DATA BREACH & DATA LOSS
- 21K Donors Had Their Personal Info Leaked Following Kars4Kids Data Breach
- Google services collapsed due to BGP leak
- Google services collapsed due to BGP leak
- Facebook vulnerability could have leaked your private information – again
- Cathay Apologizes Over Data Breach but Denies Cover-up
- Business Email Compromise - When You Don’t Need to Phish:
- Australian Senate extends My Health Record opt-out period
- The July edition of Beazley Breach Insights found that business email compromise attacks have been rising steadily. Is business email
- Microsoft covertly collects personal data from enterprise Office ProPlus users
- Facebook flaw could have exposed private info of users and their friends
- Hunt finally submits to My Health Record arm-twists as opt-out window extended
- This year’s success adds to @MWRLabs’ #Pwn2Own existing track record, which includes demo attacks against Chrome.
- The @mwrlabs research team used zero-day vulnerabilities to compromise smart phones from Xiaomi and Samsung.
- Healthcare.gov Health Data Breach Exposes Personal Data
- Facebook Patches Another Vulnerability That Exposed User’s Private Information
- Senate votes to extend My Health Record opt-out to January 31
DENIAL-OF-SERVICE
- Just because you're paranoid doesn't mean hackers won't nuke your employer into the ground tomorrow
- A Large Retailer Responds to #DDoS Extortion: To Pay or Not to Pay?
MALVERTISING
Nil
PHISHING
- Did you by chance hack OPM back in 2015? Good news, your password probably still works!
- Business Email Compromise - When You Don’t Need to Phish:
- Is it time to change your password? Check out this list of the 25 worst passwords for 2018 and make
- Support wouldn’t change his password, so he mailed them a bomb
- Public get Warning from Scotts Bluff County Sheriff’s Office about a Phishing Email Scam
- BDO Unibank Warned its Customers to Remain Beware from New Phishing Scheme
WEB DEFACEMENT
Nil
BOTNET
- 'Mylobot' botnet now downloading second-stage malware meant to siphon data
- Airlines Have a Big Problem with Bad Bots
- A 100k routers around the world are on the botnet to conduct emails spam
RANSOMWARE
- 1,000 Bitcoins Ransom Asked from Media Prima After Successful Ransomware Attack
- Targeted ransomware attacks – SophosLabs 2019 Threat Report
- Ransomware is the leading cyber threat experienced by SMBs
- Key takeaways from Datto’s State of the Channel Ransomware Report 2018
- Big Game Hunting: The Evolution of INDRIK SPIDER From Dridex Wire Fraud to BitPaymer Targeted Ransomware
CRYPTOMINING & CRYPTOCURRENCIES
- Bitcoin Giveaway Scam Balloons, with Google the Latest Victim
- French Data Protection Authority Issues Guidance on Interaction of Blockchain Technology with GDPR
- Cryptojacking, Mobile Malware Growing Threats to the Enterprise
- Why cryptojacking malware is a bigger threat to your PC than you realise
- Don’t fall for fake NEO, Tether and MetaMask cryptocurrency wallets on Google Play
- Researchers recently discovered a new #MacOS #malware that targets #cryptocurrency investors through chat platforms. Discover how this is possible and
- Bitcoin fraud on the official Twitter account of Google GSuite
MALWARE
- 'Mylobot' botnet now downloading second-stage malware meant to siphon data
- FlawedAmmy, the Only RAT in CheckPoint’s Global Threat Index 2018 List
- Ad-Injecting Mac Malware Rediscovered
- Monitoring file output for malicious code 'could have stopped BA attack more quickly'
- It's Amateur Hour In The World Of Spyware And Victims Will Pay The Price
- Cryptojacking, Mobile Malware Growing Threats to the Enterprise
- A bypass was found by @okta researchers that allows #macOS #malware to pose as @Apple files despite needing to be
- Why cryptojacking malware is a bigger threat to your PC than you realise
- Researchers recently discovered a new #MacOS #malware that targets #cryptocurrency investors through chat platforms. Discover how this is possible and
- Holiday Shopping Tip 1: Inoculate Your Computer
You need to protect against malware with regular updates to your anti-virus program and
- Researchers demo how machine learning can be used to track Gh0st RAT variants
- This remote access trojan just popped up on malware's most wanted list
- Do you believe that the application #security vetting process would benefit from the addition of an entropy source?
