DATA BREACH & DATA LOSS
- Not So Cozy: An Uncomfortable Examination of a Suspected APT29 Phishing Campaign
- Data Leak Incident Reported by Fortune 500 Metropolitan Life Insurance Company
- VisionDirect Blindsided by Magecart in Data Breach
- OSIsoft Breached, All Domain Accounts, Emails, and Passwords Assumed Compromised
- “Simplicity without Compromise” with Catalyst 9200 – Intent Based Networking Everywhere!
- EOS.IO Smart Contract Database Walkthrough
- Ford Eyes Use of Customers’ Personal Data to Boost Profits
- Vision Direct Admits To Breach With CVVs Compromised
- Instagram Bug, Now Fixed, Exposed User Passwords
- Business email compromise scam costs Pathé $21.5 million
- Database Misconfiguration Leaks 26 Million SMS Messages
- The Most Damaging Election Disinformation Campaign Came From Donald Trump, Not Russia
- SUNY Upstate Hospital announced a former employee inappropriately accessed more than 1,200 patient records.
- Subject: Invoice. The cause of 6 out of 10 of the most effective phishing campaigns in 2018
- Vision Direct reveals customer credit card leak, fake Google script may be to blame
- Most Important Consideration of Confidentiality,Integrity, Availability (CIA Triad) to Avoid Organization Data Breach
- New security feature to prevent Amazon S3 bucket misconfiguration and data leaks
- Instagram Privacy Tool Exposed Passwords
- Vision Direct Notifies Customers of Data Compromise
- Proofpoint #ThreatInsight research: #sLoad and #Ramnit pairing in sustained personalized campaigns against UK and Italy:
- Instagram Accidentally Exposed Some User Passwords
- Email campaign spreading new tRAT malware
- The promised integration with #HaveIBeenPwned is expanding in #FirefoxMonitor with new breach alerts when a user visits a recently compromised
- Instagram Critical Bug Leaked User’s Password Via its Data Download Tool
- After early speculation of #malicious intent, experts said an accidental misconfiguration caused the BGP route leak that sent traffic destined
- Firefox automatically alerts users when you access sites that have data breaches
- Instagram Accidentally Exposed Some Users' Passwords In Plaintext
DENIAL-OF-SERVICE
Nil
MALVERTISING
Nil
PHISHING
- Not So Cozy: An Uncomfortable Examination of a Suspected APT29 Phishing Campaign
- Top 5 ways to pick a secure password
- Top 5 ways to pick a secure password
- 2FA Login Failure in Office 365 and Azure
- Subject: Invoice. The cause of 6 out of 10 of the most effective phishing campaigns in 2018
- A little phishing knowledge may be a dangerous thing
- The more you say you know about phishing, the more vulnerable you are … Until you’re hoodwinked
- More than 50% forgot their password once at least one in the last month
- An espionage group used stolen #DigitalCertificates to sign Plead #malware and used a password stealer component that was used in
- How #privacy intersects with #CyberSecurity.
“Criminals can craft better phishing emails to scam you when they know what you’re interested in.”
- Review: Specops Password Policy
- Instagram Critical Bug Leaked User’s Password Via its Data Download Tool
- Sai quali sono i modelli più utilizzati dagli utenti per creare le proprie #password? Qui ti suggeriamo alcune 'best practice'
WEB DEFACEMENT
Nil
BOTNET
- Outlaw Group Distributes Botnet for Cryptocurrency-Mining, Scanning, and Brute-Force
- How do you think the #Mylobot #botnet attack will affect the future of botnets?
