DATA BREACH & DATA LOSS
- California Girl Scouts branch suffers data breach
- IT Security Culture Evolution of Businesses Exposed
- Canada Post Leaked Personal Data of 4,500 Cannabis Customers
- 689,272 plaintext records of Amex India customers exposed online
- 3.6 Billion Records Exposed in Data Breaches Until the End September 2018
- DJI Drone Flight Logs, Photos and Videos Exposed to Unauthorized Access
- Canada Post Leaked Personal Data On Cannabis Smokers
- Drone Vulnerability Could Compromise Enterprise Data
- Oracle's VirtualBox Vulnerability Leaked By Disgruntled Researcher
- Radisson Loyalty Program Compromised
- Test Your Employees with Internal Phishing Campaigns
- DJI Drone Vulnerability Exposed Customer Data, Flight Logs, Photos and Videos
- Business email compromise attacks cost over $676 million in 2017, according to the @FBI's Internet #CrimeReport. Learn how to recognize
- According to the 2018 Cost of a Data Breach Study by @PonemonPrivacy & @IBM, the global average cost of a
- Canada Post leaked personal data, orders of thousands of cannabis smokers
- HSBC Bank Alerts US Customers to Data Breach
- StatCounter platform compromised to infect gate.io exchange with bitcoin-stealing code
- Users Stop Engaging With Brands After Data Breaches, Report Finds
- Phishing extortion campaign using new, more effective methods
- Gamasutra user privacy fragged following IP leak discovery
- HSBC confirms data theft in the United States
- Increasing value of personal data a 21st century challenge
DENIAL-OF-SERVICE
- Cambodia's ISPs Hit By Massive DDoS Attacks
- DerpTroll Admits To DDoS On EA, Steam, Sony Game Servers
- 4 Cambodia’s ISPs Attacked by DDoS
- DDoS attack on Cambodia’s top ISPs reached 150Gbps
- Man Behind DDoS Attacks on Gaming Companies Pleads Guilty
- To Pay or Not to Pay: A Large Retailer Responds to #DDoS Extortion
Find out what happened here:
- Cambodia's ISPs hit by some of the biggest DDoS attacks in the country's history
- Hacker Behind Series of DoS Attack Targeting Gaming Companies Pleaded Guilty
MALVERTISING
Nil
PHISHING
- Test Your Employees with Internal Phishing Campaigns
- Most IT Security Pros Underestimate Phishing Risks
- Most Enterprises Fail to Implement Proper Protection Against Phishing Attacks
- Phishing extortion campaign using new, more effective methods
- How many of these bad password habits do you have?
- Good article about the password problem and a statistic that shows just how bad a problem it has now become...
WEB DEFACEMENT
Nil
BOTNET
- Botnet Infects 100,000 Routers to Send Outlook, Hotmail, and Yahoo Spam
- New Spam Botnet Likely Infected 400,000 Devices
- Spam-spewing IoT botnet infects 100,000 routers using five-year-old flaw
- Spam-spewing IoT botnet infects 100,000 routers using five-year-old flaw
- Spam Botnet of Over 100K Routers Abuses UPnP
RANSOMWARE
- Dharma Ransomware Hits Altus Baytown Hospital's Systems
CRYPTOMINING & CRYPTOCURRENCIES
- Hackers Charged for Creating 6K Strong Cryptojacking Network
- Can Blockchain Solve The Problem of Blood Diamonds?
- Hackers Attack Crypto Exchange With Bitcoin-Stealing Malware
- Managing the Intersection of Cryptocurrency and Compliance
- Hackers from North Korea still breaking into PCs for mining crypto-currencies
- SIM Swapping Hacker Group Who Managed to Steal $80,000 Worth of Cryptocurrency Got Arrested
- Cryptocurrency Mining Malware uses Various Evasion Techniques, Including Windows Installer, as Part of its Routine
- Beware of scams! Elon Musk is not giving away bitcoin on Twitter
- StatCounter platform compromised to infect gate.io exchange with bitcoin-stealing code
- Canadian University Undergoes A Forced Shutdown After Cryptojacking Attack
- StatCounter Analytics Code Hijacked to Steal Bitcoins from Cryptocurrency Users
MALWARE
- Triton Malware Spearheads Latest Generation of Attacks on Industrial Systems
- Pentagon Draws Back the Veil on APT Malware with Sudden Embrace of VirusTotal
- Google: Newer Android versions are less affected by malware
- Attack uses malicious InPage document and outdated VLC media player to give attackers backdoor access to targets
- Symantec Uncovers North Korean Group's ATM Attack Malware
- Metamorfo Banking Trojan Keeps Its Sights on Brazil
- Hackers Attack Crypto Exchange With Bitcoin-Stealing Malware
- The Pentagon has suddenly started uploading #malware samples from APTs and other nation-state sources to the website VirusTotal.
