ASIA
- APT10 targets Japanese media company with upgraded UPPERCUT
- New Malware Combines Ransomware, Coin Mining and Botnet Features in One
- Zero Day vulnerability allows access to CCTV cameras
- Hackers using Android & iOS Spyware “Pegasus” to Conducting Massive Surveillance Operations in 45 Countries
WORLD
- Access to over 3,000 compromised sites sold on Russian black marketplace MagBo
- Access to over 3,000 backdoored sites sold on Russian hacking forum
- NSA Leak Fuels Rise in Hacking for Crypto Mining: Report
- Magecart strikes again, this time at electronics retailer Newegg
- Researchers find new financial malware targeting banking customers in Brazil
- Newegg Credit Card Info Stolen For a Month by Injected MageCart Script
- Another Victim of the Magecart Assault Emerges: Newegg
- Hackers Steal Customers' Credit Cards From Newegg Electronics Retailer
- Yahoo settles for $47 million in litigation following data breach of 3 billion accounts
- Mirai Botnet Creators Helping FBI Fight Cybercrime to Stay Out of Jail
ATTACKS
- Phishing finance apps make way back into Google Play
- Survey: Nearly one-third of breached companies reported job losses after data breach
- Access to over 3,000 compromised sites sold on Russian black marketplace MagBo
- NSA Leak Fuels Rise in Hacking for Crypto Mining: Report
- Hackers Constantly Carrying out Password Stealing Attacks Targeting Financial Services Industry
- A Hybrid Solution to Taming SOC Alert Overload
- Magecart claims another victim in Newegg merchant data theft
- The makers of the Mirai IoT-hijacking botnet are sentenced
- Here we Mongo again! Millions of records exposed by insecure database
- How Facebook wants to protect political campaigners from hacking
- FBI: Phishing Attacks Aim to Swap Payroll Information
- Yahoo settles for $47 million in litigation following data breach of 3 billion accounts
- Mirai botnet authors avoid prison after "substantial assistance" to the FBI
- New Malware Combines Ransomware, Coin Mining and Botnet Features in One
- State Department reveals data breach, employee information exposed
- Credential Stuffing Attacks Generate Billions of Login Attempts
- This Windows file may be secretly hoarding your passwords and emails
- Your business should be more afraid of phishing than malware
- Mirai Botnet Creators Helping FBI Fight Cybercrime to Stay Out of Jail
- Vulnerabilities Discovered in NUUO Network Video Recorder
- Veeam gets hacked: Data management enterprise exposes database with more than 400 million emails
- New ransomware campaign encrypts files even if the ransom is paid
THREATS
- VAI MALANDRA: A LOOK INTO THE LIFECYCLE OF BRAZILIAN FINANCIAL MALWARE
- WANNAMINE CRYPTOMINER THAT USES ETERNALBLUE STILL ACTIVE
- Colorado firm claims ransomware attack behind closure
- Access to over 3,000 backdoored sites sold on Russian hacking forum
- Adobe Patches Code Execution, Other Flaws in Acrobat and Reader
- Bug in Bitcoin code also opens smaller cryptocurrencies to attacks
- NSA Leak Fuels Rise in Hacking for Crypto Mining: Report
- Researchers find new financial malware targeting banking customers in Brazil
- XBash Malware Packs Double Punch: Destroys Data and Mines for Crypto Coins
- Rapid7 Threat Intelligence Book Club: ‘Countdown to Zero Day’ Recap
- The Past, the Present, and the Future of Illicit Cryptomining: Cyber Threat Alliance Publishes Landmark White Paper
- ‘Peekaboo’ zero-day lets hackers view and alter surveillance camera footage
- WTB: Windows Systems Vulnerable To FragmentSmack, 90s-Like DoS Bug
- New Malware Combines Ransomware, Coin Mining and Botnet Features in One
- Your business should be more afraid of phishing than malware
- Flaw in Western Digital My Cloud exposes the content to hackers
- Vulnerabilities Discovered in NUUO Network Video Recorder
- Cyber Threat Alliance Releases Cryptomining Whitepaper
- Zero Day vulnerability allows access to CCTV cameras
- Hackers using Android & iOS Spyware “Pegasus” to Conducting Massive Surveillance Operations in 45 Countries
- New ransomware campaign encrypts files even if the ransom is paid
