WINDOWS
- Warning: More iOS Devices Are Infected by Cryptocurrency Mining Malware
- Windows ‘Deletebug’ Zero-Day Allows Privilege Escalation, Destruction
- Exploit for New Windows Zero-Day Published on Twitter
- Cisco Patches Local WebEx Vulnerability, Remotely Exploitable in AD Deployments
- CVE-2018-4338: Triggering an Information Disclosure on macOS Through a Broadcom AirPort Kext
- Meet Cryptojacking, the (not so) new kid on the block
- Exploit kits: fall 2018 review
- Another Windows 0-day flaw has been published on Twitter
- SandboxEscaper expert is back and disclosed a new Windows Zero-Day
- A Windows 0day vulnerability was made public on Twitter
- New Microsoft Windows Zero-Day Dropped on Twitter, Micropatch Available
- New Windows Zero-Day Bug Helps Delete Any File, Exploit Available
- Malware Targeting Brazil Uses Legitimate Windows Components WMI and CertUtil as Part of its Routine
- Weekly Threat Briefing: HealthCare.gov Suffered Data Breach As Hackers Stole 75,000 Records
- The risk to OT networks is real, and it’s dangerous for business leaders to ignore
- Russian Government-owned research institute linked to Triton attacks
- Again Hacker Exposed New Microsoft Unpatched Zero-day Bug In Twitter With PoC
- How Microsoft's Controlled Folder Access can help stop ransomware
- Hacker Discloses New Windows Zero-Day Exploit On Twitter
LINUX
- Warning: More iOS Devices Are Infected by Cryptocurrency Mining Malware
- Meet Cryptojacking, the (not so) new kid on the block
- Weekly Threat Briefing: HealthCare.gov Suffered Data Breach As Hackers Stole 75,000 Records
- Chalubo, a new IoT botnet emerges in the threat landscape
UNIX
Nil
ANDROID
- Warning: More iOS Devices Are Infected by Cryptocurrency Mining Malware
- Beers with Talos EP40: BWT XL feat. SuperMicro, Giant Patches, and More Mobile Malware
- Marine diesel engines software developed by Auto Maskin has serious vulnerabilities
IOS
- Warning: More iOS Devices Are Infected by Cryptocurrency Mining Malware
- Weekly Threat Briefing: HealthCare.gov Suffered Data Breach As Hackers Stole 75,000 Records
MACOS
- CVE-2018-4338: Triggering an Information Disclosure on macOS Through a Broadcom AirPort Kext
- Meet Cryptojacking, the (not so) new kid on the block
- Mac malware intercepts encrypted web traffic for ad injection
DATA BREACH & DATA LOSS
- Cathay Pacific breach leaks personal data on 9.4 million people
- Cathay Pacific data breach hits 9.4 million people
- Hacker Guccifer, who exposed Clinton private email server, ready for US prison sentence
- Democratic Fundraising Firm Leaks Voter Database, Clients, Fundraisers
- Cathay Pacific Hit by Data Leak Affecting 9.4M Passengers
- Supermarket told it must compensate 100,000 workers after payroll data deliberately leaked by rogue employee
- Information-Stealing Malware Campaign Evades Anti-Virus Detection
- Cathay Pacific Suffers Data Breach Impacting 9.4 Million Passengers
- Pocket iNet Leaves 73 GB of Sensitive Data Exposed
- Yahoo to pay up to $85m to settle data breach lawsuit
- Tim Cook Blasts Weaponization Of Personal Data And Praises GDPR
- Pocket iNet Left All Of Its Corporate Passwords, Keys, And Data Exposed
- Apple's Tim Cook: Our personal data is 'weaponized against us' by you-know-who
- A #ZeroDay in #jQuery File Upload could affect thousands of projects because the jQuery #plugin vulnerability has existed for eight
- Last year the @USAgov required agencies to implement #DMARC records and policies by October 2018. Learn just how hard DMARC
- Discover how #NetSpectre attacks leak data remotely via side-channels with Michael Cobb of @thehairyITdog.
