HEALTHCARE
- Hackers Linked to Russia Impersonate US Officials
- Russian APT activity is resurgent, researchers say
- Zscaler ThreatLabZ Phishing Roundup
TRANSPORT
Nil
BANKING & FINANCE
- Emotet Returns with Thanksgiving Theme and Better Phishing Tricks
- Emotet Returns with Thanksgiving Theme and Better Phishing Tricks
- Web skimmers compete in Umbro Brasil hack
- Malvertising in Apple Pay Targets iPhone Users
- An Introduction to Magecart
- Report: Emotet makes phishing lures more convincing by scraping victims' emails
- Lazarus Continues Heists, Mounts Attacks on Financial Organizations in Latin America
- Emotet Campaigns Persist, Utilize Updated Tactics and Techniques
- For Smbs Ransomware Attacks still the Greatest Online Threat
- Zscaler ThreatLabZ Phishing Roundup
- Vision Direct 'fesses up to hack that exposed customer names, payment cards
- Magecart Spies Payment Cards From Retailer Vision Direct
- Kaspersky Security Bulletin: Threat Predictions for 2019
- Experts analyzed how Iranian OilRIG hackers tested their weaponized documents
- Can a D-Link router vulnerability threaten bank customers?
- Google Account Hacked for Fake Bitcoin Reward
- 2019 Security Predictions – Utilities and Industrial Control Systems Targeted with Ransomware
- Two TalkTalk hackers jailed for 2015 data breach that cost it £77 million
INFORMATION & TELECOMMUNICATION
- Instagram bug exposes user passwords
- Gmail Glitch Enables Anonymous Messages in Phishing Attacks
- 560,000 Duped Into Installing Android Malware in the Form of Fake Driving Games
- Inspiring Gender Diversity at Women of the Channel Leadership Summit
- Instagram glitch exposed some user passwords
- Sofacy Continues Global Attacks and Wheels Out New ‘Cannon’ Trojan
- Zscaler ThreatLabZ Phishing Roundup
- 2018 holiday travel period expected to be the busiest travel season on record
- Kaspersky Security Bulletin: Threat Predictions for 2019
- Instagram Patched A Data Download Tool Bug That Exposed Users Passwords
- Vulnerability Spotlight: Multiple remote code execution vulnerabilities in Atlantis Word Processor
- Google Account Hacked for Fake Bitcoin Reward
- Google, Target Hit by Twitter Bitcoin Scam Account Hacks
FOOD
Nil
WATER
- Tech Docs: Keep Out of the Flood Zone with DoS Protection
ENERGY
- Tech Docs: Keep Out of the Flood Zone with DoS Protection
- Experts analyzed how Iranian OilRIG hackers tested their weaponized documents
- 2019 Security Predictions – Utilities and Industrial Control Systems Targeted with Ransomware
GOVERNMENT & PUBLIC SERVICE
- ESET: Vietnamese hacking group hijacks Southeast Asian sites in watering hole campaign
- 200K Outlaw Botnet Uses SSH Brute Forcing to Propagate, Monero Mining for Profit
- Infamous Russian Hacking Group Used New Trojan in Recent Attacks
- APT29 Re-Emerges After 2 Years with Widespread Espionage Campaign
- APT29 Re-Emerges After 2 Years with Widespread Espionage Campaign
- Russia’s Elite Hackers May Have New Phishing Tricks
- Government Agencies and Think Tanks attacked, APT29 suspected
- Hackers Linked to Russia Impersonate US Officials
- Russian APT activity is resurgent, researchers say
- Sofacy Continues Global Attacks and Wheels Out New ‘Cannon’ Trojan
- OceanLotus: New watering hole attack in Southeast Asia
- OceanLotus: New watering hole attack in Southeast Asia
- Kaspersky Security Bulletin: Threat Predictions for 2019
- Experts analyzed how Iranian OilRIG hackers tested their weaponized documents
- Google, Target Hit by Twitter Bitcoin Scam Account Hacks
HEALTHCARE
- Not So Cozy: An Uncomfortable Examination of a Suspected APT29 Phishing Campaign
- SUNY Upstate Hospital announced a former employee inappropriately accessed more than 1,200 patient records.