- Symantec researchers dissect North Korean malware used in ATM attacks
- Banking Malware Takes Aim at Brazilians
- Cryptocurrency Mining Malware uses Various Evasion Techniques, Including Windows Installer, as Part of its Routine
- The Cyber National Mission Force will share unclassified U.S. Cyber Command #malware samples to #VirusTotal and one expert hopes there
- U.S. Cyber Command CNMF Shares unclassified malware samples via VirusTotal
- US Cyber Command starts uploading foreign APT malware to VirusTotal
- U.S. Cyber Command malware samples to be logged in VirusTotal
- Metamorfo Banking Trojan Keeps Its Sights on Brazil
- Spyware disguised as Spanish banking apps removed from Google Play
- Unclassified #malware samples from U.S. Cyber Command will be shared with @virustotal by the Cyber National Mission Force. @MalwareJake @stephengillett
- Did you miss yesterday's #blog? Catch up on how fileless #malware is changing the way we as organizations are treating
- "The presence of the insecure remote access software on systems used for election management raised concerns that malicious #ThreatActors --
- U.S. Cyber Command Shares Malware via VirusTotal
- US Cyber Command starts uploading foreign APT malware to VirusTotal
EXPLOIT
- Cisco hunts for Apache Struts 2 FileUpload bug and finds DIRTY CoW exploit
- Cisco Accidentally Released Dirty Cow Exploit Code in Software
- VirtualBox zero-day flaw released on Github; working exploit available but no patch
- Unpatched VirtualBox Zero-Day Vulnerability and Exploit Released Online
VULNERABILITY
- Companies swamped by critical vulnerabilities – Tenable
- Cisco hunts for Apache Struts 2 FileUpload bug and finds DIRTY CoW exploit
- Bleedingbit Vulnerabilities Could Affect Enterprises Worldwide
- Steam bug could have given you access to all the CD keys of any game
- Drone Vulnerability Could Compromise Enterprise Data
- Oracle's VirtualBox Vulnerability Leaked By Disgruntled Researcher
- [SingCERT] Alert on Nginx Vulnerabilities (CVE-2018-16843, CVE-2018-16844, and CVE-2018-16845)
- Active Exploitation of Newly Patched ColdFusion Vulnerability (CVE-2018-15961)
- Several Vulnerabilities Patched in nginx
- Flaws in several self-encrypting SSDs allows attackers to decrypt data they contain
- WooCommerce Plugin file deletion vulnerability exposes WordPress 'failing open' design flaw
- VirtualBox zero-day flaw released on Github; working exploit available but no patch
- DJI Drone Vulnerability Exposed Customer Data, Flight Logs, Photos and Videos
- DJI Patches Forum Bug That Allowed Drone Account Takeovers
- Spam-spewing IoT botnet infects 100,000 routers using five-year-old flaw
- Ranting researcher publishes VM-busting zero-day without warning
- Spam-spewing IoT botnet infects 100,000 routers using five-year-old flaw
- DJI Drone Vulnerability
- iOS 12.1 Vulnerability
- Encryption flaws in solid state drives enable unauthorised data access
- Microsoft Bug is Deactivating Windows 10 Pro Licenses and Downgrading to Home
- Ranting researcher publishes #VM-busting zero-day without warning
- We don' need no stinkin' bounties: VirtualBox guest-to-host escape zero-day lands at GitHub
- Vulnerabilities In Major Self-Encrypting SSDs Allow Encryption Bypass and Affect Bitlocker
- [SingCERT] Alert on Critical Apache Struts 2 Remote Code Execution Vulnerability (CVE-2016-1000031)
- XSS flaw in Evernote allows attackers to execute commands and steal files
- Critical authentication flaw in DJI drone web app fixed
