APT report for 2018-11-22

TRANSNATIONAL / UNKNOWN

1. #Irisscon: Stop Siloing Vulnerability Management to Deal with Old Bugs
2. Podcast: Breaking Down the Magecart Threat (Part One)

CHINA

Nil

INDIA

Nil

NORTH KOREA

3. VB2018 paper: Since the hacking of Sony Pictures

PAKISTAN

Nil

VIETNAM

Nil

IRAN

Nil

IRAQ

Nil

LEBANON

Nil

PALESTINE

Nil

SAUDI ARABIA

Nil

SYRIA

Nil

TURKEY

Nil

UNITED ARAB EMIRATES

Nil

YEMEN

Nil

RUSSIA

Nil

SERBIA

Nil

UKRAINE

Nil

Platform report for 2018-11-22

WINDOWS

1. Google’s Practical Action Against Malware and Its Authors
2. [SingCERT] Alert on Adobe Flash Player Vulnerability (CVE-2018-15981)
3. Update now! Adobe Flash has another critical security vulnerability

LINUX

4. Mirai DDoS baddies take enterprise Linux servers over consumer routers
5. [SingCERT] Alert on Adobe Flash Player Vulnerability (CVE-2018-15981)
6. SSL vulnerability scanner – MassBleed
7. Update now! Adobe Flash has another critical security vulnerability
8. Experts found first Mirai bot targeting Linux servers via Hadoop YARN flaw

UNIX

Nil

ANDROID

9. Google’s Practical Action Against Malware and Its Authors
10. #DidYouKnow A single subscription of AVG Internet Security covers every PC in your family? It also includes webcam and ransomware protection,
11. The Rotexy mobile Trojan – banker and ransomware

IOS

12. Google’s Practical Action Against Malware and Its Authors

MACOS

13. [SingCERT] Alert on Adobe Flash Player Vulnerability (CVE-2018-15981)
14. A bypass was found by @okta researchers that allows #macOS #malware to pose as @Apple files despite needing to be
15. Researchers recently discovered a new #MacOS #malware that targets #cryptocurrency investors through chat platforms. Discover how this is possible and

Threat report for 2018-11-22

DATA BREACH & DATA LOSS

1. Almost 9,5 Million PII Records Leaked by Data Aggregator Adapt
2. China Boosted Technology and Intellectual Property Theft Operations Says USTR
3. USPS reportedly fixes website bug that exposed data of 60M users
4. Facebook 'walking dangerous line' as it appeals record fine
5. USPS finally fixes website flaw that exposed 60 million users' data
6. Furry erotica site 'High Tail Hall' exposed data of nearly 500K users
7. The July edition of Beazley Breach Insights found that business email compromise attacks have been rising steadily. Is business email
8. US Postal Service website vulnerability leaked 60 million user data
9. Amazon technical failure caused to leaks users’ email addresses
10. US Postal Service Left 60 Million Users Data Exposed For Over a Year
11. Amazon Suffered Data Breach – Customers Name & Email Addresses Exposed
12. Data breaches in schools: How should an academic institution report a security incident to comply with the GDPR?
13. 500K Italian Public Administration Email Accounts Compromised By Targeted Attack
14. New @awscloud settings will allow users to batch change permissions with the aim of avoiding accidental S3 data leaks, but

DENIAL-OF-SERVICE

15. Mirai DDoS baddies take enterprise Linux servers over consumer routers
16. Emoji Kitten Denial Of Service Attack Continues to Haunt Skype

MALVERTISING

Nil

PHISHING

17. LastPass login problems caused by cascading server failure
18. Come evitare che le tue #password diventino la chiave di accesso ai tuoi account
19. PSA: Phishing Levels Rise Ahead of Black Friday and Cyber Monday
20. Phishing Attack Compromises Health First Patients’ Data

WEB DEFACEMENT

Nil

BOTNET

Nil

RANSOMWARE

21. #DidYouKnow A single subscription of AVG Internet Security covers every PC in your family? It also includes webcam and ransomware protection,
22. Aurora / Zorro Ransomware Actively Being Distributed
23. How does @TalosSecurity's discovery change the way you or your enterprise views #ransomware?
24. The Rotexy mobile Trojan – banker and ransomware

