DATA BREACH & DATA LOSS
- Girl Scouts Issues Data Breach Warning to 2,800 Members
- Cathay Pacific Suffers World’s Largest Airline Data Breach
- sLoad and Ramnit Campaign Against UK and Italy
- Secret Service Confirms Focus on Email Compromise Cybercrimes Worth $12 Billion
- Girl Scouts Alerted to Possible Data Breach
- 'Narwhal Spider' group's spam campaign targets Japanese recipients with URLZone malware
- DDoS and ransomware tools for starter and experienced cybercriminals exposed
- Biggest Manufacturing Data Breaches of the 21st Century
- The Worst Data Breach till Now 2018, and What It Means
- Crooks continue to abuse exposed Docker APIs for Cryptojacking
- IoT users uncertain if personal data is shared across multiple devices
- Hackers Breach System of Healthcare.Gov Exposing Personal Data of 75,000 Users
- Hackers steal personal data of up to 9.4 million Cathay Pacific passengers
- Leaked: iOS 12.1 will be released on October 30th
- 33,000 Accounting Inbox Credentials Exposed Online: BEC Made Easy | Read the details here:
DENIAL-OF-SERVICE
- Remote Denial of Service Vulnerability Patched in Squid Proxy Cache Server
- Man Ordered to Pay $8.6 Million for Launching DDoS Attacks against Rutgers University
- Mirai Author Gets House Arrest for DDoS Attacks on University
- DDoS and ransomware tools for starter and experienced cybercriminals exposed
MALVERTISING
Nil
PHISHING
- Phishing spikes as private health continues to be most breached sector in Australia
- Nation-State Phishing: A Country-Sized Catch
- A new phishing report reveals Microsoft, Paypal, and Netflix are among the top brands impersonated by phishing attacks.
Attackers tend to
- This is getting worse and worse. And is going to normalize and lead to much more successful phishing through SMS
- League of Legends Gamers Targeted by Phishing Scam | Avast
- What can we do to tackle today’s phishing epidemic?
- Das Geschäft mit gestohlenen Login-Daten von Privatnutzern und Unternehmensanwendern boomt. US-Journalist Brian Krebs beziffert die "Ausbeute" bei mehreren 100.000 US-Dollar
- 19% still save their password on a piece of paper
- Vulnerability In Microsoft Word Online Video Feature Allows for Phishing
WEB DEFACEMENT
- Future Investment Initiative Conference Website, Defaced, Now Restored
BOTNET
- Mirai Botnet Operator Ordered to Pay $8.6 Million
- ‘DemonBot' Botnet Targets Hadoop Servers
- Rise of the Bots
RANSOMWARE
- The Ransomware Attack on a North Carolina Water Utility May Not Have Been What it Seemed
- Ransomware and the enterprise: A new white paper
- DDoS and ransomware tools for starter and experienced cybercriminals exposed
- #Antivirus SW alone can't stop new #malware or #ransomware. by @MariaKorolov -
- Have you ever wondered why #ransomware attacks happen on the Friday before a long weekend? We've teamed up with @SentinelOne
CRYPTOMINING & CRYPTOCURRENCIES
- Mac CryptoCurrency Price Tracker Caught Installing Backdoors
- Mac cryptocurrency ticker app installs backdoors
- Call of Duty players caught up in cryptocurrency theft racket
- Cyber-criminals exploit misconfigured container to deliver cryptominer
- Crooks continue to abuse exposed Docker APIs for Cryptojacking
- Revolutionary Blockchain 3.0 Under CSE Platform
MALWARE
- Videos and MS Office documents - ingredients for a malware attack
- Word documents seemingly carrying videos can deliver malicious code instead
- Downloading Google Chrome via Microsoft Edge Endangered by Malware
- Windows 10 UWP Bug Could Give Malicious Devs Access To All Your Files
- Advanced Malware Protection Affected by Bug That Can Inhibit Intrusion Detection
- Windows 10 UWP bug could give malicious devs access to all your files
- Malware That Accompanies Google Chrome Download Detected
- 'Narwhal Spider' group's spam campaign targets Japanese recipients with URLZone malware
- Vulnerability found in Sophos anti-malware product
- Privacy concerns cooling #InternetOfThings adoption in US & Europe, with consumers concerned about #DataLeaks, malware and product security (via @FSecure)
- Same Old yet Brand-new: New File Types Emerge in Malware Spam Attachments
- #Antivirus SW alone can't stop new #malware or #ransomware. by @MariaKorolov -
- Beware! Downloader Malware Disguised as Game Apps Found On Google Play with More Than 51,100 Installations
- Microsoft Bing Delivered Dangerous Malware When You Try to Download Google Chrome
EXPLOIT
- Researchers exploit Microsoft Word through embedded video
- Cyber-criminals exploit misconfigured container to deliver cryptominer