- How does signed software help mitigate malware?
- Beers with Talos Ep. #41: Sex, money and malware
- Cyber security is a process: Prevent, Detect, Respond, Predict. @5ean5ullivan @FSecure @ohjelmisto_ry
- Are you safe on social? "Countering the Social Hack" a 5-step process from ZF CEO @FirstNameFoster in @BRINKNewsNow
- FlawedAmmy: Dangerous RAT enteres most wanted malware list
- Card skimming malware removed from Infowars online store
EXPLOIT
- Chinese APT Group Exploit Fixed Critical Adobe ColdFusion Vulnerability On Unpatched Servers
- Zero-day Windows exploit fix stars in November Patch Tuesday
- A new exploit for zero-day vulnerability CVE-2018-8589
- This year’s success adds to @MWRLabs’ #Pwn2Own existing track record, which includes demo attacks against Chrome.
VULNERABILITY
- Microsoft Patches RCE Vulnerabilities in Word, Excel, and Windows Search
- Siemens Patches Firewall Flaw That Put Operations at Risk
- Chinese APT Group Exploit Fixed Critical Adobe ColdFusion Vulnerability On Unpatched Servers
- Facebook vulnerability could have leaked your private information – again
- Cyber espionage group used CVE-2018-8589 Windows Zero-Day in Middle East Attacks
- CVE-2018-15961: Adobe ColdFusion Flaw exploited in attacks in the wild
- How Threat Intelligence Prioritizes Risk in Vulnerability Management
- Hackers Taking Over Websites Due to WordPress GDPR Plugin Flaw
- November 2018 Patch Tuesday: Microsoft fixes 63 flaws, one actively exploited zero-day
- Siemens Releases 7 Advisories for SIMATIC, SCALANCE Vulnerabilities
- Adobe Patch Tuesday updates for November 2018 fix known Acrobat flaw
- Zero-day Windows exploit fix stars in November Patch Tuesday
- Microsoft's Patch Tuesday addresses Zero Day vulnerabilities
- Facebook reportedly fixes search bug that could have threatened user privacy
- CyberSecurity Asean security alert on A Vulnerability in Cisco Unity Express Could Allow for Arbitrary Code Execution
- November Patch Tuesday Fixes Another Zero-Day Win32k Bug, Other Public Vulnerabilities
- AVEVA InduSoft Web Studio and InTouch Edge HMI Critical Vulnerabilities Threat Alert
- A #bug allowing websites to capture private data from Facebook users through Chrome has been discovered:
- Microsoft Patches Windows Zero-Day Exploited in Cyber Attacks
- 7 New Meltdown and Spectre-type CPU Flaws Affect Intel, AMD, ARM CPUs
- APT Group Uses Windows Zero-Day in Middle East Attacks
- Facebook flaw could have exposed private info of users and their friends
- A new exploit for zero-day vulnerability CVE-2018-8589
- Adobe November Security Update: fixes multiple vulnerabilities in its products
- Microsoft Released Security Updates & Fixed More than 60 Vulnerabilities Along with Active Windows Zero day
- The @mwrlabs research team used zero-day vulnerabilities to compromise smart phones from Xiaomi and Samsung.
- Exploits confirmed!
Congrats to F-Secure’s @MWRLabs team for another great #Pwn2Own performance. @thezdi
- New Press Release: Team from @FSecure's @MWRLabs demos exploits for previously undisclosed vulnerabilities at Mobile #Pwn2Own competition -
- Facebook Patches Another Vulnerability That Exposed User’s Private Information
- 63 New Flaws (Including 0-Days) Windows Users Need to Patch Now
- Confirmed! The @mwrlabs team used a download bug along with a silent app installation to load their custom app and
ASIA
- 1,000 Bitcoins Ransom Asked from Media Prima After Successful Ransomware Attack
- Weekly Threat Briefing: Adobe ColdFusion Servers Under Attack from APT Group
- Google services collapsed due to BGP leak
- Google services collapsed due to BGP leak
- Chinese APT Group Exploit Fixed Critical Adobe ColdFusion Vulnerability On Unpatched Servers
- CVE-2018-15961: Adobe ColdFusion Flaw exploited in attacks in the wild
- How Threat Intelligence Prioritizes Risk in Vulnerability Management
- Cathay Apologizes Over Data Breach but Denies Cover-up
- Operation FastCash
- Magecart- The Card-Skimming Group and Its Many Faces
- AVEVA InduSoft Web Studio and InTouch Edge HMI Critical Vulnerabilities Threat Alert
- Facebook flaw could have exposed private info of users and their friends
- BDO Unibank Warned its Customers to Remain Beware from New Phishing Scheme
WORLD
- Did you by chance hack OPM back in 2015? Good news, your password probably still works!