CRYPTOMINING & CRYPTOCURRENCIES

25. Silicon Valley Hacker Swipes Millions Worth of Cryptocurrency Using SIM Swapping
26. SIM swap! Man charged after million dollar cryptocurrency theft
27. SIM swap! Man charged after million dollar cryptocurrency theft
28. Researchers recently discovered a new #MacOS #malware that targets #cryptocurrency investors through chat platforms. Discover how this is possible and
29. North Korea To Host Cryptocurrency and Blockchain Conference

MALWARE

30. Google’s Practical Action Against Malware and Its Authors
31. Rotexy Mobile Trojan Launches 70k+ Attacks in Three Months
32. Found this picture of myself doing an internal briefing on the Nimda worm in 2001. Note the size of the
33. A bypass was found by @okta researchers that allows #macOS #malware to pose as @Apple files despite needing to be
34. The Rotexy mobile Trojan – banker and ransomware
35. Researchers recently discovered a new #MacOS #malware that targets #cryptocurrency investors through chat platforms. Discover how this is possible and
36. Research reveals that 44% of industrial facilities have USB malware risks
37. Do you believe that the application #security vetting process would benefit from the addition of an entropy source?
38. Emotet malware runs on a dual infrastructure to avoid downtime and takedowns
39. Hacking Syndicate TA505 Back with Focus on Info-Stealing Trojan

EXPLOIT

40. How Dropbox's red team discovered an Apple zero-day exploit chain by accident
41. How was a black box attack used to exploit ATM vulnerabilities?

VULNERABILITY

42. USPS reportedly fixes website bug that exposed data of 60M users
43. [SingCERT] Alert on Adobe Flash Player Vulnerability (CVE-2018-15981)
44. #Irisscon: Stop Siloing Vulnerability Management to Deal with Old Bugs
45. .@radware #cybersecurity researchers found hackers to be targeting bank users via a #router vulnerability. Learn how a fake banking site
46. Cross-site search attack applied to snoop on Google’s bug tracker
47. Facebook And Instagram Went Down Due To A Server Bug
48. SSL vulnerability scanner – MassBleed
49. Flaw allowing identity spoofing affects authentication based on German eID cards
50. USPS finally fixes website flaw that exposed 60 million users' data
51. Update now! Adobe Flash has another critical security vulnerability
52. How Dropbox's red team discovered an Apple zero-day exploit chain by accident
53. How was a black box attack used to exploit ATM vulnerabilities?
54. CyberSecurity Asean security alert on Multiple Vulnerabilities in VMware vSphere Data Protection Could Allow for Remote Code Execution
55. Experts found first Mirai bot targeting Linux servers via Hadoop YARN flaw
56. VMware Releases Critical Security Updates for Multiple Vulnerabilities
57. US Postal Service website vulnerability leaked 60 million user data
58. Facebook Increases Average Bounty rewards for High Impact Vulnerabilities
59. Facebook raises rewards for a security vulnerabilities to $40,000

Region brief for 2018-11-22

ASIA

1. China Boosted Technology and Intellectual Property Theft Operations Says USTR
2. The Rotexy mobile Trojan – banker and ransomware
3. North Korea To Host Cryptocurrency and Blockchain Conference

OCEANIA

Nil

NORTH AMERICA

4. China Boosted Technology and Intellectual Property Theft Operations Says USTR
5. USPS finally fixes website flaw that exposed 60 million users' data
6. Research reveals that 44% of industrial facilities have USB malware risks
7. North Korea To Host Cryptocurrency and Blockchain Conference
8. US Postal Service website vulnerability leaked 60 million user data
9. Amazon technical failure caused to leaks users’ email addresses
10. US Postal Service Left 60 Million Users Data Exposed For Over a Year

SOUTH AMERICA

Nil

EUROPE

11. Flaw allowing identity spoofing affects authentication based on German eID cards
12. The Rotexy mobile Trojan – banker and ransomware
13. North Korea To Host Cryptocurrency and Blockchain Conference
14. 500K Italian Public Administration Email Accounts Compromised By Targeted Attack

AFRICA

Nil

Sector brief for 2018-11-22

HEALTHCARE

1. Phishing Attack Compromises Health First Patients’ Data
2. Data breaches in schools: How should an academic institution report a security incident to comply with the GDPR?