- Yahoo Agrees to Pay $50 Million in Damages to Settle Data Breach Lawsuit
- Business Email Compromise: Gift Cards
- US government medical website was hacked that 75,000 personal data was stolen
- Morrisons supermarket: We're taking payroll leak liability fight to UK Supreme Court
- Pocket iNet ISP exposed 73GB of data including secret keys, plain text passwords
- Weekly Threat Briefing: HealthCare.gov Suffered Data Breach As Hackers Stole 75,000 Records
- Yahoo agrees to pay $50 million to settle data breach lawsuit
- My Health Record opt-outs now sit at over 1.1 million
- ISP Provider Exposed 73 Gigabytes of Highly Sensitive Data Including To The Internet
- South Korea Seems Chief Target of the ‘Operation Oceansalt’ Campaign
- Again Hacker Exposed New Microsoft Unpatched Zero-day Bug In Twitter With PoC
- Yahoo to pay at least $85m for data breach settlement
- Survey: Nearly Half of U.S. Adults Experienced a Data Breach in the Past Three Years
- A recent @HealthCareGov #breach exposed unknown types of data on 75,000 people, but a lack of information in the disclosure
DENIAL-OF-SERVICE
- This botnet snares your smart devices to perform DDoS attacks with a little help from Mirai
MALVERTISING
Nil
PHISHING
- Phishing Attack Tip 1: Beware of Unsettling Content
An email containing unsettling, startling, or urgent content that requires immediate action on
- The Enduring Password Conundrum
- Phishing for knowledge
- Phishing attacks: Why is email still such an easy target for hackers?
- Office 365 for Business - from May to September - has been Recorded Lowest Phish Miss Rate Versus Rivals
- Area 1 Security releases Pay-Per-Phish, the performance-based cybersecurity solution
WEB DEFACEMENT
Nil
BOTNET
- Poorly secured SSH servers targeted by Chalubo botnet
- This botnet snares your smart devices to perform DDoS attacks with a little help from Mirai
- "The resurgence of #VPNFilter #botnet appears to be limited to the Ukraine, but given the ease of infecting targeted systems,
- Chalubo, a new IoT botnet emerges in the threat landscape
RANSOMWARE
- ThreatList: Ransomware, EKs and Trojans lead the Way in Q3 Malware Trends
- Join us, and @SentinelOne Nov 29, as we discuss fast acting #ransomware remediation, threat hunting, and #AI that stops incongruous
- How Microsoft's Controlled Folder Access can help stop ransomware
CRYPTOMINING & CRYPTOCURRENCIES
- Australian woman arrested over AU$450,000 Ripple theft
- Warning: More iOS Devices Are Infected by Cryptocurrency Mining Malware
- Meet Cryptojacking, the (not so) new kid on the block
- FBI: Call of Duty gamers helped steal $3.3 million in cryptocurrency hacking scheme
- Crytojacking 101; why cryptojacking is bad for business
- China asks blockchain-based service providers to control user information
- A Digital Currency for Everyone: 5 Easy Way Steps to Follow for Buying Bitcoin
- Securing Blockchain with Privileged Access Management
MALWARE
- Warning: More iOS Devices Are Infected by Cryptocurrency Mining Malware
- Russia Behind Triton Malware? A Cybersecurity Consulting Firm Confirms
- Information-Stealing Malware Campaign Evades Anti-Virus Detection
- New Malware Targets Industrial Control Systems
- FlawedAmmyy Remote Access Trojan
- Meet the malware which turns your smartphone into a mobile proxy
- sLoad Banking Trojan Downloader Displays Sophisticated Recon and Targeting
- ThreatList: Ransomware, EKs and Trojans lead the Way in Q3 Malware Trends
- Beers with Talos EP40: BWT XL feat. SuperMicro, Giant Patches, and More Mobile Malware
- Mac malware intercepts encrypted web traffic for ad injection
- Russian Malware Used In An Attempt To Sabotage Saudi Petrol Plant
- Malware Targeting Brazil Uses Legitimate Windows Components WMI and CertUtil as Part of its Routine
- LuminosityLink RAT author sentenced to 2.5 years in jail
- Deadly Malware That Attacked Saudi Industrial Plant Came From Russia
- Beyond Your Bank Account: Ten Astounding Finds Uncovered by Financial Malware
- FireEye: Russian Research Lab Aided the Development of TRITON Industrial Malware
EXPLOIT
- Exploit for New Windows Zero-Day Published on Twitter
- Exploit kits: fall 2018 review
- New Windows Zero-Day Bug Helps Delete Any File, Exploit Available
- Siemens Siclock: How do threat actors exploit these devices?
