DATA BREACH & DATA LOSS
- Facebook Hack Update – 30 Million Affected; More Details Exposed; No ID Protection
- Malware Campaign Distributes Data Stealer Trojan/RAT, Circumvents Anti-Malware
- Up to 35 Million 2018 Voter Records For Sale on Hacking Forum
- US voter records from 19 states sold on hacking forum
- Tens of Millions of U.S. Voter Records for Sale
- Pentagon Defense Department travel records data breach
- Did Jamal Khashoggi’s Apple Watch record his murder at Saudi consulate? Probably not
- New Gallmaker APT group eschews malware in cyber espionage campaigns
- Microsoft Incompletely Patches JET Database Vulnerability
- Old dog, new tricks – Analysing new RTF-based campaign distributing Agent Tesla, Loki with PyREbox
- Millions of Voter Records Found for Sale on the Dark Web
- Pentagon reveals cyber breach of travel records
- Pentagon Employee Data Breach, An Eye-Opener
- Facebook opens up about data breach details
- Facebook data breach: Victims will not be offered free identity theft protection
- A flaw in @Google Firebase #DatabaseSecurity allowed hackers to bypass security and leak data. Learn more about this #SecurityFlaw and
- Iceland hit by Biggest Cyber Attack on Record
- Scottish Ambulance Service Exposed Employees’ Data Online
- Pentagon Staff Hit by Major Data Breach
- FitMetrix data exposed on unprotected Elasticsearch servers
- Pentagon Data Breach Exposes up to 30,000 Travel Records
- Iceland's largest phishing campaign imitated police
- #Nymaim and #BankBot #Anubis PL campaign
hxxp://przelewy24[.]ml/
hxxp://faktura24[.]cf/
SHA256: 4cb0b471a2132a747abf78214fbdbf0e8d7f44857996117bdbb266d42a277970
C2: bilagoong[.]tk
@ThreatFabric @virqdroid @LukasStefanko
- Old dog, new tricks - Analysing new RTF-based campaign distributing Agent Tesla, Loki with PyREbox
- A Russian cyber vigilante is patching outdated MikroTik routers exposed online
- FitMetrix Unprotected Passwordless Database Exposed Millions of User Data
- Stringent password rules lower risk of personal data breaches
- Branch.io Flaws Exposed Tinder, Shopify, Yelp Users to XSS Attacks
DENIAL-OF-SERVICE
Nil
MALVERTISING
Nil
PHISHING
- Create an email phishing test to minimize attack vectors
- Learn how we are using #MachineLearning to detect mobile #phishing attacks with @thepacketrat and @dyngnosis: https://okt.to/W29vsS @PhishingAi @arstechnica
- Learn how hackers launched #phishing attacks against @netflix users with expert Michael Cobb of @thehairyITdog
- Hackers could use emoji domains to spread phishing attacks
- Iceland's largest phishing campaign imitated police
- Stringent password rules lower risk of personal data breaches
- According to #GroupIB experts, online market for counterfeit goods in Russia has reached $1,5 billion, while the number of phishing
- Google to Encrypt Android Cloud Backups With Your Lock Screen Password
WEB DEFACEMENT
Nil
BOTNET
Nil
RANSOMWARE
- Small businesses repeatedly falling victim to ransomware - Kaspersky
- Ransomware hits computer networks of North Carolina water utility
- Un nouveau rapport montre que les attaques par ransomware ont diminué au premier semestre 2018. Les pirates se tournent vers
CRYPTOMINING & CRYPTOCURRENCIES
- 400 Percent Increase in Cryptocurrency Mining Attacks Against iOS Devices
- Flash Updater Adds Cryptocurrency Miner
- iPhone a Growing Target of Crypto-Mining Attacks
- Economist Nouriel Roubini: Blockchain and bitcoin are the world’s biggest scams
- Fake Adobe update really *does* update Flash (while also installing cryptominer)
- Cryptomining Malware Infects Computers via Fake Adobe Updates
- September 2018’s Most Wanted Malware: Cryptomining Attacks Against Apple Devices On The Rise
- Fake Adobe update really *does* update Flash (while also installing cryptominer)
