Sep 21, 2018

Threat report for 2018-09-20

DATA BREACH

  1. 14 million customer records exposed in GovPayNow leak
  2. State Department email breach leaks employee PII
  3. Magecart data breach possibly avoidable -magecart-data-breach-possibly-avoidable/ …
  4. Adams County clerk resigns over role in data breach
  5. ICO to Fine Equifax £500,000 for 2017 Data Breach   via
  6. Pegasus spyware spotted in 45 countries, many with questionable human rights records
  7. State Department: Some Employee Info Possibly Exposed in Security Incident   via
  8. This breach is a great example of how CT logs can be useful as an early indicator of an ongoing attack campaign. Orgs should be monitoring CT for certificates issued to look-alike domains to improve their situational awareness. -magazine.com/news/magecart-skimmed-newegg-cards/ …
  9. Data commissioner fines Equifax £500,000 for US data breach affecting UK customers
  10. Newegg Electronic Retailers Suffered a Data Breach and Hackers Stole Customers Credit Card Data
  11. LG V40 ThinQ Alleged Specifications Sheet Leaked; Reveals 8GB RAM Model With a 6.4-Inch Display, but No Triple-Rear-Camera
  12. ICO to Fine Equifax £500,000 for 2017 Data Breach   via
  13. UK organisations’ email accounts used in mass phishing campaigns
  14. Threat Spotlight: Barracuda study finds account takeover incidents widespread, most commonly used for phishing campaigns
  15. 7GB of Medical Data Publicly Exposed Thanks to Misconfigured AWS S3 Bucket
  16. The public's trust, politics and race, and dignity for the LGBT community: MP Murali Pillai goes On the Record
  17. US State Department confirms data breach to unclassified email system
  18. Researcher discovers buffer overflow vulnerability in Microsoft's JET Database Engine
  19. HMRC Tax Refund Scam via Phishing Campaign
  20. China Arrests Suspect for Customer Data Leak at Accor Partner
  21. State Department Email Breach Exposed Personal Data Of Employees
  22. Equifax fined £500,000 over customer data breach
  23. Privacy advocates have failed to engage on My Health Record
  24. UK Regulator Fines Equifax £500,000 Over 2017 Data Breach
  25. GovPayNow Leak of 14M+ Records The All Time Low in Processing
  26. State Department: Some Employee Info Possibly Exposed in Security Incident   via

DENIAL-OF-SERVICE

  1. Snap! Adobe patches, sneaky Android botnets, Alexa invasion, robot skins
  2. The makers of the Mirai IoT-hijacking botnet are sentenced   via
  3. 3 Drivers Behind the Increasing Frequency of DDoS Attacks
  4. New XBash malware combines features from ransomware, cryptocurrency miners, botnets, and worms
  5. : The 3 people suspected of the have escaped jail after agreeing to provide “substantial assistance” to the in ongoing cases. Read more about this story here:   .twitter.com/Yzb9wM7KzU
  6. 3 Drivers Behind the Increasing Frequency of DDoS Attacks
  7. This Russian botnet mimics your click to prevent Android device factory resets
  8. FBI wants to keep “helpful” Mirai botnet authors around
  9. The makers of the Mirai IoT-hijacking botnet are sentenced   via
  10. Mirai botnet developers collaborate with the FBI
  11. Identifying botnets before an attack: The new DARPA challenge
  12. US Signal partners with Cloudflare to deliver DDoS protection service

MALVERTISING

Nothing to report

DATA LEAK

  1. Hackers Uploaded Fake Apps into Google Play Store to Steal Credit card details and Login Credentials

PHISHING

  1. Account Takeover Attacks Become a Phishing Fave
  2. Account Takeover Attacks Result in Phishing Scams  pic.twitter.com/hR2kSqlpCN
  3. Malicious Login Attempts Spike in Finance, Retail  pic.twitter.com/OQPWqymDRB
  4. Account Takeover Attacks Result in Phishing Scams -magazine.com/news/account-takeover-attacks-result-in?utm_source=twitterfeed&utm_medium=twitter …
  5. Malicious Login Attempts Spike in Finance, Retail -magazine.com/news/malicious-login-attempts-spike-in?utm_source=twitterfeed&utm_medium=twitter …
  6. Account Takeover Attacks Become a Phishing Fave
  7. : malware detections have soared 273% since 2017 according to new stats from . The most popular way to spread is brute-forcing of passwords, used in 93% of detected attacks. Read more here:   .twitter.com/Ct8Z7qckRC
  8. UK organisations’ email accounts used in mass phishing campaigns
  9. Threat Spotlight: Barracuda study finds account takeover incidents widespread, most commonly used for phishing campaigns
  10. Hackers Uploaded Fake Apps into Google Play Store to Steal Credit card details and Login Credentials
  11. HMRC Tax Refund Scam via Phishing Campaign
  12. Phishing finance apps make way back into Google Play
  13. Manipulation tactics that you fall for in phishing attacks