- Commoditization of Computing Hardware and the Bugs It Contains
- 4 Million Shops Installed WooCommerce Plugin RCE Flaw Allows Attacker to Gain WordPress Sites Admin Access
- A year later, @amarekano's Android overlay bug has been included in the AOSP November 2018 patched notes as CVE-2018-9524
- Unpatched VirtualBox Zero-Day Vulnerability and Exploit Released Online
ASIA
- Triton Malware Spearheads Latest Generation of Attacks on Industrial Systems
- 689,272 plaintext records of Amex India customers exposed online
- Cambodia's ISPs Hit By Massive DDoS Attacks
- Attack uses malicious InPage document and outdated VLC media player to give attackers backdoor access to targets
- Active Exploitation of Newly Patched ColdFusion Vulnerability (CVE-2018-15961)
- Symantec Uncovers North Korean Group's ATM Attack Malware
- Lazarus Group Targets Bank Networks to Rob ATMs
- 4 Cambodia’s ISPs Attacked by DDoS
- Hackers from North Korea still breaking into PCs for mining crypto-currencies
- DDoS attack on Cambodia’s top ISPs reached 150Gbps
- Symantec researchers dissect North Korean malware used in ATM attacks
- SIM Swapping Hacker Group Who Managed to Steal $80,000 Worth of Cryptocurrency Got Arrested
- Spam Botnet of Over 100K Routers Abuses UPnP
- Cambodia's ISPs hit by some of the biggest DDoS attacks in the country's history
- HSBC confirms data theft in the United States
- Commoditization of Computing Hardware and the Bugs It Contains
WORLD
- Bleedingbit Vulnerabilities Could Affect Enterprises Worldwide
- Triton Malware Spearheads Latest Generation of Attacks on Industrial Systems
- Canada Post Leaked Personal Data of 4,500 Cannabis Customers
- 689,272 plaintext records of Amex India customers exposed online
- Canada Post Leaked Personal Data On Cannabis Smokers
- Attack uses malicious InPage document and outdated VLC media player to give attackers backdoor access to targets
- Active Exploitation of Newly Patched ColdFusion Vulnerability (CVE-2018-15961)
- Metamorfo Banking Trojan Keeps Its Sights on Brazil
- Lazarus Group Targets Bank Networks to Rob ATMs
- Hackers Attack Crypto Exchange With Bitcoin-Stealing Malware
- Flaws in several self-encrypting SSDs allows attackers to decrypt data they contain
- Most IT Security Pros Underestimate Phishing Risks
- Hackers from North Korea still breaking into PCs for mining crypto-currencies
- Symantec researchers dissect North Korean malware used in ATM attacks
- Banking Malware Takes Aim at Brazilians
- Cryptocurrency Mining Malware uses Various Evasion Techniques, Including Windows Installer, as Part of its Routine
- iOS 12.1 Vulnerability
- Beware of scams! Elon Musk is not giving away bitcoin on Twitter
- Spam Botnet of Over 100K Routers Abuses UPnP
- The Cyber National Mission Force will share unclassified U.S. Cyber Command #malware samples to #VirusTotal and one expert hopes there
- U.S. Cyber Command CNMF Shares unclassified malware samples via VirusTotal
- Encryption flaws in solid state drives enable unauthorised data access
- Canada Post leaked personal data, orders of thousands of cannabis smokers
- HSBC Bank Alerts US Customers to Data Breach
- US Cyber Command starts uploading foreign APT malware to VirusTotal
- U.S. Cyber Command malware samples to be logged in VirusTotal
- Metamorfo Banking Trojan Keeps Its Sights on Brazil
- Spyware disguised as Spanish banking apps removed from Google Play
- Unclassified #malware samples from U.S. Cyber Command will be shared with @virustotal by the Cyber National Mission Force. @MalwareJake @stephengillett