- 'Flash update' scam serves up legit software, but with a side of cryptominer
- How a #cryptocurrency mining #malware infects systems
- What are blockchain’s smart contracts? And how to secure them
- Android Apps Pretend to Mine Unmineable CryptoCurrencies to Just Show Ads
- SpankChain hacker steals the virtual currency and returns stolen ethereum
MALWARE
- Malware Campaign Distributes Data Stealer Trojan/RAT, Circumvents Anti-Malware
- New Gallmaker APT group eschews malware in cyber espionage campaigns
- Octopus Trojan exploits Telegram ban fears to snag diplomatic targets across Asia
- At the 2018 @RSAConference, researchers discussed the rise of stegware -- #malware that uses #steganography techniques to avoid detection. Learn
- Cryptomining Malware Infects Computers via Fake Adobe Updates
- September 2018’s Most Wanted Malware: Cryptomining Attacks Against Apple Devices On The Rise
- #Mobile #malware is on the rise. With mobile devices, hackers are able to access data far more sensitive than what
- .@TrendMicro researchers discovered #FacexWorm, a #malware that uses a #ChromeExtension and @Facebook Messenger to spread. Learn which users are at
- How does the MnuBot banking Trojan use unusual C&C servers?
- How a #cryptocurrency mining #malware infects systems
- @ThreatFabric Gaetan van Diemen showed us the actual situation and future predictions of Mobile Banking Malware. Thx for that awesome
- Godzilla Loader and the Long Tail of Malware
- Sony PS4 encounters malicious code attack and receives malicious messages
EXPLOIT
- New Technique Recycles Exploit Chain to Keep Antivirus Silent
VULNERABILITY
- FDA Warns of Flaws in Medtronic Programmers
- Microsoft Incompletely Patches JET Database Vulnerability
- Apple VoiceOver iOS Vulnerability Permits Hacker Access To User Photos
- .@TenableSecurity research finds new exploits of an already patched #MikroTik router vulnerability that could enable hackers to launch remote code
- Sony working on a fix for bug that's crashing PlayStation 4 consoles
- Apple VoiceOver iOS vulnerability permits hacker access to user photos
- Multiple Vulnerabilities Discovered in PHP Lead to Arbitrary Code Execution, DoS
- Details of Vulnerability in Google PDFium’s JBIG2 Revealed
- A flaw in @Google Firebase #DatabaseSecurity allowed hackers to bypass security and leak data. Learn more about this #SecurityFlaw and
- Branch.io Flaws may have affected as many as 685 million individuals
- Branch.io Flaws Exposed Tinder, Shopify, Yelp Users to XSS Attacks
ASIA
- Did Jamal Khashoggi’s Apple Watch record his murder at Saudi consulate? Probably not
- Octopus-infested seas of Central Asia
WORLD
- US voter records from 19 states sold on hacking forum
- Tens of Millions of U.S. Voter Records for Sale
- Pentagon Defense Department travel records data breach
- FDA Warns of Flaws in Medtronic Programmers
- New Gallmaker APT group eschews malware in cyber espionage campaigns
- Millions of Voter Records Found for Sale on the Dark Web
- Pentagon Employee Data Breach, An Eye-Opener
- Economist Nouriel Roubini: Blockchain and bitcoin are the world’s biggest scams
- TeleBots APT Group - Links to Industroyer, NotPetya and BlackEnergy
- September 2018’s Most Wanted Malware: Cryptomining Attacks Against Apple Devices On The Rise
- Iceland hit by Biggest Cyber Attack on Record
- Scottish Ambulance Service Exposed Employees’ Data Online
- Pentagon Staff Hit by Major Data Breach
- Russia-linked BlackEnergy backed new cyber attacks on Ukraine’s state bodies
- Pentagon Data Breach Exposes up to 30,000 Travel Records
- Un nouveau rapport montre que les attaques par ransomware ont diminué au premier semestre 2018. Les pirates se tournent vers
- Octopus-infested seas of Central Asia
- Iceland's largest phishing campaign imitated police