- Windows 10 Build 18242 (19H1) Released With Bug Fixes
CRIME
- Bug in Bitcoin code also opens smaller cryptocurrencies to attacks
- Magecart strikes again, this time at electronics retailer Newegg
- Researchers find new financial malware targeting banking customers in Brazil
- Newegg Credit Card Info Stolen For a Month by Injected MageCart Script
- Magecart claims another victim in Newegg merchant data theft
- XBash Malware Packs Double Punch: Destroys Data and Mines for Crypto Coins
- The Past, the Present, and the Future of Illicit Cryptomining: Cyber Threat Alliance Publishes Landmark White Paper
- Another Victim of the Magecart Assault Emerges: Newegg
- Hackers Steal Customers' Credit Cards From Newegg Electronics Retailer
- The makers of the Mirai IoT-hijacking botnet are sentenced
- FBI: Phishing Attacks Aim to Swap Payroll Information
- WTB: Windows Systems Vulnerable To FragmentSmack, 90s-Like DoS Bug
- Mirai botnet authors avoid prison after "substantial assistance" to the FBI
- Mirai Botnet Creators Helping FBI Fight Cybercrime to Stay Out of Jail
- Cyber Threat Alliance Releases Cryptomining Whitepaper
- New ransomware campaign encrypts files even if the ransom is paid
POLITICS
- ‘Peekaboo’ zero-day lets hackers view and alter surveillance camera footage
- Veeam gets hacked: Data management enterprise exposes database with more than 400 million emails
- Zero Day vulnerability allows access to CCTV cameras
Data Breach
- US Dept of State says attack on email system exposed employees’ personal data
- State Department email breach leaks employee PII
- 14 million customer records exposed in GovPayNow leak
- Xbash Malware Deletes Databases on Linux, Mines for Coins on Windows
- Survey: Nearly one-third of breached companies reported job losses after data breach
- Insiders Continue to be Data Theft’s Best Friend
- Symantec offers political campaigns service to guard against website spoofing
- Huge E-marketing Database that Contains 11 Million Sensitive Personal Records Exposed Online
- GovPayNow Leak of 14M+ Records Dates Back to 2012
- MongoDB server leaks 11 million user records from e-marketing service
- GovPayNow payment portal may have exposed over 14 million customer records
- Database with 11 Million Email Records Exposed
- UK watchdog has not issued any GDPR data breach-related fines yet
- Political Figures Differ Online: Names of Trump, Obama, Merkel Attached to Ransomware Campaigns
- 900,000 Australians opt out of My Health Record
Denial-of-Service
- Bizarre botnet infects your PC to scrub away cryptocurrency mining malware
- New Xbash Malware Attack on Linux & Windows with Botnet, Ransomware & Coinminer Capabilities
- New XBash malware combines features from ransomware, cryptocurrency miners, botnets, and worms
Malvertising
- Nothing to report
Data Leak
- Nothing to report
Phishing
- Here’s a Free Turnkey Phishing Awareness Program for National Cybersecurity Awareness Month
- Hackers selling research phished from universities on WhatsApp
Web Defacement
- Nothing to report
Malware
- NSO mobile Pegasus Spyware used in operations in 45 countries
- ThreatList: Malware Samples Targeting IoT More Than Double in 2018
- Xbash Malware Deletes Databases on Linux, Mines for Coins on Windows
- Chinese-speaking cybercrime group launches destructive malware family
- Pegasus spyware active in 45 countries, Citizen Lab says
- Destructive Xbash Linux Malware Targets Enterprise Intranets
- Dangerous Pegasus Spyware Has Spread to 45 Countries
- "Lawful intercept" Pegasus spyware found deployed in 45 countries
- Cybercrime: Ransomware remains a 'key' malware threat says Europol
- HIDE AND SEEK: Tracking NSO Group’s Pegasus Spyware to Operations in 45 Countries
- Bizarre botnet infects your PC to scrub away cryptocurrency mining malware
- Powerful Android and iOS Spyware Found Deployed in 45 Countries
- New Xbash Malware Attack on Linux & Windows with Botnet, Ransomware & Coinminer Capabilities
- New XBash malware combines features from ransomware, cryptocurrency miners, botnets, and worms
- Political Figures Differ Online: Names of Trump, Obama, Merkel Attached to Ransomware Campaigns