- Magecart Attackers Exploit Magento Zero-Days
- Hacker Discloses New Windows Zero-Day Exploit On Twitter
VULNERABILITY
- Windows ‘Deletebug’ Zero-Day Allows Privilege Escalation, Destruction
- Vulnerabilities in Linksys Routers May Grant Attackers Full Control
- Exploit for New Windows Zero-Day Published on Twitter
- Cisco Patches Local WebEx Vulnerability, Remotely Exploitable in AD Deployments
- CVE-2018-4338: Triggering an Information Disclosure on macOS Through a Broadcom AirPort Kext
- Another Windows 0-day flaw has been published on Twitter
- .@Siemens disclosed six SICLOCK flaws that were found within its central plant clocks. Discover why three flaws have been rated
- SandboxEscaper expert is back and disclosed a new Windows Zero-Day
- Pentagon Launches Continuous Bug Bounty Program
- [SingCERT] Alert on Drupal Critical Vulnerabilities
- A Windows 0day vulnerability was made public on Twitter
- Organizations with strong DevSecOps find flaws 11x faster than those without
- New Microsoft Windows Zero-Day Dropped on Twitter, Micropatch Available
- A #ZeroDay in #jQuery File Upload could affect thousands of projects because the jQuery #plugin vulnerability has existed for eight
- Most enterprise vulnerabilities remain unpatched a month after discovery
- WizCase Found Critical Firmware Vulnerabilities In Leading NAS Devices
- New Windows Zero-Day Bug Helps Delete Any File, Exploit Available
- Twitter User Discloses Second Microsoft Zero-Day
- Firefox 63 Released with Enhanced Tracking Protection and Fixes 14 Security Vulnerabilities
- Most applications 'suffer from information leakage bugs'
- DoD bug bounty program to expand to more sensitive systems
- 3-year-old jQuery plugin vulnerability finally patched
- US Department of Defense Expands Bug Bounty Efforts
- The Qihoo @360CoreSec team found a @Microsoft vulnerability -- named Double Kill -- that affects applications through #MicrosoftOffice documents. Learn
- Good initiative. Would be even better if you would pay bounties for the bugs, too.
- Learn about the #NetSpectre vulnerability and the benefits of #ThreatModeling for cloud deployments from expert Ed Moyle of @securitycurve.
- A summer intern took a look at tinc VPN, they found some nice authentication bypass and message tampering flaws
- Again Hacker Exposed New Microsoft Unpatched Zero-day Bug In Twitter With PoC
- Marine diesel engines software developed by Auto Maskin has serious vulnerabilities
- Drupal Remote Code Execution Vulnerability Threat Alert
- Hacker Discloses New Windows Zero-Day Exploit On Twitter
ASIA
- Cathay Pacific breach leaks personal data on 9.4 million people
- Democratic Fundraising Firm Leaks Voter Database, Clients, Fundraisers
- Cathay Pacific Hit by Data Leak Affecting 9.4M Passengers
- Russia Behind Triton Malware? A Cybersecurity Consulting Firm Confirms
- Exploit kits: fall 2018 review
- Russian Malware Used In An Attempt To Sabotage Saudi Petrol Plant
- Weekly Threat Briefing: HealthCare.gov Suffered Data Breach As Hackers Stole 75,000 Records
- Phishing for knowledge
- Deadly Malware That Attacked Saudi Industrial Plant Came From Russia
- Researchers: Russia is the initiator of ICS Attack Framework “TRITON” and Trisis
- South Korea Seems Chief Target of the ‘Operation Oceansalt’ Campaign
- Russian Government-owned research institute linked to Triton attacks
- FireEye: Russian Research Lab Aided the Development of TRITON Industrial Malware
- Drupal Remote Code Execution Vulnerability Threat Alert
- China asks blockchain-based service providers to control user information
OCEANIA
- Australian woman arrested over AU$450,000 Ripple theft
- Phishing for knowledge
NORTH AMERICA
- Warning: More iOS Devices Are Infected by Cryptocurrency Mining Malware
- Hacker Guccifer, who exposed Clinton private email server, ready for US prison sentence
- Meet Cryptojacking, the (not so) new kid on the block
- Exploit kits: fall 2018 review
- Pocket iNet Leaves 73 GB of Sensitive Data Exposed
- Beers with Talos EP40: BWT XL feat. SuperMicro, Giant Patches, and More Mobile Malware
