DATA BREACH & DATA LOSS
- Campaign 2018: These hacking groups could target the 2018 midterm elections
- 4.5 Billion Records Stolen in Data Breaches in the First Six Months of 2018
- Threat Actors Prey on Drupalgeddon Vulnerability to Mass-Compromise Websites and Underlying Servers
- Google Restricts Android Apps From Accessing Your Personal Data
- Triangulating Beyond the Hack: Stolen Records Just One Tool in a Comprehensive Kit
- #NetSpectre exploits leak data remotely via side-channel attacks. Learn how to use #ThreatModeling to stop speculative execution from expert Ed
- A Google security audit uncovered a glitch in Google+ that exposed data from nearly 500,000 accounts. Ping CTO West @baber
- Razer Phone 2 leaks hours before announcement: wireless charging and IP67 water resistance
- Goodbye Google Plus – Google Plans Google+ Shut Down After Data Breach
- The #TLBleed vulnerability uses @Intel's HTT chip feature to leak data. Learn about how hackers could use #malware to launch
- New state-backed espionage campaign targets military and government using freely available hacking tools
- Flaw in Ghostscript sandbox allowed system compromise
- Leaks suggest Samsung is working on a mid-range smartphone with four cameras
- Rebound Orthopedics & Neurosurgery hacked; 2,800 records exposed
- Business email compromise made easy for #cybercriminals as 12.5 million company email boxes and 33,000 finance department credentials are openly
- Hackers can compromise your WhatsApp account by tricking you into answering a video call
- Google+ API glitch exposed user profile data to developers
- 291 records breached per second in first half of 2018
- Hackers can use legitimate #AdminTools to compromise networks. Learn more about "living off the land" attacks from expert Michael Cobb
- Don't make us pay compensation for employee data breach, Morrisons begs UK court
- A $12 million case of business email compromise.
- Microsoft WindowsCodecs.dll SniffAndConvertToWideString Information Leak Vulnerability
- A #Google security audit uncovered a glitch in #GooglePlus that exposed data from nearly 500,000 accounts, causing the company to
- California state primaries put spotlight on election campaign vulnerabilities #cybersecurity @5ean5ullivan
- '5,000 UK firms' financial details exposed in data breaches' http://www.cityam.com/264491/uk-business-emails-could-represent-major-cyber-security … @CityAM Read the full research report here:
- New Phishing Campaign Drops Ursnif into Conversation Threads
- October Patch Tuesday: Microsoft Repairs JET Database Engine Bug, Win32K EoP Zero-Day
- October Patch Tuesday: Microsoft Repairs JET Database Engine Bug, Win32K EoP Zero-Day
- Leak reveals Google's Chinese search engine is months away from launch
- PHASE 2 - INITIAL INTRUSION
Number One decides it is time to launch a targeted spearphishing campaign.
Through the newsletter, he learns
- My Health Record justifications 'kind of lame': Godwin
- Just Answering A Video Call Could Compromise Your WhatsApp Account
- .@Google Firebase #DatabaseSecurity proved insufficient when bypassed by hackers to leak data. Learn more about this #SecurityFlaw from expert Michael
DENIAL-OF-SERVICE
- Ubisoft Hit With DDoS Attack During The Launch of Assassin’s Creed: Odyssey
- DDoS Attacks Target Multiple Games including Final Fantasy XIV
- Researchers have recently observed an alarming trend:
#DDoS attacks are multiplying in size, often far exceeding what many service providers
- Acorus Network protects enterprises and service providers from DDoS attacks
MALVERTISING
Nil
PHISHING
- “You have 48 hours after reading this letter”– How to Identify the Latest Phishing Scam
- Cyber Fraud Ring Used Phishing to Steal $4 Million, Alleged Leader Faces Charges
- Innovative Phishing Tactic Makes Inroads Using Azure Blob
- Follow @PhishingAi to stay up to date on #phishing attacks and trends!
- Emerging threat: password stuffing explained
- New Threat Insight research: German-language threats span #phishing, BEC, #malware, and more...