- Ransomware attack causes blackout on screens of Bristol Airport
Exploit
- 91 “child friendly” Android apps accused of exploitation
- Cracked Windows installations are serially infected with EternalBlue exploit code
Vulnerability
- Facebook Bug Bounty opens to reward access token exposure
- iOS Webkit flaw found that forces iPhone restart
- The NUUO Peekaboo vulnerability gives hackers your camera feed | Avast
- Intel releases firmware update for ME flaw
- Critical Vulnerability Impacts Hundreds of Thousands of IoT Cameras
- iOS 12 Brings Patches for 16 Security Vulnerabilities
- A flaw in Alpine Linux could allow executing arbitrary code
- Windows 10 Build 17763 Released As Microsoft Continues to Squash Bugs
- Hackers acknowledge Windows flaws but prefer social engineering tricks
- Critical RCE Peekaboo Bug in NVR Surveillance System, PoC Available
- Facebook Offers Rewards for Access Token Exposure Flaws
- Response Guide of IBM WebSphere Code Execution Vulnerability
Asia
- NSO mobile Pegasus Spyware used in operations in 45 countries
- Chinese-speaking cybercrime group launches destructive malware family
- Pegasus spyware active in 45 countries, Citizen Lab says
- Political Figures Differ Online: Names of Trump, Obama, Merkel Attached to Ransomware Campaigns
World
- US Dept of State says attack on email system exposed employees’ personal data
- NSO mobile Pegasus Spyware used in operations in 45 countries
- Broadcaster ABS-CBN customer data stolen, sent to Russian servers
- Hackers selling research phished from universities on WhatsApp
- 91 “child friendly” Android apps accused of exploitation
- GovPayNow Leak of 14M+ Records Dates Back to 2012
- UK watchdog has not issued any GDPR data breach-related fines yet
- Political Figures Differ Online: Names of Trump, Obama, Merkel Attached to Ransomware Campaigns
- Ransomware attack causes blackout on screens of Bristol Airport
- 900,000 Australians opt out of My Health Record
Attacks
- US Dept of State says attack on email system exposed employees’ personal data
- State Department email breach leaks employee PII
- 14 million customer records exposed in GovPayNow leak
- Xbash Malware Deletes Databases on Linux, Mines for Coins on Windows
- Survey: Nearly one-third of breached companies reported job losses after data breach
- Here’s a Free Turnkey Phishing Awareness Program for National Cybersecurity Awareness Month
- Hackers selling research phished from universities on WhatsApp
- Insiders Continue to be Data Theft’s Best Friend
- Symantec offers political campaigns service to guard against website spoofing
- Huge E-marketing Database that Contains 11 Million Sensitive Personal Records Exposed Online
- GovPayNow Leak of 14M+ Records Dates Back to 2012
- MongoDB server leaks 11 million user records from e-marketing service
- Bizarre botnet infects your PC to scrub away cryptocurrency mining malware
- GovPayNow payment portal may have exposed over 14 million customer records
- New Xbash Malware Attack on Linux & Windows with Botnet, Ransomware & Coinminer Capabilities
- New XBash malware combines features from ransomware, cryptocurrency miners, botnets, and worms
- Database with 11 Million Email Records Exposed
- UK watchdog has not issued any GDPR data breach-related fines yet
- Political Figures Differ Online: Names of Trump, Obama, Merkel Attached to Ransomware Campaigns
- 900,000 Australians opt out of My Health Record
Threats
- Facebook Bug Bounty opens to reward access token exposure
- iOS Webkit flaw found that forces iPhone restart
- NSO mobile Pegasus Spyware used in operations in 45 countries
- ThreatList: Malware Samples Targeting IoT More Than Double in 2018
- The NUUO Peekaboo vulnerability gives hackers your camera feed | Avast
- Intel releases firmware update for ME flaw
- Xbash Malware Deletes Databases on Linux, Mines for Coins on Windows
- Chinese-speaking cybercrime group launches destructive malware family
- Pegasus spyware active in 45 countries, Citizen Lab says
- Destructive Xbash Linux Malware Targets Enterprise Intranets