- Our adventures at @thezdi Pwn2Own Desktop 2018 for Apple Safari exploit whitepaper (https://labs.mwrinfosecurity.com/assets/BlogFiles/apple-safari-pwn2own-vuln-write-up-2018-10-29-final.pdf …) and @t2.fi slides release (https://labs.mwrinfosecurity.com/assets/BlogFiles/mwri-t2-big-game-fuzzing-pwn2own-safari-final.pdf …)
VULNERABILITY
- SandboxEscaper expert is back and disclosed a new Windows Zero-Day
- IoT Flaw Allows Hijacking of Connected Construction Cranes
- Remote Denial of Service Vulnerability Patched in Squid Proxy Cache Server
- X.Org Flaw Allows Privilege Escalation in Linux Systems
- X.Org Flaw Exposes Unix-Like OSes to Attacks
- Windows 10 UWP Bug Could Give Malicious Devs Access To All Your Files
- X.org Bug Bites OpenBSD And Other Big Operating Systems
- If your company uses Windows 10, watch out: there are new vulnerabilities about
- Advanced Malware Protection Affected by Bug That Can Inhibit Intrusion Detection
- Logical Bug in Microsoft Word's 'Online Video' Allows Code Execution
- Windows 10 UWP bug could give malicious devs access to all your files
- Windows 10 Bug Allowed UWP Apps Full Access to File System
- Magecart Exploits Zero Day Vulnerabilities
- Serious Vulnerability Discovered In X.Org Server Affects Major Linux and BSD Variants
- Security Vulnerability in Internet-Connected Construction Cranes
- Systemd flaw could cause the crash or hijack of vulnerable Linux machines
- Pentagon’s big audit will inspect for cybersecurity flaws, comptroller says
- Vulnerability found in Sophos anti-malware product
- Flaws in brain stimulation tech could let hackers erase or hold memories for ransom
- Cisco patched a command injection vulnerability in Webex Meetings
- Vulnerability In Microsoft Word Online Video Feature Allows for Phishing
ASIA
- Future Investment Initiative Conference Website, Defaced, Now Restored
- Cathay Pacific Suffers World’s Largest Airline Data Breach
- Serious Vulnerability Discovered In X.Org Server Affects Major Linux and BSD Variants
- 'Narwhal Spider' group's spam campaign targets Japanese recipients with URLZone malware
- Same Old yet Brand-new: New File Types Emerge in Malware Spam Attachments
- Revolutionary Blockchain 3.0 Under CSE Platform
- Leaked: iOS 12.1 will be released on October 30th
WORLD
- Phishing spikes as private health continues to be most breached sector in Australia
- Future Investment Initiative Conference Website, Defaced, Now Restored
- Here's how to defend your enterprise from Magecart
- Breaking News: Securonix Threat Research: British Airways Breach
- Cathay Pacific Suffers World’s Largest Airline Data Breach
- sLoad and Ramnit Campaign Against UK and Italy
- Magecart Exploits Zero Day Vulnerabilities
- Understanding mass data fragmentation
- Secret Service Confirms Focus on Email Compromise Cybercrimes Worth $12 Billion
- Man Ordered to Pay $8.6 Million for Launching DDoS Attacks against Rutgers University
- Security Vulnerability in Internet-Connected Construction Cranes
- Girl Scouts Alerted to Possible Data Breach
- What can we do to tackle today’s phishing epidemic?
- Privacy concerns cooling #InternetOfThings adoption in US & Europe, with consumers concerned about #DataLeaks, malware and product security (via @FSecure)
- Das Geschäft mit gestohlenen Login-Daten von Privatnutzern und Unternehmensanwendern boomt. US-Journalist Brian Krebs beziffert die "Ausbeute" bei mehreren 100.000 US-Dollar
- The Worst Data Breach till Now 2018, and What It Means
- Same Old yet Brand-new: New File Types Emerge in Malware Spam Attachments
- Cisco patched a command injection vulnerability in Webex Meetings
- Leaked: iOS 12.1 will be released on October 30th
ATTACKS
- Phishing spikes as private health continues to be most breached sector in Australia
- Girl Scouts Issues Data Breach Warning to 2,800 Members
- Nation-State Phishing: A Country-Sized Catch
- A new phishing report reveals Microsoft, Paypal, and Netflix are among the top brands impersonated by phishing attacks.
Attackers tend to
- This is getting worse and worse. And is going to normalize and lead to much more successful phishing through SMS
- Cathay Pacific Suffers World’s Largest Airline Data Breach
- League of Legends Gamers Targeted by Phishing Scam | Avast
- sLoad and Ramnit Campaign Against UK and Italy
- Secret Service Confirms Focus on Email Compromise Cybercrimes Worth $12 Billion
- Girl Scouts Alerted to Possible Data Breach
- 'Narwhal Spider' group's spam campaign targets Japanese recipients with URLZone malware
- DDoS and ransomware tools for starter and experienced cybercriminals exposed
- Biggest Manufacturing Data Breaches of the 21st Century
- What can we do to tackle today’s phishing epidemic?