- Texas hospital becomes victim of Dharma ransomware
TRANSPORT
Nil
BANKING & FINANCE
- New Modular tRat Remote Access Trojan Surfaced During September
- Tianfu Cup PWN hacking contest – White hat hackers earn $1 Million for Zero-Day exploits
- Collective Intelligence Podcast, Vitali Kremez on Magecart
- Business email compromise scam costs Pathé $21.5 million
- Subject: Invoice. The cause of 6 out of 10 of the most effective phishing campaigns in 2018
- Vision Direct reveals customer credit card leak, fake Google script may be to blame
- Vision Direct Notifies Customers of Data Compromise
- Email campaign spreading new tRAT malware
- October 2018’s Most Wanted Malware: For The First Time, Remote Access Trojan Reaches Global Threat Index’s Top 10
INFORMATION & TELECOMMUNICATION
- U.S. warns countries not to 'manipulate the extradition process' for cybercriminals
- Tianfu Cup PWN hacking contest – White hat hackers earn $1 Million for Zero-Day exploits
- Instagram Flaw Exposes User Passwords
- Multiple Remote TP-Link TL-R600VPN Router Vulnerabilities Patched
- A week in security (November 12 – 18)
- Instagram Bug, Now Fixed, Exposed User Passwords
- The Most Damaging Election Disinformation Campaign Came From Donald Trump, Not Russia
- 2FA Login Failure in Office 365 and Azure
- SUNY Upstate Hospital announced a former employee inappropriately accessed more than 1,200 patient records.
- New ShadowTalk update looks at:
New nation-state threat actor uses advanced TTPs to target Pakistan
Lazarus Group’s FASTCash malware
- Cybaze ZLab – Yoroi team analyzed malware used in recent attacks on US entities attributed to APT29
- Outlaw Group Distributes Botnet for Cryptocurrency-Mining, Scanning, and Brute-Force
- Instagram flaw exposes user passwords
- Instagram Privacy Tool Exposed Passwords
- Proofpoint #ThreatInsight research: #sLoad and #Ramnit pairing in sustained personalized campaigns against UK and Italy:
- Instagram Accidentally Exposed Some User Passwords
- How #privacy intersects with #CyberSecurity.
“Criminals can craft better phishing emails to scam you when they know what you’re interested in.”
- Instagram Critical Bug Leaked User’s Password Via its Data Download Tool
- Fun fact: The Morris Worm of 1988 did never spread to Finland, as the outbreak happened two weeks before we
- Instagram Accidentally Exposed Some Users' Passwords In Plaintext
FOOD
Nil
WATER
Nil
ENERGY
Nil
GOVERNMENT & PUBLIC SERVICE
- Not So Cozy: An Uncomfortable Examination of a Suspected APT29 Phishing Campaign
- U.S. warns countries not to 'manipulate the extradition process' for cybercriminals
- The Most Damaging Election Disinformation Campaign Came From Donald Trump, Not Russia
- Cybaze ZLab – Yoroi team analyzed malware used in recent attacks on US entities attributed to APT29
- Russian Cozy Bear APT 29 hackers may be impersonating State Department
- Turkish Police Arrested Cryptocurrency Hackers
HEALTHCARE
- New HealthEquity Data Breach Exposes PII/PHI of Almost 21,000 Customers
- SUNY Upstate Hospital announced a former employee inappropriately accessed more than 1,200 patient records.