- The spearphishing email contained a zip folder with a custom-built remote access trojan (RAT).
Once executed, it would connect back to
- WTB: Phishing Attack Uses Azure Blob Storage To Impersonate Microsoft
- New Phishing Campaign Drops Ursnif into Conversation Threads
- PHASE 2 - INITIAL INTRUSION
Number One decides it is time to launch a targeted spearphishing campaign.
Through the newsletter, he learns
- Zero trust security: 5 reasons it’s not just about passwords
WEB DEFACEMENT
Nil
BOTNET
- The Many Faces of Necurs: How the Botnet Spewed Millions of Spam Emails for Cyber Extortion
RANSOMWARE
- Rapidly Evolving Ransomware GandCrab Version 5 Partners With Crypter Service for Obfuscation
- Decrypting GandCrab Ransomware
- Cryptomining replaces ransomware as 2018's top cybersecurity threat
- Port of San Diego Hit by a Ransomware Attack Affecting its Computer Systems
CRYPTOMINING & CRYPTOCURRENCIES
- #ISC2Congress: The Promise of Blockchain
- Cryptomining replaces ransomware as 2018's top cybersecurity threat
- Why Apple must be looking into using blockchain
- Hacker steals over $30k USD in cryptocurrency of SpankChain
MALWARE
- CCSP Domain 4: Cloud Application Security
- CCSP Domain 3: Cloud Platform and Infrastructure Security
- CCSP Domain 2: Cloud Data Security
- CCSP Domain 1: Architectural Concepts & Design Requirements
- The CAP Exam: Application Process, Rules and Eligibility, Exam Length and More
- Top 5 ThreatConnect Resources for Malware Analysis
- KeyBoy Abuses Popular Office Exploits for Malware Delivery
- Malware 101: How Malware Avoids Static Detection Techniques
- The #TLBleed vulnerability uses @Intel's HTT chip feature to leak data. Learn about how hackers could use #malware to launch
- CSEU 2018: Nato grappling with implications of cyberspace as domain of warfare
- Symantec reveals state-sponsored group that doesn’t care for malware
- New Threat Insight research: German-language threats span #phishing, BEC, #malware, and more...
- Stegware: How is #malware using #steganography techniques to avoid detection?
- The spearphishing email contained a zip folder with a custom-built remote access trojan (RAT).
Once executed, it would connect back to
- A remote access #Trojan -- dubbed #GravityRAT -- was discovered by Cisco Talos (@TalosSecurity) to be checking for #antimalware sandboxes.
- Gallmaker: New Attack Group Eschews Malware to Live off the Land
- Old-School Malware Tricks Still Work
- "Creation of complex malware and organisation of multi-layered targeted attacks has shifted from financially motivated cyber-criminals to state-sponsored threat actors"
- At the 2018 @RSAConference, researchers discussed the rise of stegware -- #malware that uses #steganography techniques to avoid detection. Learn
EXPLOIT
- Zero-day exploit (CVE-2018-8453) used in targeted attacks
VULNERABILITY
- FruityArmor APT Exploits Yet Another Windows Graphics Kernel Flaw
- Threat Actors Prey on Drupalgeddon Vulnerability to Mass-Compromise Websites and Underlying Servers
- WhatsApp Fixes Vulnerability That’s Triggered by Answering a Call.