RANSOMWARE
- Texas hospital becomes victim of Dharma ransomware
- A History of Ransomware Attacks: The Biggest and Worst Ransomware Attacks of All Time
- Wannacry Continues to be Dominant Ransomware
CRYPTOMINING & CRYPTOCURRENCIES
- EOS.IO Smart Contract Database Walkthrough
- Bitcoin Falls Below $5,000
- Cryptojacking Attack Targets Make-A-Wish Foundation Website
- WebCobra Installs Cryptominer On Victim's System
- Outlaw Group Distributes Botnet for Cryptocurrency-Mining, Scanning, and Brute-Force
- How can a @Trezor #cryptocurrency wallet fall victim to attack? Learn more with expert @lewisnic
- Turkish Police Arrested Cryptocurrency Hackers
MALWARE
- New Modular tRat Remote Access Trojan Surfaced During September
- OSIsoft Breached, All Domain Accounts, Emails, and Passwords Assumed Compromised
- Traps: Fighting Threats With Cloud-Based Malware Analysis
- U.S. warns countries not to 'manipulate the extradition process' for cybercriminals
- DarkGate Malware Avoids Endpoint AV Detection
- New ShadowTalk update looks at:
New nation-state threat actor uses advanced TTPs to target Pakistan
Lazarus Group’s FASTCash malware
- Cybaze ZLab – Yoroi team analyzed malware used in recent attacks on US entities attributed to APT29
- An espionage group used stolen #DigitalCertificates to sign Plead #malware and used a password stealer component that was used in
- Email campaign spreading new tRAT malware
- After early speculation of #malicious intent, experts said an accidental misconfiguration caused the BGP route leak that sent traffic destined
- Fun fact: The Morris Worm of 1988 did never spread to Finland, as the outbreak happened two weeks before we
- October 2018’s Most Wanted Malware: For The First Time, Remote Access Trojan Reaches Global Threat Index’s Top 10
EXPLOIT
Nil
VULNERABILITY
- Finds vulnerabilities in wordpress websites using WPSCAN
- TP-Link Patches Remote Code Execution Flaws in SOHO Router
- Tianfu Cup PWN hacking contest – White hat hackers earn $1 Million for Zero-Day exploits
- Instagram Flaw Exposes User Passwords
- Multiple Remote TP-Link TL-R600VPN Router Vulnerabilities Patched
- A bug in EA Origin client exposes gamers' data
- Vulnerabilities Dip 7%, but Researchers Are Cautious
- Instagram Bug, Now Fixed, Exposed User Passwords
- Vulnerability Spotlight: Multiple remote vulnerabilities in TP-Link TL-R600VPN
- SUNY Upstate Hospital announced a former employee inappropriately accessed more than 1,200 patient records.
- Instagram flaw exposes user passwords
- Hackers Earn $1 Million for Zero-Day Exploits at Chinese Competition
- Privilege escalation bug patched in Accelerated Mobile Pages WordPress plug-in
- How does a Bluetooth vulnerability enable validation attacks?
- How does site isolation defend against #Spectre vulnerabilities? Expert Michael Cobb of @thehairyITdog explains
- Helping researchers with IoT firmware vulnerability discovery
- Vulnerability Spotlight: Multiple remote vulnerabilities in TP-Link TL-R600VPN
- Instagram Critical Bug Leaked User’s Password Via its Data Download Tool
HEALTHCARE
- Not So Cozy: An Uncomfortable Examination of a Suspected APT29 Phishing Campaign
- SUNY Upstate Hospital announced a former employee inappropriately accessed more than 1,200 patient records.
- Texas hospital becomes victim of Dharma ransomware
TRANSPORT
Nil
BANKING & FINANCE
- New Modular tRat Remote Access Trojan Surfaced During September
- Tianfu Cup PWN hacking contest – White hat hackers earn $1 Million for Zero-Day exploits
- Collective Intelligence Podcast, Vitali Kremez on Magecart
- Business email compromise scam costs Pathé $21.5 million
- Subject: Invoice. The cause of 6 out of 10 of the most effective phishing campaigns in 2018
- Vision Direct reveals customer credit card leak, fake Google script may be to blame
- Vision Direct Notifies Customers of Data Compromise
- Email campaign spreading new tRAT malware
- October 2018’s Most Wanted Malware: For The First Time, Remote Access Trojan Reaches Global Threat Index’s Top 10
INFORMATION & TELECOMMUNICATION
- U.S. warns countries not to 'manipulate the extradition process' for cybercriminals
- Tianfu Cup PWN hacking contest – White hat hackers earn $1 Million for Zero-Day exploits
- Instagram Flaw Exposes User Passwords
- Multiple Remote TP-Link TL-R600VPN Router Vulnerabilities Patched
- A week in security (November 12 – 18)
- Instagram Bug, Now Fixed, Exposed User Passwords
- The Most Damaging Election Disinformation Campaign Came From Donald Trump, Not Russia
- 2FA Login Failure in Office 365 and Azure
- SUNY Upstate Hospital announced a former employee inappropriately accessed more than 1,200 patient records.