- Critical Vulnerability Impacts Hundreds of Thousands of IoT Cameras
- Dangerous Pegasus Spyware Has Spread to 45 Countries
- iOS 12 Brings Patches for 16 Security Vulnerabilities
- 91 “child friendly” Android apps accused of exploitation
- A flaw in Alpine Linux could allow executing arbitrary code
- Windows 10 Build 17763 Released As Microsoft Continues to Squash Bugs
- Hackers acknowledge Windows flaws but prefer social engineering tricks
- "Lawful intercept" Pegasus spyware found deployed in 45 countries
- Cybercrime: Ransomware remains a 'key' malware threat says Europol
- Critical RCE Peekaboo Bug in NVR Surveillance System, PoC Available
- Cracked Windows installations are serially infected with EternalBlue exploit code
- HIDE AND SEEK: Tracking NSO Group’s Pegasus Spyware to Operations in 45 Countries
- Bizarre botnet infects your PC to scrub away cryptocurrency mining malware
- Facebook Offers Rewards for Access Token Exposure Flaws
- Powerful Android and iOS Spyware Found Deployed in 45 Countries
- New Xbash Malware Attack on Linux & Windows with Botnet, Ransomware & Coinminer Capabilities
- New XBash malware combines features from ransomware, cryptocurrency miners, botnets, and worms
- Response Guide of IBM WebSphere Code Execution Vulnerability
- Political Figures Differ Online: Names of Trump, Obama, Merkel Attached to Ransomware Campaigns
- Ransomware attack causes blackout on screens of Bristol Airport
Crime
- Xbash Malware Deletes Databases on Linux, Mines for Coins on Windows
- Chinese-speaking cybercrime group launches destructive malware family
- Destructive Xbash Linux Malware Targets Enterprise Intranets
- Broadcaster ABS-CBN customer data stolen, sent to Russian servers
- Insiders Continue to be Data Theft’s Best Friend
- Cybercrime: Ransomware remains a 'key' malware threat says Europol
- GovPayNow Leak of 14M+ Records Dates Back to 2012
- GovPayNow payment portal may have exposed over 14 million customer records
Politics
- Symantec offers political campaigns service to guard against website spoofing
Asia
- Zero day in popular video surveillance technology goes public, unpatched
- APT10 targets Japanese media company with upgraded UPPERCUT
- Deterrence or waste of time? Experts at odds over DOJ's actions on North Korea
- Amazon Probing Staff Data Leaks
World
- Zero day in popular video surveillance technology goes public, unpatched
- Ransomware Disrupts Flight Boards at U.K. Airport
- UK Airport Won’t Negotiate With Ransomware Attackers; Falls Back to Whiteboards
- Deterrence or waste of time? Experts at odds over DOJ's actions on North Korea
- Ransomware Takes Down Airport's Flight Information Screens
- Google Android team found high severity flaw in Honeywell Android-based handheld computers
- Ransomware Attack Hits Bristol Airport, Flight Display Screens Went Offline
Attacks
- iOS 12 Patches Memory Bugs, Safari 12 Fixes Data Leaks
- New XBash malware combines ransomware, coinminer, botnet, and worm features in deadly combo
- Apple iOS 12 security update tackles Safari spoofing, data leaks, kernel memory flaws
- Survey: Nearly one-third of breached companies reported job losses after data breach
- New Botnet Hides in Blockchain DNS Mist and Removes Cryptominer
- Survey: Nearly one-third of breached companies reported job losses after data breach
- Amazon Probing Staff Data Leaks
- Xbash Combines Botnet, Ransomware, Coinmining in Worm that Targets Linux and Windows
- On the hook! Phishing trip nets “Barbara” 5 years and whopping fine
- This new phishing attack uses an old trick to steal passwords and credit card details
- Amazon staff said to be taking bribes to leak data
Threats
- Zero-Day Bug Allows Hackers to Access CCTV Surveillance Cameras
- iOS 12 Patches Memory Bugs, Safari 12 Fixes Data Leaks
- New XBash malware combines ransomware, coinminer, botnet, and worm features in deadly combo
- Apple iOS 12 security update tackles Safari spoofing, data leaks, kernel memory flaws
- Proofpoint: One month out from deadline, half of agency domains are DMARC compliant
- Colorado firm claims ransomware attack behind closure