- WhatsApp fixes video call bug that could have let hackers in, says report
- Microsoft Added Severity Levels to Feedback Hub Bug Reports for Windows 10
- Vulnerabilities found in Intel Unified Shader compiler
- The #TLBleed vulnerability uses @Intel's HTT chip feature to leak data. Learn about how hackers could use #malware to launch
- Flaw in Ghostscript sandbox allowed system compromise
- Four Critical Flaws Patched in Adobe Digital Edition
- CVE-2018-8453 Zero-Day flaw exploited by FruityArmor APT in attacks aimed at Middle East
- SAP Patches Critical Vulnerability in BusinessObjects
- A @Google #SecurityAudit uncovered privacy flaws and potential exposure of #PersonalData, leading to API changes, the shutdown of #GooglePlus and
- #Shodan can be a helpful tool for security professionals to locate #ICSsecurity vulnerabilities. Expert Ernie Hayden explains how Shodan works
- Security Vulnerabilities in US Weapons Systems
- Microsoft Patch Tuesday update covers zero-day, 12 critical issues
- Many Siemens Products Affected by Foreshadow Vulnerabilities
- Microsoft has fixed the Windows 10 October Update data deletion bug
- It's October 2018, and Exchange can be pwned by an 8 year-old... bug
- Adobe security update fixes a handful of critical bugs, ignores Flash Player
- .@FBI, @DHSgov call on users to mitigate #RemoteDesktop Protocol vulnerabilities and handle RDP exploits on their own, even as the
- October 2018 Patch Tuesday: Microsoft fixes 49 flaws, one APT-wielded zero-day
- Microsoft WindowsCodecs.dll SniffAndConvertToWideString Information Leak Vulnerability
- Adobe October Security Update fixes 20 security flaws
- Apple Released Security Updates for iOS 12.0.1 & iCloud with the Fixes for 21 Vulnerabilities
- Google+ to shut down due to lack of adoption and privacy bug
- Microsoft Fixes Zero Day and Data Deletion Bugs
- California state primaries put spotlight on election campaign vulnerabilities #cybersecurity @5ean5ullivan
- Zero-day exploit (CVE-2018-8453) used in targeted attacks
- Windows Zero-Day Exploited in Attacks Aimed at Middle East
- Bug bounties not a silver bullet, Katie Moussouris warns
- Microsoft Released Security Updates & Fixed 49 Vulnerabilities that Affected Microsoft Products
- October Patch Tuesday: Microsoft Repairs JET Database Engine Bug, Win32K EoP Zero-Day
- October Patch Tuesday: Microsoft Repairs JET Database Engine Bug, Win32K EoP Zero-Day
- WhatsApp fixes bug that let hackers take over app when answering a video call
ASIA
- KeyBoy Abuses Popular Office Exploits for Malware Delivery
- The Many Faces of Necurs: How the Botnet Spewed Millions of Spam Emails for Cyber Extortion
- Thieves and Geeks: Russian and Chinese Hacking Communities
- WTB: Phishing Attack Uses Azure Blob Storage To Impersonate Microsoft
- MuddyWater expands operations
- Group-IB: $49.4 million of damage caused to Russia’s financial sector from cyber attacks
- Leak reveals Google's Chinese search engine is months away from launch
OCEANIA
- My Health Record justifications 'kind of lame': Godwin
NORTH AMERICA
- Rapidly Evolving Ransomware GandCrab Version 5 Partners With Crypter Service for Obfuscation
- Campaign 2018: These hacking groups could target the 2018 midterm elections
- Top 5 ThreatConnect Resources for Malware Analysis
- The Many Faces of Necurs: How the Botnet Spewed Millions of Spam Emails for Cyber Extortion
- Thieves and Geeks: Russian and Chinese Hacking Communities
- CVE-2018-8453 Zero-Day flaw exploited by FruityArmor APT in attacks aimed at Middle East
- Rebound Orthopedics & Neurosurgery hacked; 2,800 records exposed
- Security Vulnerabilities in US Weapons Systems
- Don't make us pay compensation for employee data breach, Morrisons begs UK court
- WTB: Phishing Attack Uses Azure Blob Storage To Impersonate Microsoft
- MuddyWater expands operations
- Group-IB: $49.4 million of damage caused to Russia’s financial sector from cyber attacks
- Zero-day exploit (CVE-2018-8453) used in targeted attacks
- Acorus Network protects enterprises and service providers from DDoS attacks
SOUTH AMERICA
- Group-IB: $49.4 million of damage caused to Russia’s financial sector from cyber attacks
EUROPE
- Cyber Fraud Ring Used Phishing to Steal $4 Million, Alleged Leader Faces Charges
- A Google security audit uncovered a glitch in Google+ that exposed data from nearly 500,000 accounts. Ping CTO West @baber
- The Many Faces of Necurs: How the Botnet Spewed Millions of Spam Emails for Cyber Extortion
- Thieves and Geeks: Russian and Chinese Hacking Communities
- CVE-2018-8453 Zero-Day flaw exploited by FruityArmor APT in attacks aimed at Middle East
- New Threat Insight research: German-language threats span #phishing, BEC, #malware, and more...