- New ShadowTalk update looks at:
New nation-state threat actor uses advanced TTPs to target Pakistan
Lazarus Group’s FASTCash malware
- Cybaze ZLab – Yoroi team analyzed malware used in recent attacks on US entities attributed to APT29
- Outlaw Group Distributes Botnet for Cryptocurrency-Mining, Scanning, and Brute-Force
- Instagram flaw exposes user passwords
- Instagram Privacy Tool Exposed Passwords
- Proofpoint #ThreatInsight research: #sLoad and #Ramnit pairing in sustained personalized campaigns against UK and Italy:
- Instagram Accidentally Exposed Some User Passwords
- How #privacy intersects with #CyberSecurity.
“Criminals can craft better phishing emails to scam you when they know what you’re interested in.”
- Instagram Critical Bug Leaked User’s Password Via its Data Download Tool
- Fun fact: The Morris Worm of 1988 did never spread to Finland, as the outbreak happened two weeks before we
- Instagram Accidentally Exposed Some Users' Passwords In Plaintext
FOOD
Nil
WATER
Nil
ENERGY
Nil
GOVERNMENT & PUBLIC SERVICE
- Not So Cozy: An Uncomfortable Examination of a Suspected APT29 Phishing Campaign
- U.S. warns countries not to 'manipulate the extradition process' for cybercriminals
- The Most Damaging Election Disinformation Campaign Came From Donald Trump, Not Russia
- Cybaze ZLab – Yoroi team analyzed malware used in recent attacks on US entities attributed to APT29
- Russian Cozy Bear APT 29 hackers may be impersonating State Department
- Turkish Police Arrested Cryptocurrency Hackers
ASIA
- U.S. warns countries not to 'manipulate the extradition process' for cybercriminals
- Tianfu Cup PWN hacking contest – White hat hackers earn $1 Million for Zero-Day exploits
- Business email compromise scam costs Pathé $21.5 million
- The Most Damaging Election Disinformation Campaign Came From Donald Trump, Not Russia
- Iran-Linked Hackers Use Just-in-Time Creation of Weaponized Attack Docs
- New ShadowTalk update looks at:
New nation-state threat actor uses advanced TTPs to target Pakistan
Lazarus Group’s FASTCash malware
- Hackers Earn $1 Million for Zero-Day Exploits at Chinese Competition
- Turkish Police Arrested Cryptocurrency Hackers
- After early speculation of #malicious intent, experts said an accidental misconfiguration caused the BGP route leak that sent traffic destined
WORLD
- Not So Cozy: An Uncomfortable Examination of a Suspected APT29 Phishing Campaign
- Finds vulnerabilities in wordpress websites using WPSCAN
- Traps: Fighting Threats With Cloud-Based Malware Analysis
- U.S. warns countries not to 'manipulate the extradition process' for cybercriminals
- A week in security (November 12 – 18)
- Business email compromise scam costs Pathé $21.5 million
- The Most Damaging Election Disinformation Campaign Came From Donald Trump, Not Russia
- 2FA Login Failure in Office 365 and Azure
- DarkGate Malware Avoids Endpoint AV Detection
- Subject: Invoice. The cause of 6 out of 10 of the most effective phishing campaigns in 2018
- WebCobra Installs Cryptominer On Victim's System
- New ShadowTalk update looks at:
New nation-state threat actor uses advanced TTPs to target Pakistan
Lazarus Group’s FASTCash malware
- Cybaze ZLab – Yoroi team analyzed malware used in recent attacks on US entities attributed to APT29
- Outlaw Group Distributes Botnet for Cryptocurrency-Mining, Scanning, and Brute-Force
- Proofpoint #ThreatInsight research: #sLoad and #Ramnit pairing in sustained personalized campaigns against UK and Italy:
- Russian Cozy Bear APT 29 hackers may be impersonating State Department
- Email campaign spreading new tRAT malware
- After early speculation of #malicious intent, experts said an accidental misconfiguration caused the BGP route leak that sent traffic destined
- Fun fact: The Morris Worm of 1988 did never spread to Finland, as the outbreak happened two weeks before we
ATTACKS
- Not So Cozy: An Uncomfortable Examination of a Suspected APT29 Phishing Campaign
- Data Leak Incident Reported by Fortune 500 Metropolitan Life Insurance Company
- Top 5 ways to pick a secure password
- VisionDirect Blindsided by Magecart in Data Breach
- Top 5 ways to pick a secure password
- OSIsoft Breached, All Domain Accounts, Emails, and Passwords Assumed Compromised
- “Simplicity without Compromise” with Catalyst 9200 – Intent Based Networking Everywhere!