- Yahoo to pay up to $85m to settle data breach lawsuit
- Apple's Tim Cook: Our personal data is 'weaponized against us' by you-know-who
- US government medical website was hacked that 75,000 personal data was stolen
- Pocket iNet ISP exposed 73GB of data including secret keys, plain text passwords
- Weekly Threat Briefing: HealthCare.gov Suffered Data Breach As Hackers Stole 75,000 Records
- Phishing for knowledge
- US Department of Defense Expands Bug Bounty Efforts
- Join us, and @SentinelOne Nov 29, as we discuss fast acting #ransomware remediation, threat hunting, and #AI that stops incongruous
- Deadly Malware That Attacked Saudi Industrial Plant Came From Russia
- Researchers: Russia is the initiator of ICS Attack Framework “TRITON” and Trisis
- ISP Provider Exposed 73 Gigabytes of Highly Sensitive Data Including To The Internet
- South Korea Seems Chief Target of the ‘Operation Oceansalt’ Campaign
- Survey: Nearly Half of U.S. Adults Experienced a Data Breach in the Past Three Years
- China asks blockchain-based service providers to control user information
SOUTH AMERICA
- Malware Targeting Brazil Uses Legitimate Windows Components WMI and CertUtil as Part of its Routine
- Phishing for knowledge
EUROPE
- Hacker Guccifer, who exposed Clinton private email server, ready for US prison sentence
- Magecart hackers change tactic and target vulnerable Magento extensions
- Russia Behind Triton Malware? A Cybersecurity Consulting Firm Confirms
- Supermarket told it must compensate 100,000 workers after payroll data deliberately leaked by rogue employee
- New Malware Targets Industrial Control Systems
- Yahoo to pay up to $85m to settle data breach lawsuit
- Russian Malware Used In An Attempt To Sabotage Saudi Petrol Plant
- Malware Targeting Brazil Uses Legitimate Windows Components WMI and CertUtil as Part of its Routine
- "The resurgence of #VPNFilter #botnet appears to be limited to the Ukraine, but given the ease of infecting targeted systems,
- Morrisons supermarket: We're taking payroll leak liability fight to UK Supreme Court
- Weekly Threat Briefing: HealthCare.gov Suffered Data Breach As Hackers Stole 75,000 Records
- Phishing for knowledge
- Magecart Attackers Exploit Magento Zero-Days
- Deadly Malware That Attacked Saudi Industrial Plant Came From Russia
- Researchers: Russia is the initiator of ICS Attack Framework “TRITON” and Trisis
- Russian Government-owned research institute linked to Triton attacks
- FireEye: Russian Research Lab Aided the Development of TRITON Industrial Malware
- Marine diesel engines software developed by Auto Maskin has serious vulnerabilities
AFRICA
- Phishing for knowledge
HEALTHCARE
- US government medical website was hacked that 75,000 personal data was stolen
- Weekly Threat Briefing: HealthCare.gov Suffered Data Breach As Hackers Stole 75,000 Records
- Drupal Remote Code Execution Vulnerability Threat Alert
TRANSPORT
- CVE-2018-4338: Triggering an Information Disclosure on macOS Through a Broadcom AirPort Kext
- Weekly Threat Briefing: HealthCare.gov Suffered Data Breach As Hackers Stole 75,000 Records
- Securing Blockchain with Privileged Access Management
BANKING & FINANCE
- Warning: More iOS Devices Are Infected by Cryptocurrency Mining Malware
- Magecart hackers change tactic and target vulnerable Magento extensions
- Cathay Pacific Hit by Data Leak Affecting 9.4M Passengers
- FlawedAmmyy Remote Access Trojan
- Meet Cryptojacking, the (not so) new kid on the block
- Magecart Hackers Now Targeting Vulnerable Magento Extensions
- sLoad Banking Trojan Downloader Displays Sophisticated Recon and Targeting
- Exploit kits: fall 2018 review
- Mac malware intercepts encrypted web traffic for ad injection
- Malware Targeting Brazil Uses Legitimate Windows Components WMI and CertUtil as Part of its Routine
- Phishing for knowledge
- Magecart Attackers Exploit Magento Zero-Days
- The risk to OT networks is real, and it’s dangerous for business leaders to ignore
- Beyond Your Bank Account: Ten Astounding Finds Uncovered by Financial Malware
- Russian Government-owned research institute linked to Triton attacks