- A @Google #SecurityAudit uncovered privacy flaws and potential exposure of #PersonalData, leading to API changes, the shutdown of #GooglePlus and
- Don't make us pay compensation for employee data breach, Morrisons begs UK court
- WTB: Phishing Attack Uses Azure Blob Storage To Impersonate Microsoft
- MuddyWater expands operations
- Ubisoft Hit With DDoS Attack During The Launch of Assassin’s Creed: Odyssey
- Magecart Hits Popular Customer Review Plugin
- A #Google security audit uncovered a glitch in #GooglePlus that exposed data from nearly 500,000 accounts, causing the company to
- Group-IB: $49.4 million of damage caused to Russia’s financial sector from cyber attacks
- '5,000 UK firms' financial details exposed in data breaches' http://www.cityam.com/264491/uk-business-emails-could-represent-major-cyber-security … @CityAM Read the full research report here:
- Shopper Approved, the new victim of the Magecart hacking group
AFRICA
- MuddyWater expands operations
HEALTHCARE
- #ISC2Congress: The Promise of Blockchain
- Rebound Orthopedics & Neurosurgery hacked; 2,800 records exposed
- Acorus Network protects enterprises and service providers from DDoS attacks
TRANSPORT
- Thieves and Geeks: Russian and Chinese Hacking Communities
- Hackers can compromise your WhatsApp account by tricking you into answering a video call
- Port of San Diego Hit by a Ransomware Attack Affecting its Computer Systems
BANKING & FINANCE
- Rapidly Evolving Ransomware GandCrab Version 5 Partners With Crypter Service for Obfuscation
- #ISC2Congress: The Promise of Blockchain
- Threat Actors Prey on Drupalgeddon Vulnerability to Mass-Compromise Websites and Underlying Servers
- The Many Faces of Necurs: How the Botnet Spewed Millions of Spam Emails for Cyber Extortion
- Thieves and Geeks: Russian and Chinese Hacking Communities
- Symantec reveals state-sponsored group that doesn’t care for malware
- Rebound Orthopedics & Neurosurgery hacked; 2,800 records exposed
- Business email compromise made easy for #cybercriminals as 12.5 million company email boxes and 33,000 finance department credentials are openly
- Payment-card-skimming Magecart strikes again: Zero out of five for infecting e-retail sites
- WTB: Phishing Attack Uses Azure Blob Storage To Impersonate Microsoft
- Group-IB: $49.4 million of damage caused to Russia’s financial sector from cyber attacks
- '5,000 UK firms' financial details exposed in data breaches' http://www.cityam.com/264491/uk-business-emails-could-represent-major-cyber-security … @CityAM Read the full research report here:
- New Phishing Campaign Drops Ursnif into Conversation Threads
- Old-School Malware Tricks Still Work
- Hacker steals over $30k USD in cryptocurrency of SpankChain
- Shopper Approved, the new victim of the Magecart hacking group
- Acorus Network protects enterprises and service providers from DDoS attacks
INFORMATION & TELECOMMUNICATION
- Rapidly Evolving Ransomware GandCrab Version 5 Partners With Crypter Service for Obfuscation
- Top 5 ThreatConnect Resources for Malware Analysis
- Threat Actors Prey on Drupalgeddon Vulnerability to Mass-Compromise Websites and Underlying Servers
- WhatsApp Fixes Vulnerability That’s Triggered by Answering a Call.