- EOS.IO Smart Contract Database Walkthrough
- Ford Eyes Use of Customers’ Personal Data to Boost Profits
- Vision Direct Admits To Breach With CVVs Compromised
- Instagram Bug, Now Fixed, Exposed User Passwords
- Business email compromise scam costs Pathé $21.5 million
- Database Misconfiguration Leaks 26 Million SMS Messages
- The Most Damaging Election Disinformation Campaign Came From Donald Trump, Not Russia
- 2FA Login Failure in Office 365 and Azure
- SUNY Upstate Hospital announced a former employee inappropriately accessed more than 1,200 patient records.
- Subject: Invoice. The cause of 6 out of 10 of the most effective phishing campaigns in 2018
- Vision Direct reveals customer credit card leak, fake Google script may be to blame
- A little phishing knowledge may be a dangerous thing
- Most Important Consideration of Confidentiality,Integrity, Availability (CIA Triad) to Avoid Organization Data Breach
- New security feature to prevent Amazon S3 bucket misconfiguration and data leaks
- The more you say you know about phishing, the more vulnerable you are … Until you’re hoodwinked
- Instagram Privacy Tool Exposed Passwords
- Vision Direct Notifies Customers of Data Compromise
- Proofpoint #ThreatInsight research: #sLoad and #Ramnit pairing in sustained personalized campaigns against UK and Italy:
- Instagram Accidentally Exposed Some User Passwords
- More than 50% forgot their password once at least one in the last month
- An espionage group used stolen #DigitalCertificates to sign Plead #malware and used a password stealer component that was used in
- How #privacy intersects with #CyberSecurity.
“Criminals can craft better phishing emails to scam you when they know what you’re interested in.”
- Email campaign spreading new tRAT malware
- The promised integration with #HaveIBeenPwned is expanding in #FirefoxMonitor with new breach alerts when a user visits a recently compromised
- Review: Specops Password Policy
- Instagram Critical Bug Leaked User’s Password Via its Data Download Tool
- After early speculation of #malicious intent, experts said an accidental misconfiguration caused the BGP route leak that sent traffic destined
- Firefox automatically alerts users when you access sites that have data breaches
- Instagram Accidentally Exposed Some Users' Passwords In Plaintext
- Sai quali sono i modelli più utilizzati dagli utenti per creare le proprie #password? Qui ti suggeriamo alcune 'best practice'
THREATS
- New Modular tRat Remote Access Trojan Surfaced During September
- OSIsoft Breached, All Domain Accounts, Emails, and Passwords Assumed Compromised
- Finds vulnerabilities in wordpress websites using WPSCAN
- Traps: Fighting Threats With Cloud-Based Malware Analysis
- U.S. warns countries not to 'manipulate the extradition process' for cybercriminals
- TP-Link Patches Remote Code Execution Flaws in SOHO Router
- EOS.IO Smart Contract Database Walkthrough
- Tianfu Cup PWN hacking contest – White hat hackers earn $1 Million for Zero-Day exploits
- Bitcoin Falls Below $5,000
- Instagram Flaw Exposes User Passwords
- Multiple Remote TP-Link TL-R600VPN Router Vulnerabilities Patched
- A bug in EA Origin client exposes gamers' data
- Vulnerabilities Dip 7%, but Researchers Are Cautious
- Cryptojacking Attack Targets Make-A-Wish Foundation Website
- Instagram Bug, Now Fixed, Exposed User Passwords
- DarkGate Malware Avoids Endpoint AV Detection
- Vulnerability Spotlight: Multiple remote vulnerabilities in TP-Link TL-R600VPN
- SUNY Upstate Hospital announced a former employee inappropriately accessed more than 1,200 patient records.