- Drupal Remote Code Execution Vulnerability Threat Alert
- China asks blockchain-based service providers to control user information
- A Digital Currency for Everyone: 5 Easy Way Steps to Follow for Buying Bitcoin
INFORMATION & TELECOMMUNICATION
- Warning: More iOS Devices Are Infected by Cryptocurrency Mining Malware
- Exploit for New Windows Zero-Day Published on Twitter
- Meet Cryptojacking, the (not so) new kid on the block
- Another Windows 0-day flaw has been published on Twitter
- Beers with Talos EP40: BWT XL feat. SuperMicro, Giant Patches, and More Mobile Malware
- SandboxEscaper expert is back and disclosed a new Windows Zero-Day
- [SingCERT] Alert on Drupal Critical Vulnerabilities
- A Windows 0day vulnerability was made public on Twitter
- New Microsoft Windows Zero-Day Dropped on Twitter, Micropatch Available
- Twitter User Discloses Second Microsoft Zero-Day
- Malware Targeting Brazil Uses Legitimate Windows Components WMI and CertUtil as Part of its Routine
- Need help managing supply chain risks?
In this week's ShadowTalk episode, the team breaks it down into hardware, software
- Pocket iNet ISP exposed 73GB of data including secret keys, plain text passwords
- Phishing for knowledge
- Magecart Attackers Exploit Magento Zero-Days
- Join us, and @SentinelOne Nov 29, as we discuss fast acting #ransomware remediation, threat hunting, and #AI that stops incongruous
- Good initiative. Would be even better if you would pay bounties for the bugs, too.
- ISP Provider Exposed 73 Gigabytes of Highly Sensitive Data Including To The Internet
- Office 365 for Business - from May to September - has been Recorded Lowest Phish Miss Rate Versus Rivals
- Again Hacker Exposed New Microsoft Unpatched Zero-day Bug In Twitter With PoC
- China asks blockchain-based service providers to control user information
- Hacker Discloses New Windows Zero-Day Exploit On Twitter
- NETSCOUT Takes Internet Scale Threat Protection to the Edge
FOOD
Nil
WATER
Nil
ENERGY
- New Malware Targets Industrial Control Systems
- Weekly Threat Briefing: HealthCare.gov Suffered Data Breach As Hackers Stole 75,000 Records
- Deadly Malware That Attacked Saudi Industrial Plant Came From Russia
- Drupal Remote Code Execution Vulnerability Threat Alert
GOVERNMENT & PUBLIC SERVICE
- Russia Behind Triton Malware? A Cybersecurity Consulting Firm Confirms
- Federal Legislation Enables Consumers to Obtain Security Freezes on Credit Reports Free of Charge
- Yahoo to pay up to $85m to settle data breach lawsuit
- Malware Targeting Brazil Uses Legitimate Windows Components WMI and CertUtil as Part of its Routine
- US government medical website was hacked that 75,000 personal data was stolen
- Weekly Threat Briefing: HealthCare.gov Suffered Data Breach As Hackers Stole 75,000 Records
- Deadly Malware That Attacked Saudi Industrial Plant Came From Russia
- Researchers: Russia is the initiator of ICS Attack Framework “TRITON” and Trisis
- Russian Government-owned research institute linked to Triton attacks
- Survey: Nearly Half of U.S. Adults Experienced a Data Breach in the Past Three Years
- China asks blockchain-based service providers to control user information
ASIA
- Cathay Pacific breach leaks personal data on 9.4 million people
- Democratic Fundraising Firm Leaks Voter Database, Clients, Fundraisers
- Cathay Pacific Hit by Data Leak Affecting 9.4M Passengers
- Russia Behind Triton Malware? A Cybersecurity Consulting Firm Confirms
- Exploit kits: fall 2018 review
- Russian Malware Used In An Attempt To Sabotage Saudi Petrol Plant
- Weekly Threat Briefing: HealthCare.gov Suffered Data Breach As Hackers Stole 75,000 Records
- Phishing for knowledge
- Deadly Malware That Attacked Saudi Industrial Plant Came From Russia
- Researchers: Russia is the initiator of ICS Attack Framework “TRITON” and Trisis
- South Korea Seems Chief Target of the ‘Operation Oceansalt’ Campaign
- Russian Government-owned research institute linked to Triton attacks
- FireEye: Russian Research Lab Aided the Development of TRITON Industrial Malware