- WhatsApp fixes video call bug that could have let hackers in, says report
- Follow @PhishingAi to stay up to date on #phishing attacks and trends!
- Thieves and Geeks: Russian and Chinese Hacking Communities
- New Threat Insight research: German-language threats span #phishing, BEC, #malware, and more...
- Business email compromise made easy for #cybercriminals as 12.5 million company email boxes and 33,000 finance department credentials are openly
- Hackers can compromise your WhatsApp account by tricking you into answering a video call
- WTB: Phishing Attack Uses Azure Blob Storage To Impersonate Microsoft
- A $12 million case of business email compromise.
- MuddyWater expands operations
- '5,000 UK firms' financial details exposed in data breaches' http://www.cityam.com/264491/uk-business-emails-could-represent-major-cyber-security … @CityAM Read the full research report here:
- Researchers have recently observed an alarming trend:
#DDoS attacks are multiplying in size, often far exceeding what many service providers
- Old-School Malware Tricks Still Work
- Just Answering A Video Call Could Compromise Your WhatsApp Account
- WhatsApp fixes bug that let hackers take over app when answering a video call
FOOD
Nil
WATER
Nil
ENERGY
- WTB: Phishing Attack Uses Azure Blob Storage To Impersonate Microsoft
- Zero trust security: 5 reasons it’s not just about passwords
GOVERNMENT & PUBLIC SERVICE
- Campaign 2018: These hacking groups could target the 2018 midterm elections
- MuddyWater expands operations
- California state primaries put spotlight on election campaign vulnerabilities #cybersecurity @5ean5ullivan
ASIA
- KeyBoy Abuses Popular Office Exploits for Malware Delivery
- The Many Faces of Necurs: How the Botnet Spewed Millions of Spam Emails for Cyber Extortion
- Thieves and Geeks: Russian and Chinese Hacking Communities
- WTB: Phishing Attack Uses Azure Blob Storage To Impersonate Microsoft
- MuddyWater expands operations
- Group-IB: $49.4 million of damage caused to Russia’s financial sector from cyber attacks
- Leak reveals Google's Chinese search engine is months away from launch
WORLD
- Rapidly Evolving Ransomware GandCrab Version 5 Partners With Crypter Service for Obfuscation
- Campaign 2018: These hacking groups could target the 2018 midterm elections
- Top 5 ThreatConnect Resources for Malware Analysis
- Cyber Fraud Ring Used Phishing to Steal $4 Million, Alleged Leader Faces Charges
- A Google security audit uncovered a glitch in Google+ that exposed data from nearly 500,000 accounts. Ping CTO West @baber
- The Many Faces of Necurs: How the Botnet Spewed Millions of Spam Emails for Cyber Extortion
- Thieves and Geeks: Russian and Chinese Hacking Communities
- CVE-2018-8453 Zero-Day flaw exploited by FruityArmor APT in attacks aimed at Middle East
- New Threat Insight research: German-language threats span #phishing, BEC, #malware, and more...