- Old dog, new tricks - Analysing new RTF-based campaign distributing Agent Tesla, Loki with PyREbox
- @ThreatFabric Gaetan van Diemen showed us the actual situation and future predictions of Mobile Banking Malware. Thx for that awesome
- Branch.io Flaws may have affected as many as 685 million individuals
- A Russian cyber vigilante is patching outdated MikroTik routers exposed online
- According to #GroupIB experts, online market for counterfeit goods in Russia has reached $1,5 billion, while the number of phishing
- Stopping Hidden Threats: How to Defend Against Fileless Attacks
- SpankChain hacker steals the virtual currency and returns stolen ethereum
ATTACKS
- Create an email phishing test to minimize attack vectors
- Facebook Hack Update – 30 Million Affected; More Details Exposed; No ID Protection
- Malware Campaign Distributes Data Stealer Trojan/RAT, Circumvents Anti-Malware
- Up to 35 Million 2018 Voter Records For Sale on Hacking Forum
- US voter records from 19 states sold on hacking forum
- Tens of Millions of U.S. Voter Records for Sale
- Pentagon Defense Department travel records data breach
- Did Jamal Khashoggi’s Apple Watch record his murder at Saudi consulate? Probably not
- New Gallmaker APT group eschews malware in cyber espionage campaigns
- Microsoft Incompletely Patches JET Database Vulnerability
- Old dog, new tricks – Analysing new RTF-based campaign distributing Agent Tesla, Loki with PyREbox
- Millions of Voter Records Found for Sale on the Dark Web
- Learn how we are using #MachineLearning to detect mobile #phishing attacks with @thepacketrat and @dyngnosis: https://okt.to/W29vsS @PhishingAi @arstechnica
- Learn how hackers launched #phishing attacks against @netflix users with expert Michael Cobb of @thehairyITdog
- Hackers could use emoji domains to spread phishing attacks
- Pentagon reveals cyber breach of travel records
- Pentagon Employee Data Breach, An Eye-Opener
- Facebook opens up about data breach details
- Facebook data breach: Victims will not be offered free identity theft protection
- A flaw in @Google Firebase #DatabaseSecurity allowed hackers to bypass security and leak data. Learn more about this #SecurityFlaw and
- Iceland hit by Biggest Cyber Attack on Record
- Scottish Ambulance Service Exposed Employees’ Data Online
- Pentagon Staff Hit by Major Data Breach
- FitMetrix data exposed on unprotected Elasticsearch servers
- Pentagon Data Breach Exposes up to 30,000 Travel Records
- Iceland's largest phishing campaign imitated police
- #Nymaim and #BankBot #Anubis PL campaign
hxxp://przelewy24[.]ml/
hxxp://faktura24[.]cf/
SHA256: 4cb0b471a2132a747abf78214fbdbf0e8d7f44857996117bdbb266d42a277970
C2: bilagoong[.]tk
@ThreatFabric @virqdroid @LukasStefanko
- Old dog, new tricks - Analysing new RTF-based campaign distributing Agent Tesla, Loki with PyREbox
- A Russian cyber vigilante is patching outdated MikroTik routers exposed online
- FitMetrix Unprotected Passwordless Database Exposed Millions of User Data
- Stringent password rules lower risk of personal data breaches
- Branch.io Flaws Exposed Tinder, Shopify, Yelp Users to XSS Attacks
- According to #GroupIB experts, online market for counterfeit goods in Russia has reached $1,5 billion, while the number of phishing
- Google to Encrypt Android Cloud Backups With Your Lock Screen Password
THREATS
- Small businesses repeatedly falling victim to ransomware - Kaspersky
- 400 Percent Increase in Cryptocurrency Mining Attacks Against iOS Devices
- Flash Updater Adds Cryptocurrency Miner
- Ransomware hits computer networks of North Carolina water utility
- Malware Campaign Distributes Data Stealer Trojan/RAT, Circumvents Anti-Malware
- FDA Warns of Flaws in Medtronic Programmers