- Zero day in popular video surveillance technology goes public, unpatched
- New Botnet Hides in Blockchain DNS Mist and Removes Cryptominer
- Old WordPress Plugin Being Exploited in RCE Attacks
- New Xbash Malware a Cocktail of Malicious Functions
- Cyber scammers using Hurricane Florence as a hook for malicious emails
- Bristol airport hit with ransomware attack
- Colorado firm claims ransomware attack behind closure
- Facebook bolsters bug bounty program with rewards for user token exposure
- Hackers hijack surveillance camera footage with 'Peekaboo' zero-day vulnerability
- Ransomware Disrupts Flight Boards at U.K. Airport
- Privilege Escalation Vulnerability Found in Honeywell Android Computers
- UK Airport Won’t Negotiate With Ransomware Attackers; Falls Back to Whiteboards
- Uptick in malware designed to size up targets before launching full payload
- Ransomware Takes Down Airport's Flight Information Screens
- Xbash Combines Botnet, Ransomware, Coinmining in Worm that Targets Linux and Windows
- Why the 'fixed' Windows EternalBlue exploit won't die
- Google Android team found high severity flaw in Honeywell Android-based handheld computers
- Google's Android Team Finds Serious Flaw in Honeywell Devices
- Ransomware Attack Takes Down Bristol Airport's Flight Display Screens
- Wannamine Malware Still Penetrate the Unpatched SMB Computers using NSA’s EternalBlue Exploit
- Ransomware Attack Hits Bristol Airport, Flight Display Screens Went Offline
- Watch Out! This New Web Exploit Can Crash and Restart Your iPhone
Crime
- Zero day in popular video surveillance technology goes public, unpatched
- New Xbash Malware a Cocktail of Malicious Functions
- On the hook! Phishing trip nets “Barbara” 5 years and whopping fine
- This new phishing attack uses an old trick to steal passwords and credit card details
- Wannamine Malware Still Penetrate the Unpatched SMB Computers using NSA’s EternalBlue Exploit
Politics
- Amazon Probing Staff Data Leaks
Asia
- China-linked APT10 Hackers Update Attack Techniques
- Well-known Middle Eastern hacking group keeps updating its arsenal
- Iran-Linked OilRig APT group targets high-ranking office in a Middle Eastern nation
- Illegal Patch Allows Easier Access to India's Aadhaar Biometric Database
- Chinese Cyber Espionage Group APT10 Delivers UPPERCUT Backdoor Via Malicious Word Documents
- N. Korea Calls Sony, Wannacry Hack Charges Smear Campaign
- North Korean hacker officially charged for the WannaCry attacks
World
- Evaluating the Threatscape One Year After NotPetya Ransomware Attack
- Security news: More phishing, Canada pays ransom, SMBs are a target | Avast
- Well-known Middle Eastern hacking group keeps updating its arsenal
- Iran-Linked OilRig APT group targets high-ranking office in a Middle Eastern nation
- Military, Government Users Just as Bad About Password Hygiene as Civilians
- Chinese Cyber Espionage Group APT10 Delivers UPPERCUT Backdoor Via Malicious Word Documents
- N. Korea Calls Sony, Wannacry Hack Charges Smear Campaign
- Major US mobile carriers want to be your password
- Russian man accused of running Kelihos botnet pleads guilty
- North Korean hacker officially charged for the WannaCry attacks
- Law firm begins legal action for data theft in British Airways
- Malware-as-a-Service – New Black Rose Lucy Malware Targets Android Devices With a Special Logic for Xiaomi Phones
Attacks
- Jaxx Cryptocurrency wallet phishing campaign shut down
- Cryptojacking campaign targets add-ons for popular streaming app Kodi
- How to Protect Against Phishing Attacks that Follow Natural Disasters
- Survey: Nearly one-third of breached companies reported job losses after data breach
- Survey: Nearly one-third of breached companies reported job losses after data breach
- MEGA Chrome extension compromised to steal credentials and cryptocurrency
- Security news: More phishing, Canada pays ransom, SMBs are a target | Avast
- Russians and Latvians in DOJ crosshairs for cybercrimes, including running the Kelihos botnet
- Data breaches affect stock performance in the long run, study finds
- Cobalt Gang phishing campaign targets Eastern Europeans with CobInt backdoor-downloader