- Rebound Orthopedics & Neurosurgery hacked; 2,800 records exposed
- A @Google #SecurityAudit uncovered privacy flaws and potential exposure of #PersonalData, leading to API changes, the shutdown of #GooglePlus and
- Security Vulnerabilities in US Weapons Systems
- Don't make us pay compensation for employee data breach, Morrisons begs UK court
- WTB: Phishing Attack Uses Azure Blob Storage To Impersonate Microsoft
- MuddyWater expands operations
- Ubisoft Hit With DDoS Attack During The Launch of Assassin’s Creed: Odyssey
- Magecart Hits Popular Customer Review Plugin
- A #Google security audit uncovered a glitch in #GooglePlus that exposed data from nearly 500,000 accounts, causing the company to
- Group-IB: $49.4 million of damage caused to Russia’s financial sector from cyber attacks
- '5,000 UK firms' financial details exposed in data breaches' http://www.cityam.com/264491/uk-business-emails-could-represent-major-cyber-security … @CityAM Read the full research report here:
- Zero-day exploit (CVE-2018-8453) used in targeted attacks
- My Health Record justifications 'kind of lame': Godwin
- Shopper Approved, the new victim of the Magecart hacking group
- Acorus Network protects enterprises and service providers from DDoS attacks
ATTACKS
- Campaign 2018: These hacking groups could target the 2018 midterm elections
- 4.5 Billion Records Stolen in Data Breaches in the First Six Months of 2018
- “You have 48 hours after reading this letter”– How to Identify the Latest Phishing Scam
- Threat Actors Prey on Drupalgeddon Vulnerability to Mass-Compromise Websites and Underlying Servers
- Google Restricts Android Apps From Accessing Your Personal Data
- Triangulating Beyond the Hack: Stolen Records Just One Tool in a Comprehensive Kit
- Cyber Fraud Ring Used Phishing to Steal $4 Million, Alleged Leader Faces Charges
- #NetSpectre exploits leak data remotely via side-channel attacks. Learn how to use #ThreatModeling to stop speculative execution from expert Ed
- A Google security audit uncovered a glitch in Google+ that exposed data from nearly 500,000 accounts. Ping CTO West @baber
- Innovative Phishing Tactic Makes Inroads Using Azure Blob
- Razer Phone 2 leaks hours before announcement: wireless charging and IP67 water resistance
- Goodbye Google Plus – Google Plans Google+ Shut Down After Data Breach
- The #TLBleed vulnerability uses @Intel's HTT chip feature to leak data. Learn about how hackers could use #malware to launch
- New state-backed espionage campaign targets military and government using freely available hacking tools
- Follow @PhishingAi to stay up to date on #phishing attacks and trends!
- Flaw in Ghostscript sandbox allowed system compromise
- Emerging threat: password stuffing explained
- New Threat Insight research: German-language threats span #phishing, BEC, #malware, and more...
- Leaks suggest Samsung is working on a mid-range smartphone with four cameras
- Rebound Orthopedics & Neurosurgery hacked; 2,800 records exposed
- Business email compromise made easy for #cybercriminals as 12.5 million company email boxes and 33,000 finance department credentials are openly
- The spearphishing email contained a zip folder with a custom-built remote access trojan (RAT).
Once executed, it would connect back to
- Hackers can compromise your WhatsApp account by tricking you into answering a video call
- Google+ API glitch exposed user profile data to developers
- 291 records breached per second in first half of 2018
- Hackers can use legitimate #AdminTools to compromise networks. Learn more about "living off the land" attacks from expert Michael Cobb
- Don't make us pay compensation for employee data breach, Morrisons begs UK court
- WTB: Phishing Attack Uses Azure Blob Storage To Impersonate Microsoft
- A $12 million case of business email compromise.
- Microsoft WindowsCodecs.dll SniffAndConvertToWideString Information Leak Vulnerability
- A #Google security audit uncovered a glitch in #GooglePlus that exposed data from nearly 500,000 accounts, causing the company to
- California state primaries put spotlight on election campaign vulnerabilities #cybersecurity @5ean5ullivan
- '5,000 UK firms' financial details exposed in data breaches' http://www.cityam.com/264491/uk-business-emails-could-represent-major-cyber-security … @CityAM Read the full research report here:
- New Phishing Campaign Drops Ursnif into Conversation Threads
- October Patch Tuesday: Microsoft Repairs JET Database Engine Bug, Win32K EoP Zero-Day
- October Patch Tuesday: Microsoft Repairs JET Database Engine Bug, Win32K EoP Zero-Day
- Leak reveals Google's Chinese search engine is months away from launch
- PHASE 2 - INITIAL INTRUSION
Number One decides it is time to launch a targeted spearphishing campaign.