- New Gallmaker APT group eschews malware in cyber espionage campaigns
- Microsoft Incompletely Patches JET Database Vulnerability
- Apple VoiceOver iOS Vulnerability Permits Hacker Access To User Photos
- .@TenableSecurity research finds new exploits of an already patched #MikroTik router vulnerability that could enable hackers to launch remote code
- iPhone a Growing Target of Crypto-Mining Attacks
- Octopus Trojan exploits Telegram ban fears to snag diplomatic targets across Asia
- Sony working on a fix for bug that's crashing PlayStation 4 consoles
- Economist Nouriel Roubini: Blockchain and bitcoin are the world’s biggest scams
- At the 2018 @RSAConference, researchers discussed the rise of stegware -- #malware that uses #steganography techniques to avoid detection. Learn
- Fake Adobe update really *does* update Flash (while also installing cryptominer)
- Apple VoiceOver iOS vulnerability permits hacker access to user photos
- Cryptomining Malware Infects Computers via Fake Adobe Updates
- September 2018’s Most Wanted Malware: Cryptomining Attacks Against Apple Devices On The Rise
- Fake Adobe update really *does* update Flash (while also installing cryptominer)
- Multiple Vulnerabilities Discovered in PHP Lead to Arbitrary Code Execution, DoS
- Details of Vulnerability in Google PDFium’s JBIG2 Revealed
- A flaw in @Google Firebase #DatabaseSecurity allowed hackers to bypass security and leak data. Learn more about this #SecurityFlaw and
- #Mobile #malware is on the rise. With mobile devices, hackers are able to access data far more sensitive than what
- Un nouveau rapport montre que les attaques par ransomware ont diminué au premier semestre 2018. Les pirates se tournent vers
- .@TrendMicro researchers discovered #FacexWorm, a #malware that uses a #ChromeExtension and @Facebook Messenger to spread. Learn which users are at
- 'Flash update' scam serves up legit software, but with a side of cryptominer
- How does the MnuBot banking Trojan use unusual C&C servers?
- How a #cryptocurrency mining #malware infects systems
- @ThreatFabric Gaetan van Diemen showed us the actual situation and future predictions of Mobile Banking Malware. Thx for that awesome
- Branch.io Flaws may have affected as many as 685 million individuals
- Godzilla Loader and the Long Tail of Malware
- Branch.io Flaws Exposed Tinder, Shopify, Yelp Users to XSS Attacks
- What are blockchain’s smart contracts? And how to secure them
- Android Apps Pretend to Mine Unmineable CryptoCurrencies to Just Show Ads
- SpankChain hacker steals the virtual currency and returns stolen ethereum
- Sony PS4 encounters malicious code attack and receives malicious messages
CRIME
- Online ads: a potential way in for XSS attacks
- Facebook data breach: Victims will not be offered free identity theft protection
- September 2018’s Most Wanted Malware: Cryptomining Attacks Against Apple Devices On The Rise
- Octopus-infested seas of Central Asia
- Iceland's largest phishing campaign imitated police
- 'Flash update' scam serves up legit software, but with a side of cryptominer
- Old dog, new tricks - Analysing new RTF-based campaign distributing Agent Tesla, Loki with PyREbox
- A Russian cyber vigilante is patching outdated MikroTik routers exposed online
- SpankChain hacker steals the virtual currency and returns stolen ethereum
POLITICS
- Pentagon Defense Department travel records data breach
- New Gallmaker APT group eschews malware in cyber espionage campaigns
- A week in security (October 8 – 14)
- Gallmaker - Threat Group Targeting Governments and Militaries
- Octopus-infested seas of Central Asia
- Old dog, new tricks - Analysing new RTF-based campaign distributing Agent Tesla, Loki with PyREbox
- A Russian cyber vigilante is patching outdated MikroTik routers exposed online