- Military, Government Users Just as Bad About Password Hygiene as Civilians
- One-Third of Data Breaches Led to People Losing Jobs: Kaspersky
- DDoS attacks: Students blamed for many university cyber attacks
- Illegal Patch Allows Easier Access to India's Aadhaar Biometric Database
- N. Korea Calls Sony, Wannacry Hack Charges Smear Campaign
- Major US mobile carriers want to be your password
- Russian man accused of running Kelihos botnet pleads guilty
- Veeam Publicly Exposed 445 Million Customers Records Of its Marketing Database
- Cold Boot Attacks – Hackers Can Unlock All the Modern Computers and Steal Encryption Keys & Passwords
- Law firm begins legal action for data theft in British Airways
Threats
- Zerodium announced Tor vulnerability on Twitter -announced-tor-vulnerability-on-twitter/ …
- FragmentSmack vulnerability also affects Windows, but Microsoft patched it
- Google’s desktop update for Chrome squashes two bugs
- The Week in Ransomware - September 14th 2018 - Kraken, Dharma, & Matrix
- Evaluating the Threatscape One Year After NotPetya Ransomware Attack
- Colorado firm claims ransomware attack behind closure
- Uptick in malware designed to size up targets before launching full payload
- Fallout Exploit Kit Pushing the SAVEfiles Ransomware
- Microsoft Office 365 Customers Get Protection Against Malicious Macros
- Canadian town bows to ransomware attack, will pay attackers
- From PoC to Pwned: New Exploits Appear in Attacks Just Days After Disclosure
- Kraken Cryptor Ransomware Masquerading as SuperAntiSpyware Security Program
- Cobalt Gang phishing campaign targets Eastern Europeans with CobInt backdoor-downloader
- Honolulu-based Fetal Diagnostic Institute of the Pacific hit with ransomware
- Chinese Cyber Espionage Group APT10 Delivers UPPERCUT Backdoor Via Malicious Word Documents
- Apple’s Safari and Microsoft’s Edge browsers contain spoofing bug
- Malware-as-a-Service – New Black Rose Lucy Malware Targets Android Devices With a Special Logic for Xiaomi Phones
Crime
- Cryptojacking campaign targets add-ons for popular streaming app Kodi
- How to Protect Against Phishing Attacks that Follow Natural Disasters
- Russian man accused of running Kelihos botnet pleads guilty
- Law firm begins legal action for data theft in British Airways
Politics
- Chinese Cyber Espionage Group APT10 Delivers UPPERCUT Backdoor Via Malicious Word Documents
Asia
- OilRig APT Continues Its Ongoing Malware Evolution
- APT10 Targeting Japanese Corporations Using Updated TTPs
World
- Russian man extradited to U.S. for ‘massive’ financial hacking campaign
- Bacloud: Russia’s New Misinformation Safe Haven
- Kelihos Botnet Operator Pleads Guilty in Federal Court
- Scareware scheme operator thrown behind bars for targeting US media
- Cobalt crime gang is using again CobInt malware in attacks on former soviet states
- Russian Hacker Pleads Guilty to Operating Kelihos Botnet
- Kelihos Botnet Author Pleads Guilty in U.S. Court
- New PyLocky Ransomware Attack on Various Organization that Encrypt More than 100 File Extensions
- Smashing Security : British Airways hack, Mac apps steal browser history, and one person has 285,000 texts leaked
Attacks
- Russian man extradited to U.S. for ‘massive’ financial hacking campaign
- Sly malware author hides cryptomining botnet behind ever-shifting proxy service
- Park by Phone data breach affects 5000 customers
- Cobalt Gang phishing campaign targets Eastern Europeans with CobInt backdoor-downloader
- Cold-Boot Attack Steals Passwords In Under Two Minutes
- Security flaw can leak Intel ME encryption keys
- New Necurs Spam Campaign Targets Banks with Malicious .Wiz Files
- Veeam leaves MongoDB database wide open, exposes 445m records
- Kelihos Botnet Operator Pleads Guilty in Federal Court
- Kodi add-ons launch cryptomining campaign
- Jaxx wallet phishing campaign aimed to steal user cryptocurrency
- Kelihos botnet operator jailed for account theft, ID trading in the Dark Web
- Files With 42 Million Emails and Passwords Found On Free Hosting Service