Through the newsletter, he learns
- My Health Record justifications 'kind of lame': Godwin
- Just Answering A Video Call Could Compromise Your WhatsApp Account
- Acorus Network protects enterprises and service providers from DDoS attacks
- Zero trust security: 5 reasons it’s not just about passwords
- .@Google Firebase #DatabaseSecurity proved insufficient when bypassed by hackers to leak data. Learn more about this #SecurityFlaw from expert Michael
THREATS
- Rapidly Evolving Ransomware GandCrab Version 5 Partners With Crypter Service for Obfuscation
- Decrypting GandCrab Ransomware
- CCSP Domain 4: Cloud Application Security
- CCSP Domain 3: Cloud Platform and Infrastructure Security
- FruityArmor APT Exploits Yet Another Windows Graphics Kernel Flaw
- CCSP Domain 2: Cloud Data Security
- CCSP Domain 1: Architectural Concepts & Design Requirements
- The CAP Exam: Application Process, Rules and Eligibility, Exam Length and More
- #ISC2Congress: The Promise of Blockchain
- Top 5 ThreatConnect Resources for Malware Analysis
- Threat Actors Prey on Drupalgeddon Vulnerability to Mass-Compromise Websites and Underlying Servers
- WhatsApp Fixes Vulnerability That’s Triggered by Answering a Call.
- Cryptomining replaces ransomware as 2018's top cybersecurity threat
- WhatsApp fixes video call bug that could have let hackers in, says report
- KeyBoy Abuses Popular Office Exploits for Malware Delivery
- Microsoft Added Severity Levels to Feedback Hub Bug Reports for Windows 10
- Vulnerabilities found in Intel Unified Shader compiler
- Malware 101: How Malware Avoids Static Detection Techniques
- The #TLBleed vulnerability uses @Intel's HTT chip feature to leak data. Learn about how hackers could use #malware to launch
- CSEU 2018: Nato grappling with implications of cyberspace as domain of warfare
- Flaw in Ghostscript sandbox allowed system compromise
- Four Critical Flaws Patched in Adobe Digital Edition
- CVE-2018-8453 Zero-Day flaw exploited by FruityArmor APT in attacks aimed at Middle East
- SAP Patches Critical Vulnerability in BusinessObjects
- Symantec reveals state-sponsored group that doesn’t care for malware
- New Threat Insight research: German-language threats span #phishing, BEC, #malware, and more...
- Stegware: How is #malware using #steganography techniques to avoid detection?
- A @Google #SecurityAudit uncovered privacy flaws and potential exposure of #PersonalData, leading to API changes, the shutdown of #GooglePlus and
- The spearphishing email contained a zip folder with a custom-built remote access trojan (RAT).
Once executed, it would connect back to
- #Shodan can be a helpful tool for security professionals to locate #ICSsecurity vulnerabilities. Expert Ernie Hayden explains how Shodan works
- Security Vulnerabilities in US Weapons Systems
- Microsoft Patch Tuesday update covers zero-day, 12 critical issues
- Many Siemens Products Affected by Foreshadow Vulnerabilities
- A remote access #Trojan -- dubbed #GravityRAT -- was discovered by Cisco Talos (@TalosSecurity) to be checking for #antimalware sandboxes.