- Canadian University Undergoes A Forced Shutdown After Cryptojacking Attack
- U.S. Cyber Command Shares Malware via VirusTotal
- HSBC confirms data theft in the United States
- US Cyber Command starts uploading foreign APT malware to VirusTotal
ATTACKS
- California Girl Scouts branch suffers data breach
- IT Security Culture Evolution of Businesses Exposed
- Canada Post Leaked Personal Data of 4,500 Cannabis Customers
- 689,272 plaintext records of Amex India customers exposed online
- 3.6 Billion Records Exposed in Data Breaches Until the End September 2018
- DJI Drone Flight Logs, Photos and Videos Exposed to Unauthorized Access
- Canada Post Leaked Personal Data On Cannabis Smokers
- Drone Vulnerability Could Compromise Enterprise Data
- Oracle's VirtualBox Vulnerability Leaked By Disgruntled Researcher
- Radisson Loyalty Program Compromised
- Test Your Employees with Internal Phishing Campaigns
- Most IT Security Pros Underestimate Phishing Risks
- DJI Drone Vulnerability Exposed Customer Data, Flight Logs, Photos and Videos
- Business email compromise attacks cost over $676 million in 2017, according to the @FBI's Internet #CrimeReport. Learn how to recognize
- Most Enterprises Fail to Implement Proper Protection Against Phishing Attacks
- According to the 2018 Cost of a Data Breach Study by @PonemonPrivacy & @IBM, the global average cost of a
- Canada Post leaked personal data, orders of thousands of cannabis smokers
- HSBC Bank Alerts US Customers to Data Breach
- StatCounter platform compromised to infect gate.io exchange with bitcoin-stealing code
- Users Stop Engaging With Brands After Data Breaches, Report Finds
- Phishing extortion campaign using new, more effective methods
- Gamasutra user privacy fragged following IP leak discovery
- How many of these bad password habits do you have?
- HSBC confirms data theft in the United States
- Increasing value of personal data a 21st century challenge
- Good article about the password problem and a statistic that shows just how bad a problem it has now become...
THREATS
- Companies swamped by critical vulnerabilities – Tenable
- Cisco hunts for Apache Struts 2 FileUpload bug and finds DIRTY CoW exploit
- Bleedingbit Vulnerabilities Could Affect Enterprises Worldwide
- Triton Malware Spearheads Latest Generation of Attacks on Industrial Systems
- Pentagon Draws Back the Veil on APT Malware with Sudden Embrace of VirusTotal
- Google: Newer Android versions are less affected by malware
- Hackers Charged for Creating 6K Strong Cryptojacking Network
- Dharma Ransomware Hits Altus Baytown Hospital's Systems
- Steam bug could have given you access to all the CD keys of any game
- Drone Vulnerability Could Compromise Enterprise Data
- Oracle's VirtualBox Vulnerability Leaked By Disgruntled Researcher
- [SingCERT] Alert on Nginx Vulnerabilities (CVE-2018-16843, CVE-2018-16844, and CVE-2018-16845)
- Attack uses malicious InPage document and outdated VLC media player to give attackers backdoor access to targets
- Can Blockchain Solve The Problem of Blood Diamonds?
- Active Exploitation of Newly Patched ColdFusion Vulnerability (CVE-2018-15961)
- Symantec Uncovers North Korean Group's ATM Attack Malware
- Several Vulnerabilities Patched in nginx
- Metamorfo Banking Trojan Keeps Its Sights on Brazil
- Hackers Attack Crypto Exchange With Bitcoin-Stealing Malware
- The Pentagon has suddenly started uploading #malware samples from APTs and other nation-state sources to the website VirusTotal.
