing Fave
  7. ICO to Fine Equifax £500,000 for 2017 Data Breach   via
  8. Account Takeover Attacks Result in Phishing Scams  pic.twitter.com/hR2kSqlpCN
  9. Malicious Login Attempts Spike in Finance, Retail  pic.twitter.com/OQPWqymDRB
  10. Account Takeover Attacks Result in Phishing Scams -magazine.com/news/account-takeover-attacks-result-in?utm_source=twitterfeed&utm_medium=twitter …
  11. Malicious Login Attempts Spike in Finance, Retail -magazine.com/news/malicious-login-attempts-spike-in?utm_source=twitterfeed&utm_medium=twitter …
  12. The makers of the Mirai IoT-hijacking botnet are sentenced   via
  13. 3 Drivers Behind the Increasing Frequency of DDoS Attacks
  14. New XBash malware combines features from ransomware, cryptocurrency miners, botnets, and worms
  15. Pegasus spyware spotted in 45 countries, many with questionable human rights records
  16. Account Takeover Attacks Become a Phishing Fave
  17. : The 3 people suspected of the have escaped jail after agreeing to provide “substantial assistance” to the in ongoing cases. Read more about this story here:   .twitter.com/Yzb9wM7KzU
  18. State Department: Some Employee Info Possibly Exposed in Security Incident   via
  19. This breach is a great example of how CT logs can be useful as an early indicator of an ongoing attack campaign. Orgs should be monitoring CT for certificates issued to look-alike domains to improve their situational awareness. -magazine.com/news/magecart-skimmed-newegg-cards/ …
  20. 3 Drivers Behind the Increasing Frequency of DDoS Attacks
  21. Data commissioner fines Equifax £500,000 for US data breach affecting UK customers
  22. Newegg Electronic Retailers Suffered a Data Breach and Hackers Stole Customers Credit Card Data
  23. LG V40 ThinQ Alleged Specifications Sheet Leaked; Reveals 8GB RAM Model With a 6.4-Inch Display, but No Triple-Rear-Camera
  24. : malware detections have soared 273% since 2017 according to new stats from . The most popular way to spread is brute-forcing of passwords, used in 93% of detected attacks. Read more here:   .twitter.com/Ct8Z7qckRC
  25. ICO to Fine Equifax £500,000 for 2017 Data Breach   via
  26. UK organisations’ email accounts used in mass phishing campaigns
  27. Threat Spotlight: Barracuda study finds account takeover incidents widespread, most commonly used for phishing campaigns
  28. Hackers Uploaded Fake Apps into Google Play Store to Steal Credit card details and Login Credentials
  29. This Russian botnet mimics your click to prevent Android device factory resets
  30. 7GB of Medical Data Publicly Exposed Thanks to Misconfigured AWS S3 Bucket
  31. The public's trust, politics and race, and dignity for the LGBT community: MP Murali Pillai goes On the Record
  32. FBI wants to keep “helpful” Mirai botnet authors around
  33. US State Department confirms data breach to unclassified email system
  34. Researcher discovers buffer overflow vulnerability in Microsoft's JET Database Engine
  35. HMRC Tax Refund Scam via Phishing Campaign
  36. China Arrests Suspect for Customer Data Leak at Accor Partner
  37. Phishing finance apps make way back into Google Play
  38. State Department Email Breach Exposed Personal Data Of Employees
  39. Equifax fined £500,000 over customer data breach
  40. The makers of the Mirai IoT-hijacking botnet are sentenced   via
  41. Privacy advocates have failed to engage on My Health Record
  42. UK Regulator Fines Equifax £500,000 Over 2017 Data Breach
  43. Manipulation tactics that you fall for in phishing attacks
  44. GovPayNow Leak of 14M+ Records The All Time Low in Processing
  45. Mirai botnet developers collaborate with the FBI
  46. State Department: Some Employee Info Possibly Exposed in Security Incident   via
  47. Identifying botnets before an attack: The new DARPA challenge
  48. US Signal partners with Cloudflare to deliver DDoS protection service