- Microsoft has fixed the Windows 10 October Update data deletion bug
- Gallmaker: New Attack Group Eschews Malware to Live off the Land
- It's October 2018, and Exchange can be pwned by an 8 year-old... bug
- Adobe security update fixes a handful of critical bugs, ignores Flash Player
- .@FBI, @DHSgov call on users to mitigate #RemoteDesktop Protocol vulnerabilities and handle RDP exploits on their own, even as the
- October 2018 Patch Tuesday: Microsoft fixes 49 flaws, one APT-wielded zero-day
- Microsoft WindowsCodecs.dll SniffAndConvertToWideString Information Leak Vulnerability
- Adobe October Security Update fixes 20 security flaws
- Apple Released Security Updates for iOS 12.0.1 & iCloud with the Fixes for 21 Vulnerabilities
- Google+ to shut down due to lack of adoption and privacy bug
- Microsoft Fixes Zero Day and Data Deletion Bugs
- Why Apple must be looking into using blockchain
- California state primaries put spotlight on election campaign vulnerabilities #cybersecurity @5ean5ullivan
- Zero-day exploit (CVE-2018-8453) used in targeted attacks
- Windows Zero-Day Exploited in Attacks Aimed at Middle East
- Bug bounties not a silver bullet, Katie Moussouris warns
- Microsoft Released Security Updates & Fixed 49 Vulnerabilities that Affected Microsoft Products
- October Patch Tuesday: Microsoft Repairs JET Database Engine Bug, Win32K EoP Zero-Day
- October Patch Tuesday: Microsoft Repairs JET Database Engine Bug, Win32K EoP Zero-Day
- Port of San Diego Hit by a Ransomware Attack Affecting its Computer Systems
- Old-School Malware Tricks Still Work
- "Creation of complex malware and organisation of multi-layered targeted attacks has shifted from financially motivated cyber-criminals to state-sponsored threat actors"
- Hacker steals over $30k USD in cryptocurrency of SpankChain
- WhatsApp fixes bug that let hackers take over app when answering a video call
- At the 2018 @RSAConference, researchers discussed the rise of stegware -- #malware that uses #steganography techniques to avoid detection. Learn
CRIME
- Rapidly Evolving Ransomware GandCrab Version 5 Partners With Crypter Service for Obfuscation
- #ISC2Congress: The Promise of Blockchain
- 4.5 Billion Records Stolen in Data Breaches in the First Six Months of 2018
- “You have 48 hours after reading this letter”– How to Identify the Latest Phishing Scam
- Threat Actors Prey on Drupalgeddon Vulnerability to Mass-Compromise Websites and Underlying Servers
- Triangulating Beyond the Hack: Stolen Records Just One Tool in a Comprehensive Kit
- The Many Faces of Necurs: How the Botnet Spewed Millions of Spam Emails for Cyber Extortion
- Thieves and Geeks: Russian and Chinese Hacking Communities
- New Threat Insight research: German-language threats span #phishing, BEC, #malware, and more...
- Business email compromise made easy for #cybercriminals as 12.5 million company email boxes and 33,000 finance department credentials are openly
- Payment-card-skimming Magecart strikes again: Zero out of five for infecting e-retail sites
- Don't make us pay compensation for employee data breach, Morrisons begs UK court
- WTB: Phishing Attack Uses Azure Blob Storage To Impersonate Microsoft
- A $12 million case of business email compromise.
- Group-IB: $49.4 million of damage caused to Russia’s financial sector from cyber attacks
- Old-School Malware Tricks Still Work
- "Creation of complex malware and organisation of multi-layered targeted attacks has shifted from financially motivated cyber-criminals to state-sponsored threat actors"
- Hacker steals over $30k USD in cryptocurrency of SpankChain
- Shopper Approved, the new victim of the Magecart hacking group
- Acorus Network protects enterprises and service providers from DDoS attacks
POLITICS
- Campaign 2018: These hacking groups could target the 2018 midterm elections
- MuddyWater Threat Actor Expands Targets List
- New state-backed espionage campaign targets military and government using freely available hacking tools
- CSEU 2018: Nato grappling with implications of cyberspace as domain of warfare
- The Many Faces of Necurs: How the Botnet Spewed Millions of Spam Emails for Cyber Extortion
- Thieves and Geeks: Russian and Chinese Hacking Communities
- CVE-2018-8453 Zero-Day flaw exploited by FruityArmor APT in attacks aimed at Middle East
- Symantec reveals state-sponsored group that doesn’t care for malware
- Hackers can compromise your WhatsApp account by tricking you into answering a video call
- Gallmaker: New Attack Group Eschews Malware to Live off the Land
- WTB: Phishing Attack Uses Azure Blob Storage To Impersonate Microsoft
- MuddyWater expands operations
- Group-IB: $49.4 million of damage caused to Russia’s financial sector from cyber attacks
- California state primaries put spotlight on election campaign vulnerabilities #cybersecurity @5ean5ullivan