- Weekly Threat Briefing: Adobe ColdFusion Servers Under Attack from APT Group
- French Data Protection Authority Issues Guidance on Interaction of Blockchain Technology with GDPR
- Google services collapsed due to BGP leak
- Google services collapsed due to BGP leak
- How Threat Intelligence Prioritizes Risk in Vulnerability Management
- Monitoring file output for malicious code 'could have stopped BA attack more quickly'
- Magecart- The Card-Skimming Group and Its Many Faces
- Infowars Store Affected by Magecart Credit Card Stealing Hack
- Australian Senate extends My Health Record opt-out period
- Alex Jones’ Infowars store was infected with credit card skimming software
- Beers with Talos Ep. #41: Sex, money and malware
- AVEVA InduSoft Web Studio and InTouch Edge HMI Critical Vulnerabilities Threat Alert
- Facebook flaw could have exposed private info of users and their friends
- A 100k routers around the world are on the botnet to conduct emails spam
- Big Game Hunting: The Evolution of INDRIK SPIDER From Dridex Wire Fraud to BitPaymer Targeted Ransomware
ATTACKS
- 21K Donors Had Their Personal Info Leaked Following Kars4Kids Data Breach
- Did you by chance hack OPM back in 2015? Good news, your password probably still works!
- Google services collapsed due to BGP leak
- Google services collapsed due to BGP leak
- Facebook vulnerability could have leaked your private information – again
- Cathay Apologizes Over Data Breach but Denies Cover-up
- Business Email Compromise - When You Don’t Need to Phish:
- Is it time to change your password? Check out this list of the 25 worst passwords for 2018 and make
- Australian Senate extends My Health Record opt-out period
- Support wouldn’t change his password, so he mailed them a bomb
- The July edition of Beazley Breach Insights found that business email compromise attacks have been rising steadily. Is business email
- Microsoft covertly collects personal data from enterprise Office ProPlus users
- Facebook flaw could have exposed private info of users and their friends
- Hunt finally submits to My Health Record arm-twists as opt-out window extended
- This year’s success adds to @MWRLabs’ #Pwn2Own existing track record, which includes demo attacks against Chrome.
- The @mwrlabs research team used zero-day vulnerabilities to compromise smart phones from Xiaomi and Samsung.
- Public get Warning from Scotts Bluff County Sheriff’s Office about a Phishing Email Scam
- BDO Unibank Warned its Customers to Remain Beware from New Phishing Scheme
- Healthcare.gov Health Data Breach Exposes Personal Data
- Facebook Patches Another Vulnerability That Exposed User’s Private Information
- Senate votes to extend My Health Record opt-out to January 31
THREATS
- 'Mylobot' botnet now downloading second-stage malware meant to siphon data
- FlawedAmmy, the Only RAT in CheckPoint’s Global Threat Index 2018 List
- Bitcoin Giveaway Scam Balloons, with Google the Latest Victim
- Microsoft Patches RCE Vulnerabilities in Word, Excel, and Windows Search
- 1,000 Bitcoins Ransom Asked from Media Prima After Successful Ransomware Attack
- Ad-Injecting Mac Malware Rediscovered
- French Data Protection Authority Issues Guidance on Interaction of Blockchain Technology with GDPR
- Siemens Patches Firewall Flaw That Put Operations at Risk
- Chinese APT Group Exploit Fixed Critical Adobe ColdFusion Vulnerability On Unpatched Servers
- Facebook vulnerability could have leaked your private information – again
- Cyber espionage group used CVE-2018-8589 Windows Zero-Day in Middle East Attacks
- CVE-2018-15961: Adobe ColdFusion Flaw exploited in attacks in the wild
- How Threat Intelligence Prioritizes Risk in Vulnerability Management
- Monitoring file output for malicious code 'could have stopped BA attack more quickly'
- Hackers Taking Over Websites Due to WordPress GDPR Plugin Flaw
- November 2018 Patch Tuesday: Microsoft fixes 63 flaws, one actively exploited zero-day
- It's Amateur Hour In The World Of Spyware And Victims Will Pay The Price
- Cryptojacking, Mobile Malware Growing Threats to the Enterprise