- Drupal Remote Code Execution Vulnerability Threat Alert
- China asks blockchain-based service providers to control user information
WORLD
- Australian woman arrested over AU$450,000 Ripple theft
- Warning: More iOS Devices Are Infected by Cryptocurrency Mining Malware
- Hacker Guccifer, who exposed Clinton private email server, ready for US prison sentence
- Magecart hackers change tactic and target vulnerable Magento extensions
- Russia Behind Triton Malware? A Cybersecurity Consulting Firm Confirms
- Supermarket told it must compensate 100,000 workers after payroll data deliberately leaked by rogue employee
- New Malware Targets Industrial Control Systems
- Meet Cryptojacking, the (not so) new kid on the block
- Exploit kits: fall 2018 review
- Pocket iNet Leaves 73 GB of Sensitive Data Exposed
- Beers with Talos EP40: BWT XL feat. SuperMicro, Giant Patches, and More Mobile Malware
- Yahoo to pay up to $85m to settle data breach lawsuit
- Russian Malware Used In An Attempt To Sabotage Saudi Petrol Plant
- Apple's Tim Cook: Our personal data is 'weaponized against us' by you-know-who
- Malware Targeting Brazil Uses Legitimate Windows Components WMI and CertUtil as Part of its Routine
- US government medical website was hacked that 75,000 personal data was stolen
- "The resurgence of #VPNFilter #botnet appears to be limited to the Ukraine, but given the ease of infecting targeted systems,
- Morrisons supermarket: We're taking payroll leak liability fight to UK Supreme Court
- Pocket iNet ISP exposed 73GB of data including secret keys, plain text passwords
- Weekly Threat Briefing: HealthCare.gov Suffered Data Breach As Hackers Stole 75,000 Records
- Phishing for knowledge
- US Department of Defense Expands Bug Bounty Efforts
- Magecart Attackers Exploit Magento Zero-Days
- Join us, and @SentinelOne Nov 29, as we discuss fast acting #ransomware remediation, threat hunting, and #AI that stops incongruous
- Deadly Malware That Attacked Saudi Industrial Plant Came From Russia
- Researchers: Russia is the initiator of ICS Attack Framework “TRITON” and Trisis
- ISP Provider Exposed 73 Gigabytes of Highly Sensitive Data Including To The Internet
- South Korea Seems Chief Target of the ‘Operation Oceansalt’ Campaign
- Russian Government-owned research institute linked to Triton attacks
- FireEye: Russian Research Lab Aided the Development of TRITON Industrial Malware
- Survey: Nearly Half of U.S. Adults Experienced a Data Breach in the Past Three Years
- Marine diesel engines software developed by Auto Maskin has serious vulnerabilities
- China asks blockchain-based service providers to control user information
ATTACKS
- Cathay Pacific breach leaks personal data on 9.4 million people
- Cathay Pacific data breach hits 9.4 million people
- Hacker Guccifer, who exposed Clinton private email server, ready for US prison sentence
- Democratic Fundraising Firm Leaks Voter Database, Clients, Fundraisers
- Cathay Pacific Hit by Data Leak Affecting 9.4M Passengers
- Supermarket told it must compensate 100,000 workers after payroll data deliberately leaked by rogue employee
- Information-Stealing Malware Campaign Evades Anti-Virus Detection
- Cathay Pacific Suffers Data Breach Impacting 9.4 Million Passengers
- Pocket iNet Leaves 73 GB of Sensitive Data Exposed
- Yahoo to pay up to $85m to settle data breach lawsuit
- Tim Cook Blasts Weaponization Of Personal Data And Praises GDPR
- Pocket iNet Left All Of Its Corporate Passwords, Keys, And Data Exposed
- Apple's Tim Cook: Our personal data is 'weaponized against us' by you-know-who
- A #ZeroDay in #jQuery File Upload could affect thousands of projects because the jQuery #plugin vulnerability has existed for eight
- Phishing Attack Tip 1: Beware of Unsettling Content
An email containing unsettling, startling, or urgent content that requires immediate action on
- Last year the @USAgov required agencies to implement #DMARC records and policies by October 2018. Learn just how hard DMARC
- Discover how #NetSpectre attacks leak data remotely via side-channels with Michael Cobb of @thehairyITdog.