- Das Geschäft mit gestohlenen Login-Daten von Privatnutzern und Unternehmensanwendern boomt. US-Journalist Brian Krebs beziffert die "Ausbeute" bei mehreren 100.000 US-Dollar
- The Worst Data Breach till Now 2018, and What It Means
- Crooks continue to abuse exposed Docker APIs for Cryptojacking
- IoT users uncertain if personal data is shared across multiple devices
- 19% still save their password on a piece of paper
- Hackers Breach System of Healthcare.Gov Exposing Personal Data of 75,000 Users
- Hackers steal personal data of up to 9.4 million Cathay Pacific passengers
- Leaked: iOS 12.1 will be released on October 30th
- Vulnerability In Microsoft Word Online Video Feature Allows for Phishing
- 33,000 Accounting Inbox Credentials Exposed Online: BEC Made Easy | Read the details here:
THREATS
- Videos and MS Office documents - ingredients for a malware attack
- SandboxEscaper expert is back and disclosed a new Windows Zero-Day
- IoT Flaw Allows Hijacking of Connected Construction Cranes
- Mac CryptoCurrency Price Tracker Caught Installing Backdoors
- Mac cryptocurrency ticker app installs backdoors
- Word documents seemingly carrying videos can deliver malicious code instead
- Remote Denial of Service Vulnerability Patched in Squid Proxy Cache Server
- X.Org Flaw Allows Privilege Escalation in Linux Systems
- Downloading Google Chrome via Microsoft Edge Endangered by Malware
- The Ransomware Attack on a North Carolina Water Utility May Not Have Been What it Seemed
- X.Org Flaw Exposes Unix-Like OSes to Attacks
- Windows 10 UWP Bug Could Give Malicious Devs Access To All Your Files
- X.org Bug Bites OpenBSD And Other Big Operating Systems
- If your company uses Windows 10, watch out: there are new vulnerabilities about
- Advanced Malware Protection Affected by Bug That Can Inhibit Intrusion Detection
- Logical Bug in Microsoft Word's 'Online Video' Allows Code Execution
- Call of Duty players caught up in cryptocurrency theft racket
- Ransomware and the enterprise: A new white paper
- Windows 10 UWP bug could give malicious devs access to all your files
- Windows 10 Bug Allowed UWP Apps Full Access to File System
- Magecart Exploits Zero Day Vulnerabilities
- Serious Vulnerability Discovered In X.Org Server Affects Major Linux and BSD Variants
- Malware That Accompanies Google Chrome Download Detected
- Security Vulnerability in Internet-Connected Construction Cranes
- 'Narwhal Spider' group's spam campaign targets Japanese recipients with URLZone malware
- Cyber-criminals exploit misconfigured container to deliver cryptominer
- DDoS and ransomware tools for starter and experienced cybercriminals exposed
- Systemd flaw could cause the crash or hijack of vulnerable Linux machines
- Pentagon’s big audit will inspect for cybersecurity flaws, comptroller says
- Vulnerability found in Sophos anti-malware product
- Flaws in brain stimulation tech could let hackers erase or hold memories for ransom
- Privacy concerns cooling #InternetOfThings adoption in US & Europe, with consumers concerned about #DataLeaks, malware and product security (via @FSecure)
- Same Old yet Brand-new: New File Types Emerge in Malware Spam Attachments
- Crooks continue to abuse exposed Docker APIs for Cryptojacking
- Revolutionary Blockchain 3.0 Under CSE Platform
- #Antivirus SW alone can't stop new #malware or #ransomware. by @MariaKorolov -
- Beware! Downloader Malware Disguised as Game Apps Found On Google Play with More Than 51,100 Installations
- Cisco patched a command injection vulnerability in Webex Meetings
- Have you ever wondered why #ransomware attacks happen on the Friday before a long weekend? We've teamed up with @SentinelOne
- Microsoft Bing Delivered Dangerous Malware When You Try to Download Google Chrome
- Vulnerability In Microsoft Word Online Video Feature Allows for Phishing
CRIME
- Future Investment Initiative Conference Website, Defaced, Now Restored
- Here's how to defend your enterprise from Magecart
- Breaking News: Securonix Threat Research: British Airways Breach
- Mirai Botnet Operator Ordered to Pay $8.6 Million
- Cathay Pacific Suffers World’s Largest Airline Data Breach
- Call of Duty players caught up in cryptocurrency theft racket
- League of Legends Gamers Targeted by Phishing Scam | Avast
- Malware That Accompanies Google Chrome Download Detected
- Secret Service Confirms Focus on Email Compromise Cybercrimes Worth $12 Billion
- Man Ordered to Pay $8.6 Million for Launching DDoS Attacks against Rutgers University
- Girl Scouts Alerted to Possible Data Breach
- Mirai Author Gets House Arrest for DDoS Attacks on University
- DDoS and ransomware tools for starter and experienced cybercriminals exposed
- What can we do to tackle today’s phishing epidemic?
- Revolutionary Blockchain 3.0 Under CSE Platform
- 33,000 Accounting Inbox Credentials Exposed Online: BEC Made Easy | Read the details here:
POLITICS
- Future Investment Initiative Conference Website, Defaced, Now Restored
- Secret Service Confirms Focus on Email Compromise Cybercrimes Worth $12 Billion
- What can we do to tackle today’s phishing epidemic?