- Flaws in several self-encrypting SSDs allows attackers to decrypt data they contain
- WooCommerce Plugin file deletion vulnerability exposes WordPress 'failing open' design flaw
- Managing the Intersection of Cryptocurrency and Compliance
- VirtualBox zero-day flaw released on Github; working exploit available but no patch
- Hackers from North Korea still breaking into PCs for mining crypto-currencies
- DJI Drone Vulnerability Exposed Customer Data, Flight Logs, Photos and Videos
- DJI Patches Forum Bug That Allowed Drone Account Takeovers
- Spam-spewing IoT botnet infects 100,000 routers using five-year-old flaw
- Symantec researchers dissect North Korean malware used in ATM attacks
- SIM Swapping Hacker Group Who Managed to Steal $80,000 Worth of Cryptocurrency Got Arrested
- Ranting researcher publishes VM-busting zero-day without warning
- Spam-spewing IoT botnet infects 100,000 routers using five-year-old flaw
- Banking Malware Takes Aim at Brazilians
- DJI Drone Vulnerability
- Cryptocurrency Mining Malware uses Various Evasion Techniques, Including Windows Installer, as Part of its Routine
- iOS 12.1 Vulnerability
- Beware of scams! Elon Musk is not giving away bitcoin on Twitter
- The Cyber National Mission Force will share unclassified U.S. Cyber Command #malware samples to #VirusTotal and one expert hopes there
- U.S. Cyber Command CNMF Shares unclassified malware samples via VirusTotal
- Encryption flaws in solid state drives enable unauthorised data access
- Microsoft Bug is Deactivating Windows 10 Pro Licenses and Downgrading to Home
- Ranting researcher publishes #VM-busting zero-day without warning
- We don' need no stinkin' bounties: VirtualBox guest-to-host escape zero-day lands at GitHub
- StatCounter platform compromised to infect gate.io exchange with bitcoin-stealing code
- Vulnerabilities In Major Self-Encrypting SSDs Allow Encryption Bypass and Affect Bitlocker
- [SingCERT] Alert on Critical Apache Struts 2 Remote Code Execution Vulnerability (CVE-2016-1000031)
- US Cyber Command starts uploading foreign APT malware to VirusTotal
- U.S. Cyber Command malware samples to be logged in VirusTotal
- Metamorfo Banking Trojan Keeps Its Sights on Brazil
- Spyware disguised as Spanish banking apps removed from Google Play
- XSS flaw in Evernote allows attackers to execute commands and steal files
- Unclassified #malware samples from U.S. Cyber Command will be shared with @virustotal by the Cyber National Mission Force. @MalwareJake @stephengillett
- Canadian University Undergoes A Forced Shutdown After Cryptojacking Attack
- Did you miss yesterday's #blog? Catch up on how fileless #malware is changing the way we as organizations are treating
- "The presence of the insecure remote access software on systems used for election management raised concerns that malicious #ThreatActors --
- U.S. Cyber Command Shares Malware via VirusTotal
- Critical authentication flaw in DJI drone web app fixed
- Commoditization of Computing Hardware and the Bugs It Contains
- 4 Million Shops Installed WooCommerce Plugin RCE Flaw Allows Attacker to Gain WordPress Sites Admin Access
- A year later, @amarekano's Android overlay bug has been included in the AOSP November 2018 patched notes as CVE-2018-9524
- StatCounter Analytics Code Hijacked to Steal Bitcoins from Cryptocurrency Users
- Unpatched VirtualBox Zero-Day Vulnerability and Exploit Released Online
- US Cyber Command starts uploading foreign APT malware to VirusTotal
CRIME
- California Girl Scouts branch suffers data breach
- 3.6 Billion Records Exposed in Data Breaches Until the End September 2018
- Can Blockchain Solve The Problem of Blood Diamonds?
- Radisson Loyalty Program Compromised
- Test Your Employees with Internal Phishing Campaigns
- Lazarus Group Targets Bank Networks to Rob ATMs
- Hackers Attack Crypto Exchange With Bitcoin-Stealing Malware
- Hackers from North Korea still breaking into PCs for mining crypto-currencies
- Business email compromise attacks cost over $676 million in 2017, according to the @FBI's Internet #CrimeReport. Learn how to recognize
- Symantec researchers dissect North Korean malware used in ATM attacks
- Top 5 Threats Healthcare Organizations Face and How to Combat Them
- Man Behind DDoS Attacks on Gaming Companies Pleads Guilty
- DerpTrolling game server DoS attacker pleads guilty
- HSBC Bank Alerts US Customers to Data Breach
- Phishing extortion campaign using new, more effective methods
- To Pay or Not to Pay: A Large Retailer Responds to #DDoS Extortion
Find out what happened here:
- Spyware disguised as Spanish banking apps removed from Google Play
- Hacker Behind Series of DoS Attack Targeting Gaming Companies Pleaded Guilty
- HSBC confirms data theft in the United States
POLITICS
- Triton Malware Spearheads Latest Generation of Attacks on Industrial Systems
- Active Exploitation of Newly Patched ColdFusion Vulnerability (CVE-2018-15961)
- Lazarus Group Targets Bank Networks to Rob ATMs
- 4 Cambodia’s ISPs Attacked by DDoS
- Flaws in several self-encrypting SSDs allows attackers to decrypt data they contain
- Hackers from North Korea still breaking into PCs for mining crypto-currencies
- "The presence of the insecure remote access software on systems used for election management raised concerns that malicious #ThreatActors --