- A bypass was found by @okta researchers that allows #macOS #malware to pose as @Apple files despite needing to be
- Siemens Releases 7 Advisories for SIMATIC, SCALANCE Vulnerabilities
- Targeted ransomware attacks – SophosLabs 2019 Threat Report
- Why cryptojacking malware is a bigger threat to your PC than you realise
- Adobe Patch Tuesday updates for November 2018 fix known Acrobat flaw
- Don’t fall for fake NEO, Tether and MetaMask cryptocurrency wallets on Google Play
- Researchers recently discovered a new #MacOS #malware that targets #cryptocurrency investors through chat platforms. Discover how this is possible and
- Zero-day Windows exploit fix stars in November Patch Tuesday
- Holiday Shopping Tip 1: Inoculate Your Computer
You need to protect against malware with regular updates to your anti-virus program and
- Researchers demo how machine learning can be used to track Gh0st RAT variants
- This remote access trojan just popped up on malware's most wanted list
- Microsoft's Patch Tuesday addresses Zero Day vulnerabilities
- Do you believe that the application #security vetting process would benefit from the addition of an entropy source?
- Facebook reportedly fixes search bug that could have threatened user privacy
- How does signed software help mitigate malware?
- CyberSecurity Asean security alert on A Vulnerability in Cisco Unity Express Could Allow for Arbitrary Code Execution
- November Patch Tuesday Fixes Another Zero-Day Win32k Bug, Other Public Vulnerabilities
- Beers with Talos Ep. #41: Sex, money and malware
- AVEVA InduSoft Web Studio and InTouch Edge HMI Critical Vulnerabilities Threat Alert
- A #bug allowing websites to capture private data from Facebook users through Chrome has been discovered:
- Microsoft Patches Windows Zero-Day Exploited in Cyber Attacks
- Cyber security is a process: Prevent, Detect, Respond, Predict. @5ean5ullivan @FSecure @ohjelmisto_ry
- Are you safe on social? "Countering the Social Hack" a 5-step process from ZF CEO @FirstNameFoster in @BRINKNewsNow
- 7 New Meltdown and Spectre-type CPU Flaws Affect Intel, AMD, ARM CPUs
- APT Group Uses Windows Zero-Day in Middle East Attacks
- Facebook flaw could have exposed private info of users and their friends
- A new exploit for zero-day vulnerability CVE-2018-8589
- Bitcoin fraud on the official Twitter account of Google GSuite
- Adobe November Security Update: fixes multiple vulnerabilities in its products
- Microsoft Released Security Updates & Fixed More than 60 Vulnerabilities Along with Active Windows Zero day
- Ransomware is the leading cyber threat experienced by SMBs
- FlawedAmmy: Dangerous RAT enteres most wanted malware list
- The @mwrlabs research team used zero-day vulnerabilities to compromise smart phones from Xiaomi and Samsung.
- Exploits confirmed!
Congrats to F-Secure’s @MWRLabs team for another great #Pwn2Own performance. @thezdi
- New Press Release: Team from @FSecure's @MWRLabs demos exploits for previously undisclosed vulnerabilities at Mobile #Pwn2Own competition -
- Facebook Patches Another Vulnerability That Exposed User’s Private Information
- Key takeaways from Datto’s State of the Channel Ransomware Report 2018
- 63 New Flaws (Including 0-Days) Windows Users Need to Patch Now
- Card skimming malware removed from Infowars online store
- Big Game Hunting: The Evolution of INDRIK SPIDER From Dridex Wire Fraud to BitPaymer Targeted Ransomware
- Confirmed! The @mwrlabs team used a download bug along with a silent app installation to load their custom app and
CRIME
- Bitcoin Giveaway Scam Balloons, with Google the Latest Victim
- Weekly Threat Briefing: Adobe ColdFusion Servers Under Attack from APT Group
- Magecart Cybercrime Groups Harvest Payment Card Data
- French Data Protection Authority Issues Guidance on Interaction of Blockchain Technology with GDPR
- Operation FastCash
- Business Email Compromise - When You Don’t Need to Phish:
- Magecart- The Card-Skimming Group and Its Many Faces
- A Large Retailer Responds to #DDoS Extortion: To Pay or Not to Pay?