- Yahoo Agrees to Pay $50 Million in Damages to Settle Data Breach Lawsuit
- Business Email Compromise: Gift Cards
- The Enduring Password Conundrum
- US government medical website was hacked that 75,000 personal data was stolen
- Morrisons supermarket: We're taking payroll leak liability fight to UK Supreme Court
- Pocket iNet ISP exposed 73GB of data including secret keys, plain text passwords
- Weekly Threat Briefing: HealthCare.gov Suffered Data Breach As Hackers Stole 75,000 Records
- Phishing for knowledge
- Phishing attacks: Why is email still such an easy target for hackers?
- Yahoo agrees to pay $50 million to settle data breach lawsuit
- My Health Record opt-outs now sit at over 1.1 million
- ISP Provider Exposed 73 Gigabytes of Highly Sensitive Data Including To The Internet
- South Korea Seems Chief Target of the ‘Operation Oceansalt’ Campaign
- Office 365 for Business - from May to September - has been Recorded Lowest Phish Miss Rate Versus Rivals
- Again Hacker Exposed New Microsoft Unpatched Zero-day Bug In Twitter With PoC
- Yahoo to pay at least $85m for data breach settlement
- Area 1 Security releases Pay-Per-Phish, the performance-based cybersecurity solution
- Survey: Nearly Half of U.S. Adults Experienced a Data Breach in the Past Three Years
- A recent @HealthCareGov #breach exposed unknown types of data on 75,000 people, but a lack of information in the disclosure
THREATS
- Australian woman arrested over AU$450,000 Ripple theft
- Warning: More iOS Devices Are Infected by Cryptocurrency Mining Malware
- Windows ‘Deletebug’ Zero-Day Allows Privilege Escalation, Destruction
- Russia Behind Triton Malware? A Cybersecurity Consulting Firm Confirms
- Vulnerabilities in Linksys Routers May Grant Attackers Full Control
- Information-Stealing Malware Campaign Evades Anti-Virus Detection
- New Malware Targets Industrial Control Systems
- FlawedAmmyy Remote Access Trojan
- Exploit for New Windows Zero-Day Published on Twitter
- Cisco Patches Local WebEx Vulnerability, Remotely Exploitable in AD Deployments
- Meet the malware which turns your smartphone into a mobile proxy
- CVE-2018-4338: Triggering an Information Disclosure on macOS Through a Broadcom AirPort Kext
- Meet Cryptojacking, the (not so) new kid on the block
- sLoad Banking Trojan Downloader Displays Sophisticated Recon and Targeting
- ThreatList: Ransomware, EKs and Trojans lead the Way in Q3 Malware Trends
- Another Windows 0-day flaw has been published on Twitter
- .@Siemens disclosed six SICLOCK flaws that were found within its central plant clocks. Discover why three flaws have been rated
- Beers with Talos EP40: BWT XL feat. SuperMicro, Giant Patches, and More Mobile Malware
- Mac malware intercepts encrypted web traffic for ad injection
- SandboxEscaper expert is back and disclosed a new Windows Zero-Day
- Pentagon Launches Continuous Bug Bounty Program
- Russian Malware Used In An Attempt To Sabotage Saudi Petrol Plant
- [SingCERT] Alert on Drupal Critical Vulnerabilities
- A Windows 0day vulnerability was made public on Twitter
- Organizations with strong DevSecOps find flaws 11x faster than those without
- New Microsoft Windows Zero-Day Dropped on Twitter, Micropatch Available
- A #ZeroDay in #jQuery File Upload could affect thousands of projects because the jQuery #plugin vulnerability has existed for eight
- Most enterprise vulnerabilities remain unpatched a month after discovery
- WizCase Found Critical Firmware Vulnerabilities In Leading NAS Devices
- New Windows Zero-Day Bug Helps Delete Any File, Exploit Available
- Twitter User Discloses Second Microsoft Zero-Day
- Malware Targeting Brazil Uses Legitimate Windows Components WMI and CertUtil as Part of its Routine
- Firefox 63 Released with Enhanced Tracking Protection and Fixes 14 Security Vulnerabilities
- Most applications 'suffer from information leakage bugs'
- DoD bug bounty program to expand to more sensitive systems
- LuminosityLink RAT author sentenced to 2.5 years in jail
- 3-year-old jQuery plugin vulnerability finally patched
- US Department of Defense Expands Bug Bounty Efforts
- The Qihoo @360CoreSec team found a @Microsoft vulnerability -- named Double Kill -- that affects applications through #MicrosoftOffice documents. Learn
- Join us, and @SentinelOne Nov 29, as we discuss fast acting #ransomware remediation, threat hunting, and #AI that stops incongruous
- Deadly Malware That Attacked Saudi Industrial Plant Came From Russia
- FBI: Call of Duty gamers helped steal $3.3 million in cryptocurrency hacking scheme
- Good initiative. Would be even better if you would pay bounties for the bugs, too.