- Apache Struts2 Commons FileUpload Deserialization Remote Code Execution Vulnerability (CVE-2016-100031)Threat Alert
TRANSPORT
- Group-IB presented latest cybercrime and nation-state hacking trends in Asia
BANKING & FINANCE
- InfoWars: Magecart Infection Points to 'Industrial Sabotage'
- Reappearance of Magecart Malware to Infect Virtual Stores
- New HealthEquity Data Breach Exposes PII/PHI of Almost 21,000 Customers
- Hacking group returns, switches attacks from ransomware to trojan malware
- Details of 170,000 Pakistani debit cards leaked on dark web
- Cyber News Rundown: Infowars Hacked by Card Skimmers
- .@TalosSecurity recently created a #decryptor that helps files affected by the #ransomware #Thanatos -- typically known to not decrypt files
- Russian Banks Hit By Major Phishing Attacks
- How to Stay One Step Ahead of Phishing Websites — Literally
- Group-IB presented latest cybercrime and nation-state hacking trends in Asia
- Russian banks hit by major phishing attacks from two hacker groups
- ATM Tests Reveal Surprising Security Flaws
- tRat is a new modular RAT used by the threat actor TA505
- Malaysia’s Largest Media Company Allegedly Suffers Ransomware Attack
- Data Breaches on the Rise in Financial Services
- Four More Malicious Cryptocurrency Apps on Google Play
- Hackers infect Malaysia’s largest media company with ransomware, then demand $6.45 million
- #GroupIB #ThreatIntelligence detected large set of compromised payment cards details that was put on sale on underground card shop on
- Two hacker groups attacked Russian banks posing as the Central Bank of Russia
- Apache Struts2 Commons FileUpload Deserialization Remote Code Execution Vulnerability (CVE-2016-100031)Threat Alert
- 5 Top Techniques for Testing Blockchain Apps
- Warning Issued by Emirates NBD over VAT Phishing Email Targeting its Customers
- Looking Back at LogRhythm Labs' 2018 Predictions for Security - How Did We Do?
INFORMATION & TELECOMMUNICATION
- InfoWars: Magecart Infection Points to 'Industrial Sabotage'
- Gmail Glitch Offers Stealthy Trick for Phishing Attacks
- Analyzing OilRig’s Ops Tempo from Testing to Weaponization to Delivery
- This Week in Security News: Holiday Cybercriminals & Cryptomining Malware
- Cybaze ZLab- Yoroi team spotted a new variant of the APT28 Lojax rootkit
- Word of the Day: social engineering
- SUNY Upstate Hospital announced a former employee inappropriately accessed more than 1,200 patient records.
- 2FA codes are great for security, except when 26M of them are leaked
- #GroupIB #ThreatIntelligence detected large set of compromised payment cards details that was put on sale on underground card shop on
- Google, US and Israeli politician Twitter accounts hijacked to promote 'Elon Musk' Bitcoin scam
- Two hacker groups attacked Russian banks posing as the Central Bank of Russia
- Apache Struts2 Commons FileUpload Deserialization Remote Code Execution Vulnerability (CVE-2016-100031)Threat Alert
- French Company Data Breach Causes Sensitive Information Stolen to the Hackers
- Magecart become close to a household name with hacks of massive sites like http://Ticketmaster.com , http://Newegg.com and British Airways.
- Amid calls for a Windows bug status dashboard, Microsoft belatedly agrees to build one
- Looking Back at LogRhythm Labs' 2018 Predictions for Security - How Did We Do?
- SentinelOne Detects KeyPass Ransomware!
KeyPass is a new ransomware threat that has hit at least 20 countries and appears to be
FOOD
Nil
WATER
Nil
ENERGY
- Group-IB presented latest cybercrime and nation-state hacking trends in Asia
- Apache Struts2 Commons FileUpload Deserialization Remote Code Execution Vulnerability (CVE-2016-100031)Threat Alert
- French Company Data Breach Causes Sensitive Information Stolen to the Hackers
GOVERNMENT & PUBLIC SERVICE
- Using Microsoft Powerpoint as Malware Dropper
- Operation Shaheen – Pakistan Air Force members targeted by nation-state attackers
- Analyzing OilRig’s Ops Tempo from Testing to Weaponization to Delivery
- This Week in Security News: Holiday Cybercriminals & Cryptomining Malware
- Group-IB presented latest cybercrime and nation-state hacking trends in Asia
- Kaspersky Announces the Details of Windows 7 Zero-Day Vulnerability
- Looking Back at LogRhythm Labs' 2018 Predictions for Security - How Did We Do?