- Australian Senate extends My Health Record opt-out period
- The July edition of Beazley Breach Insights found that business email compromise attacks have been rising steadily. Is business email
- Beers with Talos Ep. #41: Sex, money and malware
- Bitcoin fraud on the official Twitter account of Google GSuite
- Adobe November Security Update: fixes multiple vulnerabilities in its products
- Public get Warning from Scotts Bluff County Sheriff’s Office about a Phishing Email Scam
- BDO Unibank Warned its Customers to Remain Beware from New Phishing Scheme
- Healthcare.gov Health Data Breach Exposes Personal Data
- Big Game Hunting: The Evolution of INDRIK SPIDER From Dridex Wire Fraud to BitPaymer Targeted Ransomware
POLITICS
- FlawedAmmy, the Only RAT in CheckPoint’s Global Threat Index 2018 List
- Weekly Threat Briefing: Adobe ColdFusion Servers Under Attack from APT Group
- Cyber espionage group used CVE-2018-8589 Windows Zero-Day in Middle East Attacks
- CVE-2018-15961: Adobe ColdFusion Flaw exploited in attacks in the wild
- Alex Jones’ Infowars store was infected with credit card skimming software
DATA BREACH & DATA LOSS
- Cathay Pacific In Hot Water: Data Breach Started March 2018, Not October 2018
- Cathay Says 'Most Intense' Period of Data Breach Lasted Months
- Nordstrom Reveals Data Breach, Sensitive Employee Information Exposed
- Nordstrom Data Breach Exposes Employee Information
- Nordstrom Quick to Tell Employees of a Data Breach
- Former Employee Accessed Medical Records For Nearly a Year
- Sophisticated cyber-espionage campaign targeting Pakistani government and air force
- Dropbox Account Phishing Campaign
- The Ontario Cannabis Store has reported a data breach that took place Nov. 1 through the Canada Post and affected
- Another Facebook Bug Could Have Exposed Your Private Information
- Google Services down due to BGP leak, traffic hijacked through Russia, China, and Nigeria
- Sophisticated Campaign Targets Pakistan's Air Force
- Google Services Inaccessible Due to BGP Leak
- Beware !! Worlds Most Active Malware Emotet Launching New Campaign With Malicious Word and PDF Attachments
- Compromised security in millions of cards in the US
- Leak: Windows 10 October Update will be re-launched tomorrow
DENIAL-OF-SERVICE
Nil
MALVERTISING
- Malvertising is what happens when attackers buy ad space in popular, legit websites and load them with ads infected by
PHISHING
- Why Gen Z has the most dangerous password practices
- Dropbox Account Phishing Campaign
- Password manager: 85% want their password to be protected against hackers
- How did @Google eliminate successful #PhishingAttacks? Learn how employees used U2F authentication and physical #SecurityKeys to defend against phishing from
- To help you rule out the worst password ideas, FrontNet has put together a list of the 25 words passwords
WEB DEFACEMENT
Nil
BOTNET
- Security cameras – a latent botnet network?
- A new #botnet -- #Mylobot -- has shown new, complex levels of tools and techniques that are subsequently altering botnet
- New #spam #botnet infected over 100,000 home routers through a UPnP vulnerability, according to researchers at @360Netlab. By @MaddieBacon11
- How does the Mylobot botnet differ from a typical botnet?
RANSOMWARE
- What MSPs can learn from Datto’s Channel Ransomware Report
- Premier Media Conglomerate of Malaysia, Falls for Ransomware Infection
- Why WannaCry ransomware is still a threat to your PC
- Ransomware no. 1 cyberthreat to SMBs, and the average attack costs $47K
- Ransomware Attack on City of Muscatine Shutdown Several Servers
CRYPTOMINING & CRYPTOCURRENCIES
- Fake Crypto Wallet Apps Discovered in Google Play, Built Using Drag-n-Drop
- Target and other high profile Twitter accounts exploited for cryptocurrency scams
- Cryptocurrency Mining Malware uses Various Evasion Techniques.