- Raise of IoT Botnets Responsible for Massive DDoS Attacks – Q2 2018 Threat Report
- Russian Hacker Pleads Guilty to Operating Kelihos Botnet
- Kelihos Botnet Author Pleads Guilty in U.S. Court
- Mongo Lock: The attack that deletes MongoDB databases
- Mongo Lock: The attack that deletes MongoDB databases
- Smashing Security : British Airways hack, Mac apps steal browser history, and one person has 285,000 texts leaked
Threats
- Domestic Kitten spyware targets ISIS supporters
- September Patch Tuesday: Adobe patches seven critical vulnerabilities
- Sly malware author hides cryptomining botnet behind ever-shifting proxy service
- Apple store apps are not all safe: Malwarebytes, Tripwire
- Uptick in malware designed to size up targets before launching full payload
- Honolulu-based Fetal Diagnostic Institute of the Pacific hit with ransomware
- Cobalt Gang phishing campaign targets Eastern Europeans with CobInt backdoor-downloader
- Apple’s Safari and Microsoft’s Edge browsers contain spoofing bug
- OilRig APT Continues Its Ongoing Malware Evolution
- Apache Struts exploit found in Mirai variant may signify shift in attack strategy
- Flaws in firmware expose almost any modern PC to Cold Boot Attacks
- ThreatList: Microsoft Macros Remain Top Vector for Malware Delivery
- Security flaw can leak Intel ME encryption keys
- How to Perform Manual SQL Injection With Integer Based Method
- [SingCERT] Alert on Critical Microsoft Vulnerabilities CVE-2018-8440, CVE-2018-8475, CVE-2018-0965, CVE-2018-8439 & CVE-2018-8449
- 2 Billion Bluetooth Devices Remain Exposed to Airborne Attack Vulnerabilities
- Really old computer viruses are still infecting new machines
- New Necurs Spam Campaign Targets Banks with Malicious .Wiz Files
- ICS CERT warns of several flaws in Fuji Electric V-Server
- Two billion devices still vulnerable to Blueborne flaws a year after discovery
- Prison for man who assisted scareware scheme that targeted newspaper website
- Microsoft Office Macros: Still Your Leader in Malware Delivery
- Windows and Linux Kodi users infected with cryptomining malware
- Kodi add-ons launch cryptomining campaign
- Ransomware attack shuts down small Canadian town; officials pay ransom
- New Firmware Flaws Resurrect Cold Boot Attacks
- New Gartner Report Recommends a Vulnerability Management Process Based on Weaponization and Asset Value
- Kernel exploit discovered in macOS Webroot SecureAnywhere antivirus software
- Malicious Kodi Add-ons Install Windows & Linux Coin Mining Trojans
- Scareware scheme operator thrown behind bars for targeting US media
- Cobalt crime gang is using again CobInt malware in attacks on former soviet states
- New PyLocky Ransomware stands out for anti-machine learning capability
- New PyLocky Ransomware Attack on Various Organization that Encrypt More than 100 File Extensions
- Smashing Security : British Airways hack, Mac apps steal browser history, and one person has 285,000 texts leaked
Crime
- Sly malware author hides cryptomining botnet behind ever-shifting proxy service
- Prison for man who assisted scareware scheme that targeted newspaper website
- Bacloud: Russia’s New Misinformation Safe Haven
- Windows and Linux Kodi users infected with cryptomining malware
- Kelihos Botnet Operator Pleads Guilty in Federal Court
- Kodi add-ons launch cryptomining campaign
- Ransomware attack shuts down small Canadian town; officials pay ransom
- New Gartner Report Recommends a Vulnerability Management Process Based on Weaponization and Asset Value
- Kelihos botnet operator jailed for account theft, ID trading in the Dark Web
- Files With 42 Million Emails and Passwords Found On Free Hosting Service
- Scareware scheme operator thrown behind bars for targeting US media
- Cobalt crime gang is using again CobInt malware in attacks on former soviet states
- Russian Hacker Pleads Guilty to Operating Kelihos Botnet
- Kelihos Botnet Author Pleads Guilty in U.S. Court
Politics
- APT10 Targeting Japanese Corporations Using Updated TTPs
- Bacloud: Russia’s New Misinformation Safe Haven
Asia
- WTB: Apple Removes Top Security Tool for Secretly Stealing Data
World