- WebCobra Installs Cryptominer On Victim's System
- New ShadowTalk update looks at:
New nation-state threat actor uses advanced TTPs to target Pakistan
Lazarus Group’s FASTCash malware
- Cybaze ZLab – Yoroi team analyzed malware used in recent attacks on US entities attributed to APT29
- Outlaw Group Distributes Botnet for Cryptocurrency-Mining, Scanning, and Brute-Force
- Texas hospital becomes victim of Dharma ransomware
- Instagram flaw exposes user passwords
- Hackers Earn $1 Million for Zero-Day Exploits at Chinese Competition
- How can a @Trezor #cryptocurrency wallet fall victim to attack? Learn more with expert @lewisnic
- Privilege escalation bug patched in Accelerated Mobile Pages WordPress plug-in
- A History of Ransomware Attacks: The Biggest and Worst Ransomware Attacks of All Time
- How does a Bluetooth vulnerability enable validation attacks?
- An espionage group used stolen #DigitalCertificates to sign Plead #malware and used a password stealer component that was used in
- How does site isolation defend against #Spectre vulnerabilities? Expert Michael Cobb of @thehairyITdog explains
- Helping researchers with IoT firmware vulnerability discovery
- Wannacry Continues to be Dominant Ransomware
- Email campaign spreading new tRAT malware
- Turkish Police Arrested Cryptocurrency Hackers
- Vulnerability Spotlight: Multiple remote vulnerabilities in TP-Link TL-R600VPN
- Instagram Critical Bug Leaked User’s Password Via its Data Download Tool
- After early speculation of #malicious intent, experts said an accidental misconfiguration caused the BGP route leak that sent traffic destined
- Fun fact: The Morris Worm of 1988 did never spread to Finland, as the outbreak happened two weeks before we
- October 2018’s Most Wanted Malware: For The First Time, Remote Access Trojan Reaches Global Threat Index’s Top 10
CRIME
- OSIsoft Breached, All Domain Accounts, Emails, and Passwords Assumed Compromised
- Finds vulnerabilities in wordpress websites using WPSCAN
- U.S. warns countries not to 'manipulate the extradition process' for cybercriminals
- EOS.IO Smart Contract Database Walkthrough
- A week in security (November 12 – 18)
- Collective Intelligence Podcast, Vitali Kremez on Magecart
- Business email compromise scam costs Pathé $21.5 million
- The Most Damaging Election Disinformation Campaign Came From Donald Trump, Not Russia
- Vision Direct reveals customer credit card leak, fake Google script may be to blame
- The more you say you know about phishing, the more vulnerable you are … Until you’re hoodwinked
- Instagram Accidentally Exposed Some User Passwords
- An espionage group used stolen #DigitalCertificates to sign Plead #malware and used a password stealer component that was used in
- How #privacy intersects with #CyberSecurity.
“Criminals can craft better phishing emails to scam you when they know what you’re interested in.”
- Turkish Police Arrested Cryptocurrency Hackers
- Review: Specops Password Policy
POLITICS
- Not So Cozy: An Uncomfortable Examination of a Suspected APT29 Phishing Campaign
- U.S. warns countries not to 'manipulate the extradition process' for cybercriminals
- A week in security (November 12 – 18)
- Business email compromise scam costs Pathé $21.5 million
- The Most Damaging Election Disinformation Campaign Came From Donald Trump, Not Russia
- Cybaze ZLab – Yoroi team analyzed malware used in recent attacks on US entities attributed to APT29
- Outlaw Group Distributes Botnet for Cryptocurrency-Mining, Scanning, and Brute-Force
- The more you say you know about phishing, the more vulnerable you are … Until you’re hoodwinked
- An espionage group used stolen #DigitalCertificates to sign Plead #malware and used a password stealer component that was used in
- How #privacy intersects with #CyberSecurity.
“Criminals can craft better phishing emails to scam you when they know what you’re interested in.”
- Russian Cozy Bear APT 29 hackers may be impersonating State Department