TRANSPORT

Nil

BANKING & FINANCE

3. Rotexy Mobile Trojan Launches 70k+ Attacks in Three Months
4. .@radware #cybersecurity researchers found hackers to be targeting bank users via a #router vulnerability. Learn how a fake banking site
5. VB2018 paper: Since the hacking of Sony Pictures
6. The Rotexy mobile Trojan – banker and ransomware
7. How was a black box attack used to exploit ATM vulnerabilities?
8. Hacking Syndicate TA505 Back with Focus on Info-Stealing Trojan
9. Facebook raises rewards for a security vulnerabilities to $40,000
10. Data breaches in schools: How should an academic institution report a security incident to comply with the GDPR?

INFORMATION & TELECOMMUNICATION

11. Facebook And Instagram Went Down Due To A Server Bug
12. #DidYouKnow A single subscription of AVG Internet Security covers every PC in your family? It also includes webcam and ransomware protection,
13. Facebook 'walking dangerous line' as it appeals record fine
14. Emoji Kitten Denial Of Service Attack Continues to Haunt Skype
15. Found this picture of myself doing an internal briefing on the Nimda worm in 2001. Note the size of the
16. North Korea To Host Cryptocurrency and Blockchain Conference
17. Amazon technical failure caused to leaks users’ email addresses
18. Facebook Increases Average Bounty rewards for High Impact Vulnerabilities
19. Facebook raises rewards for a security vulnerabilities to $40,000

FOOD

Nil

WATER

Nil

ENERGY

Nil

GOVERNMENT & PUBLIC SERVICE

20. Flaw allowing identity spoofing affects authentication based on German eID cards
21. CyberSecurity Asean security alert on Multiple Vulnerabilities in VMware vSphere Data Protection Could Allow for Remote Code Execution
22. North Korea To Host Cryptocurrency and Blockchain Conference
23. US Postal Service Left 60 Million Users Data Exposed For Over a Year

Daily brief for 2018-11-22

ASIA

1. China Boosted Technology and Intellectual Property Theft Operations Says USTR
2. The Rotexy mobile Trojan – banker and ransomware
3. North Korea To Host Cryptocurrency and Blockchain Conference

WORLD

4. China Boosted Technology and Intellectual Property Theft Operations Says USTR
5. Flaw allowing identity spoofing affects authentication based on German eID cards
6. USPS finally fixes website flaw that exposed 60 million users' data
7. The Rotexy mobile Trojan – banker and ransomware
8. Research reveals that 44% of industrial facilities have USB malware risks
9. North Korea To Host Cryptocurrency and Blockchain Conference
10. US Postal Service website vulnerability leaked 60 million user data
11. Amazon technical failure caused to leaks users’ email addresses
12. US Postal Service Left 60 Million Users Data Exposed For Over a Year
13. 500K Italian Public Administration Email Accounts Compromised By Targeted Attack

ATTACKS

14. Almost 9,5 Million PII Records Leaked by Data Aggregator Adapt
15. China Boosted Technology and Intellectual Property Theft Operations Says USTR
16. USPS reportedly fixes website bug that exposed data of 60M users
17. Facebook 'walking dangerous line' as it appeals record fine
18. USPS finally fixes website flaw that exposed 60 million users' data
19. LastPass login problems caused by cascading server failure
20. Furry erotica site 'High Tail Hall' exposed data of nearly 500K users
21. The July edition of Beazley Breach Insights found that business email compromise attacks have been rising steadily. Is business email
22. Come evitare che le tue #password diventino la chiave di accesso ai tuoi account
23. PSA: Phishing Levels Rise Ahead of Black Friday and Cyber Monday
24. Phishing Attack Compromises Health First Patients’ Data
25. US Postal Service website vulnerability leaked 60 million user data
26. Amazon technical failure caused to leaks users’ email addresses
27. US Postal Service Left 60 Million Users Data Exposed For Over a Year
28. Amazon Suffered Data Breach – Customers Name & Email Addresses Exposed
29. Data breaches in schools: How should an academic institution report a security incident to comply with the GDPR?
30. 500K Italian Public Administration Email Accounts Compromised By Targeted Attack
31. New @awscloud settings will allow users to batch change permissions with the aim of avoiding accidental S3 data leaks, but