HEALTHCARE
- Phishing Attack Causes Breach at Southwest Washington Regional Surgery Center
- WannaCry Still Impacts Thousands of Systems Every Month
TRANSPORT
- Compromising vital infrastructure: air traffic control
- Bots on a plane? Bad bots cause unique cyber-security issues for airlines
BANKING & FINANCE
- Proofpoint: Hackers testing new reconnaissance malware on financial institutions
- Survey Says: Bad PR Due to Data Breach News, Very Bad for Businesses
- Compromising vital infrastructure: air traffic control
- Phishing Attack Causes Breach at Southwest Washington Regional Surgery Center
- 20% of MageCart-compromised merchants get reinfected within days
- 20% of MageCart-compromised merchants get reinfected within days
- RiskIQ’s 2018 Black Friday E-commerce Blacklist: Key Intel for This Year’s Mega Shopping Weekend
- Phishing Emails with .COM Extensions Are Hitting Finance Departments
- Brazilian Users Under Attack From Metamorfo Banking Trojan
- Today #GroupIB detected a massive phishing campaign sent to Russian banks from a fake email address purporting to belong to
- Massive Data Leaks Keep Happening Because Big Companies Can Afford to Lose Your Data
- 14 Malware Families Targeting E-Commerce Brands Ahead of Black Friday
- Phishing fraudsters set their sights on online storage portals
- Skimmed BA and Newegg Customer Card Details Up for Sale
- InfoWars online store hit by Magecart
- Alex Jones's InfoWars online store hit by Magecart
- Cryptocurrency fraud is the exception, not the rule
- Ransomware Attack Strikes Media Prima
- Access Control Acronyms: ACL, RBAC, ABAC, PBAC, RAdAC, and a Dash of CBAC
INFORMATION & TELECOMMUNICATION
- Suspected Russian cybercriminal arrested in Bulgaria at U.S. request, lawyer says
- Vulnerability: Emojis can kill Skype for Business
- 5 Ways #Cybercriminals Can Access Your Emails Without #Phishing [Infographic]:
- Massive Data Leaks Keep Happening Because Big Companies Can Afford to Lose Your Data
- Official Google Twitter account hacked in Bitcoin scam
- Law firm uncovers exposed sensitive details about top attorney online. @mazzazone gives the details:
- #ThreatHuntThursday: How to hunt for lateral movement by #PSExec. Check out our new blog post by @sp1nl0ck on how remote
- Two whitehats receive $60,000 in rewards for successfully finding iOS 12.1 vulnerabilities
- #tRat: New modular #RAT appears in multiple email campaigns: http://ow.ly/1nsX50jHzgd via the Proofpoint @threatinsight research team.
- Cryptocurrency fraud is the exception, not the rule
- Nordstrom is notifying employees of a data breach that exposed their personal information, including names, Social Security numbers, dates of
- Facebook fixed a new security bug
- I forgot to follow up on this… According to Apple, the process could take up to 7 days. It
FOOD
Nil
WATER
Nil
ENERGY
Nil
GOVERNMENT & PUBLIC SERVICE
- My Health Record extension highlights lingering security, privacy concerns
- Compromising vital infrastructure: air traffic control
- Suspected Russian cybercriminal arrested in Bulgaria at U.S. request, lawyer says
- Report: Microsoft’s enterprise products covertly gather personal data on users
- Chinese TEMP.Periscope cyberespionage group was using TTPs associated with Russian APTs
- Cryptocurrency fraud is the exception, not the rule
- My Health Record remains opt-out as Senate passes privacy amendments
- Symantec Honored for its Collaboration With Leading Industry Group to Protect Against Business Email Compromise Scams
HEALTHCARE
- Premier Media Conglomerate of Malaysia, Falls for Ransomware Infection
- The Cybersecurity Tech Accord endorses the Paris Call
- Former Employee Accessed Medical Records For Nearly a Year
- Chinese Threat Actor TEMP.Periscope Targets UK-Based Engineering Company Using Russian APT Techniques