THREATS

  1. Android bug bounty tops $3m in third year, but pay flattens out
  2. Facebook Bug Bounty opens to reward access token exposure
  3. US authorities Have Pardoned Authors of Mirai Ransomware in Return For Government “Cooperation”
  4. Bug hunters fail third year in a row to get top prize in Android hacking program
  5. Domain Joined Outlook 2016 Issues - 0x8004011D
  6. Report: Cryptomining malware detections up more than 459 percent since 2017
  7. Bad actors are sizing up systems via lightweight recon before attack, researchers at Proofpoint said:
  8. The rate at which new threats appear now requires a much greater reliance on threat intelligence. Learn more about its opportunities and challenges in our .  pic.twitter.com/bEh9MKP6nS
  9. Malicious Login Attempts Spike in Finance, Retail  pic.twitter.com/OQPWqymDRB
  10. Malicious Login Attempts Spike in Finance, Retail -magazine.com/news/malicious-login-attempts-spike-in?utm_source=twitterfeed&utm_medium=twitter …
  11. New XBash malware combines features from ransomware, cryptocurrency miners, botnets, and worms
  12. Pegasus spyware spotted in 45 countries, many with questionable human rights records
  13. Book Review: Malware Data Science
  14. Increased Use of a Delphi Packer to Evade Malware Classification
  15. Cisco Issues New Warning for 6-Month-Old Critical Bug in IOS XE
  16. Hundreds of Indian Government Websites Hit with Cryptojacking Malware
  17. This breach is a great example of how CT logs can be useful as an early indicator of an ongoing attack campaign. Orgs should be monitoring CT for certificates issued to look-alike domains to improve their situational awareness. -magazine.com/news/magecart-skimmed-newegg-cards/ …
  18. Mitigate Risk From Malicious and Accidental Insiders
  19. : malware detections have soared 273% since 2017 according to new stats from . The most popular way to spread is brute-forcing of passwords, used in 93% of detected attacks. Read more here:   .twitter.com/Ct8Z7qckRC
  20. Sustes Malware: CPU for Monero
  21. : Hackers say and have been the easiest attack vectors to exploit this year. 56% of said that social engineering is the fastest account seizing technique to use on them. Read more here:   .twitter.com/e5ogD8VYWT
  22. Guarding the Gate: Cybersecurity De-Mystified
  23. Researcher discovers buffer overflow vulnerability in Microsoft's JET Database Engine
  24. Interview with Daniel Stenberg: His thoughts on the Curl Bug Bounty Program
  25. Report: Cryptomining malware detections up more than 459 percent since 2017
  26. Threats posed by using RATs in ICS
  27. Western Digital goes quiet on unpatched MyCloud flaw
  28. CVE-2018-0150: Cisco IOS XE Software Static Credential Vulnerability
  29. Adobe releases patch out of schedule to squash critical code execution bug
  30. Cisco IOS XE Software Static Credential Vulnerability
  31. Report Reveals Widespread Use of Pegasus Spyware
  32. GovPayNow Leak of 14M+ Records The All Time Low in Processing
  33. Adobe issued a critical out-of-band patch to address CVE-2018-12848 Acrobat flaw
  34. Ubuntu Released Security Updates & Fixed Multiple Critical Vulnerabilities
  35. Evil Clone Attack – Hackers Injecting Crypto-mining Malware into Legitimate PDF Software
  36. Newegg hacked: The new victim of Magecart malware
  37. Vulnerability in My cloud devices exposes sensitive information
  38. Western Digital My Cloud vulnerability, let’s hacker gives full access
  39. Guarding the Gate: Cybersecurity De-Mystified
  40. How to detect and remove a virus from your Android phone | Avast

CRIME

  1. Report: Cryptomining malware detections up more than 459 percent since 2017
  2. The makers of the Mirai IoT-hijacking botnet are sentenced   via
  3. : The 3 people suspected of the have escaped jail after agreeing to provide “substantial assistance” to the in ongoing cases. Read more about this story here:   .twitter.com/Yzb9wM7KzU
  4. New Magecart victims ABS-CBN and Newegg are just the tip of the iceberg
  5. Magecart Strikes Again, Siphoning Payment Info from Newegg
  6. Newegg Electronic Retailers Suffered a Data Breach and Hackers Stole Customers Credit Card Data
  7. Newegg Inc. Suffers Hack, Credit Card Data Stolen
  8. Hackers Uploaded Fake Apps into Google Play Store to Steal Credit card details and Login Credentials
  9. 7GB of Medical Data Publicly Exposed Thanks to Misconfigured AWS S3 Bucket
  10. HMRC Tax Refund Scam via Phishing Campaign
  11. Report: Cryptomining malware detections up more than 459 percent since 2017
  12. NewEgg Network is attacked by hackers
  13. The makers of the Mirai IoT-hijacking botnet are sentenced   via
  14. Magecart cybercrime group stole customers’ credit cards from Newegg electronics retailer
  15. Manipulation tactics that you fall for in phishing attacks
  16. GovPayNow Leak of 14M+ Records The All Time Low in Processing
  17. Card Data-Scraping Magecart Code Found on Newegg
  18. Newegg hacked: The new victim of Magecart malware
  19. Mirai botnet developers collaborate with the FBI

POLITICS

  1. Wyden: Tech company has told multiple senators of foreign hacking attempts
  2. 7GB of Medical Data Publicly Exposed Thanks to Misconfigured AWS S3 Bucket
at
Labels:
Subscribe to: Posts (Atom)