THREATS

32. Silicon Valley Hacker Swipes Millions Worth of Cryptocurrency Using SIM Swapping
33. Google’s Practical Action Against Malware and Its Authors
34. USPS reportedly fixes website bug that exposed data of 60M users
35. [SingCERT] Alert on Adobe Flash Player Vulnerability (CVE-2018-15981)
36. #Irisscon: Stop Siloing Vulnerability Management to Deal with Old Bugs
37. Rotexy Mobile Trojan Launches 70k+ Attacks in Three Months
38. .@radware #cybersecurity researchers found hackers to be targeting bank users via a #router vulnerability. Learn how a fake banking site
39. Cross-site search attack applied to snoop on Google’s bug tracker
40. Facebook And Instagram Went Down Due To A Server Bug
41. SIM swap! Man charged after million dollar cryptocurrency theft
42. SIM swap! Man charged after million dollar cryptocurrency theft
43. #DidYouKnow A single subscription of AVG Internet Security covers every PC in your family? It also includes webcam and ransomware protection,
44. SSL vulnerability scanner – MassBleed
45. Aurora / Zorro Ransomware Actively Being Distributed
46. How does @TalosSecurity's discovery change the way you or your enterprise views #ransomware?
47. Flaw allowing identity spoofing affects authentication based on German eID cards
48. USPS finally fixes website flaw that exposed 60 million users' data
49. Update now! Adobe Flash has another critical security vulnerability
50. How Dropbox's red team discovered an Apple zero-day exploit chain by accident
51. Found this picture of myself doing an internal briefing on the Nimda worm in 2001. Note the size of the
52. A bypass was found by @okta researchers that allows #macOS #malware to pose as @Apple files despite needing to be
53. The Rotexy mobile Trojan – banker and ransomware
54. Researchers recently discovered a new #MacOS #malware that targets #cryptocurrency investors through chat platforms. Discover how this is possible and
55. How was a black box attack used to exploit ATM vulnerabilities?
56. Research reveals that 44% of industrial facilities have USB malware risks
57. CyberSecurity Asean security alert on Multiple Vulnerabilities in VMware vSphere Data Protection Could Allow for Remote Code Execution
58. Do you believe that the application #security vetting process would benefit from the addition of an entropy source?
59. Experts found first Mirai bot targeting Linux servers via Hadoop YARN flaw
60. VMware Releases Critical Security Updates for Multiple Vulnerabilities
61. Emotet malware runs on a dual infrastructure to avoid downtime and takedowns
62. North Korea To Host Cryptocurrency and Blockchain Conference
63. Hacking Syndicate TA505 Back with Focus on Info-Stealing Trojan
64. US Postal Service website vulnerability leaked 60 million user data
65. Facebook Increases Average Bounty rewards for High Impact Vulnerabilities
66. Facebook raises rewards for a security vulnerabilities to $40,000

CRIME

67. Silicon Valley Hacker Swipes Millions Worth of Cryptocurrency Using SIM Swapping
68. China Boosted Technology and Intellectual Property Theft Operations Says USTR
69. SIM swap! Man charged after million dollar cryptocurrency theft
70. SIM swap! Man charged after million dollar cryptocurrency theft
71. The Rotexy mobile Trojan – banker and ransomware
72. The July edition of Beazley Breach Insights found that business email compromise attacks have been rising steadily. Is business email
73. Hacking Syndicate TA505 Back with Focus on Info-Stealing Trojan
74. Data breaches in schools: How should an academic institution report a security incident to comply with the GDPR?

POLITICS

75. The Rotexy mobile Trojan – banker and ransomware
76. North Korea To Host Cryptocurrency and Blockchain Conference
77. Data breaches in schools: How should an academic institution report a security incident to comply with the GDPR?
78. 500K Italian Public Administration Email Accounts Compromised By Targeted Attack