- Multi-Stage Malware Heavily Used in Recent Cobalt Attacks
- Latvian hacker sentenced to 33 months in prison for scareware scheme
- Russian hacker pleads guilty for role in massive botnet schemes
- Modular Malware Brings Stealthy Attacks to Former Soviet States
- Data breach — 380,000 British Airways transactions compromised | Avast
- Researchers implicate online card-skimming group in British Airways hack
- British Airways reveals details about data breach
Attacks
- OilRig Uses Updated BONDUPDATER to Target Middle Eastern Government
- Russian hacker pleads guilty for role in massive botnet schemes
- Jaxx Cryptocurrency wallet phishing campaign shut down
- Modular Malware Brings Stealthy Attacks to Former Soviet States
- Data breach — 380,000 British Airways transactions compromised | Avast
- Veeam Leaks 200 GB Customer Database, Goldmine for Phishers
- Park by Phone data breach affects 5000 customers
- Feeling the Pulse of Cyber Security in Healthcare
- Phishing warning: One in every one hundred emails is now a hacking attempt
- Cybercriminals Go Phishing For Jaxx Wallet Users
- Dramatic Increase of DDoS Attack Sizes Attributed to IoT Devices
- Data management firm Veeam mismanages own data, leaks 445m records
- Crooks Combine Phishing and Impersonation For Higher Success Rate
- Beware! Unpatched Safari Browser Hack Lets Attackers Spoof URLs
- British Airways reveals details about data breach
Threats
- Multi-Stage Malware Heavily Used in Recent Cobalt Attacks
- OilRig Uses Updated BONDUPDATER to Target Middle Eastern Government
- Latvian hacker sentenced to 33 months in prison for scareware scheme
- Canadian town bows to ransomware attack, will pay attackers
- Russian hacker pleads guilty for role in massive botnet schemes
- PowerShell Obfuscation Ups the Ante on Antivirus
- New Python-based Ransomware Poses as Locky
- Modular Malware Brings Stealthy Attacks to Former Soviet States
- Uproar after Adobe winds down Magento rewards-based bug bounty program
- Malware Campaign Targeting Jaxx Wallet Holders Shut Down
- Osiris Banking Trojan Displays Modern Malware Innovation
- September Patch Tuesday: Adobe patches seven critical vulnerabilities
- Office VBA + AMSI: Parting the veil on malicious macros
- A question of security: What is obfuscation and how does it work?
- Feedify becomes latest victim of the Magecart malware campaign
- Flaws Found in Fuji Electric Tool That Links Corporate PCs to ICS
- Researchers implicate online card-skimming group in British Airways hack
- Veeam Leaks 200 GB Customer Database, Goldmine for Phishers
- September 2018 Security Notes address a total of 14 flaws in SAP products
- Domestic Kitten spyware targets ISIS supporters
- Six Critical Vulnerabilities in Adobe ColdFusion Get Patches
- Microsoft purges 3,000 tech support scams hiding on TechNet
- Faster Prod at the Expense of Security? 2018 ‘Under the Hoodie’ Reveals Gaps in Applications
- Feedify Hacked with Magecart Information Stealing Script
- Cybercriminals Go Phishing For Jaxx Wallet Users
- Adobe patch update tackles six critical vulnerabilities in ColdFusion
- Crooks Combine Phishing and Impersonation For Higher Success Rate
- Microsoft Patch Tuesday updates for September 2018 also address recently disclosed Windows zero-day
- September Patch Tuesday: Windows Fixes ALPC Elevation of Privilege, Remote Code Execution Vulnerabilities
- Address Bar Spoofing Flaw Found in Edge, Safari
- Beware! Unpatched Safari Browser Hack Lets Attackers Spoof URLs
- Microsoft Released Security Updates with the Patch for Recent Windows Zero-day Flow
Crime
- Russian hacker pleads guilty for role in massive botnet schemes
- Osiris Banking Trojan Displays Modern Malware Innovation
- Data breach — 380,000 British Airways transactions compromised | Avast
- Researchers implicate online card-skimming group in British Airways hack
- Veeam Leaks 200 GB Customer Database, Goldmine for Phishers
- Feedify Hacked with Magecart Information Stealing Script
- WTB: Apple Removes Top Security Tool for Secretly Stealing Data
- British Airways reveals details about data breach
Politics
- Nothing to report