- What’s on Our Minds for 2019? Key Themes from the RSA Speaker Selection Process
TRANSPORT
- Chinese Threat Actor TEMP.Periscope Targets UK-Based Engineering Company Using Russian APT Techniques
- What’s on Our Minds for 2019? Key Themes from the RSA Speaker Selection Process
BANKING & FINANCE
- Fake Crypto Wallet Apps Discovered in Google Play, Built Using Drag-n-Drop
- Premier Media Conglomerate of Malaysia, Falls for Ransomware Infection
- The Cybersecurity Tech Accord endorses the Paris Call
- Magecart Cybercrime Groups Mass Harvest Payment Card Data
- Seven Hacking Groups Operate Under “Magecart” Umbrella, Analysis Shows
- That Domain You Forgot to Renew? Yeah, it’s Now Stealing Credit Cards
- Nordstrom Quick to Tell Employees of a Data Breach
- Inside Magecart: RiskIQ and Flashpoint Release Comprehensive Report on the Assault on E-Commerce
- ‘Inside Magecart’ Exposes the Operation Behind the Web’s Biggest E-Commerce Scourge
- The Tactic Cybercriminals Use to Steal Bitcoin
- Beware !! Worlds Most Active Malware Emotet Launching New Campaign With Malicious Word and PDF Attachments
- Compromised security in millions of cards in the US
INFORMATION & TELECOMMUNICATION
- Fixed Facebook Privacy Bug Could Have Allowed Bad Actors to Steal Personal Info
- Facebook flaw opened your profile to data thieves
- Facebook Patches Another User Data Harvesting Bug
- That Domain You Forgot to Renew? Yeah, it’s Now Stealing Credit Cards
- Nordstrom Quick to Tell Employees of a Data Breach
- Facebook Bug Let Websites Access Private User Data
- Target and other high profile Twitter accounts exploited for cryptocurrency scams
- The Ontario Cannabis Store has reported a data breach that took place Nov. 1 through the Canada Post and affected
- Facebook patches another bug that could have allowed mass-harvesting of user data
- Chinese Threat Actor TEMP.Periscope Targets UK-Based Engineering Company Using Russian APT Techniques
- It’s Amateur Hour in the World of Spyware and Victims Will Pay the Price
- Microsoft Patch Tuesday — November 2018: Vulnerability disclosures and Snort coverage
- Another Facebook Bug Could Have Exposed Your Private Information
- #Gallmaker eschews custom malware, uses living off the land and publicly available #hack tools. Find out more:
- Attacker hijacks Elon Musk Twitter account to implement fake bitcoin fraud
- Google Services down due to BGP leak, traffic hijacked through Russia, China, and Nigeria
- To help you rule out the worst password ideas, FrontNet has put together a list of the 25 words passwords
- WebCobra Malware Uses Victims’ Computers to Mine Cryptocurrency
- WebCobra Malware Uses Victims’ Computers to Mine Cryptocurrency
- Illegal cryptocurrency mining
- Leak: Windows 10 October Update will be re-launched tomorrow
- Twitter grapples with fake Elon Musk accounts promoting bitcoin scams
FOOD
Nil
WATER
- That Domain You Forgot to Renew? Yeah, it’s Now Stealing Credit Cards
ENERGY
- Chinese Threat Actor TEMP.Periscope Targets UK-Based Engineering Company Using Russian APT Techniques
- WebCobra Malware Uses Victims’ Computers to Mine Cryptocurrency
- WebCobra Malware Uses Victims’ Computers to Mine Cryptocurrency
- Illegal cryptocurrency mining
GOVERNMENT & PUBLIC SERVICE
- Scare Force: Pakistan military hit by Operation Shaheen malware
- Pakistan Military Hit By Operation Shaheen Malware
- Sophisticated cyber-espionage campaign targeting Pakistani government and air force
- Chinese Threat Actor TEMP.Periscope Targets UK-Based Engineering Company Using Russian APT Techniques
- It’s Amateur Hour in the World of Spyware and Victims Will Pay the Price
- Using Machine Learning to Cluster Malicious Network Flows From Gh0st RAT Variants
- WebCobra Malware Uses Victims’ Computers to Mine Cryptocurrency
- WebCobra Malware Uses Victims’ Computers to Mine Cryptocurrency