- Learn about the #NetSpectre vulnerability and the benefits of #ThreatModeling for cloud deployments from expert Ed Moyle of @securitycurve.
- Crytojacking 101; why cryptojacking is bad for business
- A summer intern took a look at tinc VPN, they found some nice authentication bypass and message tampering flaws
- Beyond Your Bank Account: Ten Astounding Finds Uncovered by Financial Malware
- FireEye: Russian Research Lab Aided the Development of TRITON Industrial Malware
- Again Hacker Exposed New Microsoft Unpatched Zero-day Bug In Twitter With PoC
- How Microsoft's Controlled Folder Access can help stop ransomware
- Marine diesel engines software developed by Auto Maskin has serious vulnerabilities
- Drupal Remote Code Execution Vulnerability Threat Alert
- China asks blockchain-based service providers to control user information
- A Digital Currency for Everyone: 5 Easy Way Steps to Follow for Buying Bitcoin
- Hacker Discloses New Windows Zero-Day Exploit On Twitter
- Securing Blockchain with Privileged Access Management
CRIME
- Australian woman arrested over AU$450,000 Ripple theft
- Warning: More iOS Devices Are Infected by Cryptocurrency Mining Malware
- Hacker Guccifer, who exposed Clinton private email server, ready for US prison sentence
- Magecart hackers change tactic and target vulnerable Magento extensions
- Federal Legislation Enables Consumers to Obtain Security Freezes on Credit Reports Free of Charge
- Yahoo to pay up to $85m to settle data breach lawsuit
- Business Email Compromise: Gift Cards
- US government medical website was hacked that 75,000 personal data was stolen
- Morrisons supermarket: We're taking payroll leak liability fight to UK Supreme Court
- Weekly Threat Briefing: HealthCare.gov Suffered Data Breach As Hackers Stole 75,000 Records
- LuminosityLink RAT author sentenced to 2.5 years in jail
- Phishing for knowledge
- FBI: Call of Duty gamers helped steal $3.3 million in cryptocurrency hacking scheme
- Beyond Your Bank Account: Ten Astounding Finds Uncovered by Financial Malware
- Survey: Nearly Half of U.S. Adults Experienced a Data Breach in the Past Three Years
- China asks blockchain-based service providers to control user information
- Securing Blockchain with Privileged Access Management
POLITICS
- New Malware Targets Industrial Control Systems
- Meet Cryptojacking, the (not so) new kid on the block
- Russian Malware Used In An Attempt To Sabotage Saudi Petrol Plant
- Pocket iNet ISP exposed 73GB of data including secret keys, plain text passwords
- Weekly Threat Briefing: HealthCare.gov Suffered Data Breach As Hackers Stole 75,000 Records
- Phishing for knowledge
- Deadly Malware That Attacked Saudi Industrial Plant Came From Russia
- ISP Provider Exposed 73 Gigabytes of Highly Sensitive Data Including To The Internet
- South Korea Seems Chief Target of the ‘Operation Oceansalt’ Campaign
- Russian Government-owned research institute linked to Triton attacks