- The Tactic Cybercriminals Use to Steal Bitcoin
- Attacker hijacks Elon Musk Twitter account to implement fake bitcoin fraud
- Data61 and CBA demonstrate blockchain welfare payments
- WebCobra Malware Uses Victims’ Computers to Mine Cryptocurrency
- WebCobra Malware Uses Victims’ Computers to Mine Cryptocurrency
- Illegal cryptocurrency mining
- Twitter grapples with fake Elon Musk accounts promoting bitcoin scams
MALWARE
- Triton ICS Malware
- Scare Force: Pakistan military hit by Operation Shaheen malware
- Pakistan Military Hit By Operation Shaheen Malware
- That Domain You Forgot to Renew? Yeah, it’s Now Stealing Credit Cards
- What’s on Our Minds for 2019? Key Themes from the RSA Speaker Selection Process
- It’s Amateur Hour in the World of Spyware and Victims Will Pay the Price
- Cryptocurrency Mining Malware uses Various Evasion Techniques.
- Call Recorder App on Google Play with Over 5,000 Installs Contains Hidden Malware Dropper
- #Gallmaker eschews custom malware, uses living off the land and publicly available #hack tools. Find out more:
- Using Machine Learning to Cluster Malicious Network Flows From Gh0st RAT Variants
- How is Plead #malware used for #cyberespionage attacks? Learn more with Michael Cobb of @thehairyITdog.
- U.S. Cyber Command #malware samples will be shared to #VirusTotal by the Cyber National Mission Force and one expert said
- Beware !! Worlds Most Active Malware Emotet Launching New Campaign With Malicious Word and PDF Attachments
- WebCobra Malware Uses Victims’ Computers to Mine Cryptocurrency
- WebCobra Malware Uses Victims’ Computers to Mine Cryptocurrency
- 12 Warning Signs That Help Identify Malware Infection
EXPLOIT
- Attackers exploit flaw in GDPR-themed WordPress plugin to hijack websites
- Ruby taken off the rails by deserialization exploit
- Attackers exploit GDPR compliance plug-in for WordPress
VULNERABILITY
- Microsoft’s Patch Tuesday updates for November 2018 fix actively exploited Windows flaw
- Microsoft Patches Zero-Day Bug in Win7, Server 2008 and 2008 R2
- Microsoft Patches Actively Exploited Windows Vulnerability
- Fixed Facebook Privacy Bug Could Have Allowed Bad Actors to Steal Personal Info
- Microsoft patches Windows zero-day used by multiple cyber-espionage groups
- Adobe Patches Disclosed Acrobat Vulnerability
- SAP Patches Critical Vulnerability in HANA Streaming Analytics
- Facebook flaw opened your profile to data thieves
- Adobe Releases Security Update for Acrobat Vulnerability with Public PoC
- Unpatched Android OS Flaw Allows Adversaries to Track User Location
- Microsoft Patch Tuesday Recap: 12 Critical Bugs Fixed
- Adobe Fixes Acrobat and Reader Flaw With Publicly-Available PoC
- Facebook Patches Another User Data Harvesting Bug
- XSS Vulnerability in Evernote Allows Local File Execution
- Vulnerabilities in Solid-State Drives Can Be Exploited to Decrypt Data
- Side-Channel Vulnerability Could Be Exploited to Steal Data
- Zero-Day Vulnerability in Cisco Products Could Cause DoS Condition
- Attackers exploit flaw in GDPR-themed WordPress plugin to hijack websites
- Facebook Bug Let Websites Access Private User Data
- Microsoft November 2018 Patch Tuesday Fixes 12 Critical Vulnerabilities
- Facebook patches another bug that could have allowed mass-harvesting of user data
- Microsoft Patch Tuesday — November 2018: Vulnerability disclosures and Snort coverage
- Another Facebook Bug Could Have Exposed Your Private Information
- New #spam #botnet infected over 100,000 home routers through a UPnP vulnerability, according to researchers at @360Netlab. By @MaddieBacon11
- Microsoft Word Doc bug using online video feature found in wild
- Check Point Researchers Reported Vulnerabilities in Market-Leading Drone Platform, Enabling Manufacturer to Bolster Security
- Zero Day vulnerability in VirtualBox is disclosed