WEB DEFACEMENT

Nothing to report

MALWARE

  1. US authorities Have Pardoned Authors of Mirai Ransomware in Return For Government “Cooperation”
  2. Domain Joined Outlook 2016 Issues - 0x8004011D
  3. Report: Cryptomining malware detections up more than 459 percent since 2017
  4. Bad actors are sizing up systems via lightweight recon before attack, researchers at Proofpoint said:
  5. The rate at which new threats appear now requires a much greater reliance on threat intelligence. Learn more about its opportunities and challenges in our .  pic.twitter.com/bEh9MKP6nS
  6. Malicious Login Attempts Spike in Finance, Retail  pic.twitter.com/OQPWqymDRB
  7. Malicious Login Attempts Spike in Finance, Retail -magazine.com/news/malicious-login-attempts-spike-in?utm_source=twitterfeed&utm_medium=twitter …
  8. New XBash malware combines features from ransomware, cryptocurrency miners, botnets, and worms
  9. Pegasus spyware spotted in 45 countries, many with questionable human rights records
  10. Book Review: Malware Data Science
  11. Increased Use of a Delphi Packer to Evade Malware Classification
  12. Hundreds of Indian Government Websites Hit with Cryptojacking Malware
  13. This breach is a great example of how CT logs can be useful as an early indicator of an ongoing attack campaign. Orgs should be monitoring CT for certificates issued to look-alike domains to improve their situational awareness. -magazine.com/news/magecart-skimmed-newegg-cards/ …
  14. Mitigate Risk From Malicious and Accidental Insiders
  15. : malware detections have soared 273% since 2017 according to new stats from . The most popular way to spread is brute-forcing of passwords, used in 93% of detected attacks. Read more here:   .twitter.com/Ct8Z7qckRC
  16. Sustes Malware: CPU for Monero
  17. Report: Cryptomining malware detections up more than 459 percent since 2017
  18. Threats posed by using RATs in ICS
  19. Report Reveals Widespread Use of Pegasus Spyware
  20. GovPayNow Leak of 14M+ Records The All Time Low in Processing
  21. Evil Clone Attack – Hackers Injecting Crypto-mining Malware into Legitimate PDF Software
  22. Newegg hacked: The new victim of Magecart malware
  23. How to detect and remove a virus from your Android phone | Avast

EXPLOIT

  1. : Hackers say and have been the easiest attack vectors to exploit this year. 56% of said that social engineering is the fastest account seizing technique to use on them. Read more here:   .twitter.com/e5ogD8VYWT
  2. Researcher discovers buffer overflow vulnerability in Microsoft's JET Database Engine

VULNERABILITY

  1. Android bug bounty tops $3m in third year, but pay flattens out
  2. Facebook Bug Bounty opens to reward access token exposure
  3. Bug hunters fail third year in a row to get top prize in Android hacking program
  4. Cisco Issues New Warning for 6-Month-Old Critical Bug in IOS XE
  5. Guarding the Gate: Cybersecurity De-Mystified
  6. Researcher discovers buffer overflow vulnerability in Microsoft's JET Database Engine
  7. Interview with Daniel Stenberg: His thoughts on the Curl Bug Bounty Program
  8. Western Digital goes quiet on unpatched MyCloud flaw
  9. CVE-2018-0150: Cisco IOS XE Software Static Credential Vulnerability
  10. Adobe releases patch out of schedule to squash critical code execution bug
  11. Cisco IOS XE Software Static Credential Vulnerability
  12. Adobe issued a critical out-of-band patch to address CVE-2018-12848 Acrobat flaw
  13. Ubuntu Released Security Updates & Fixed Multiple Critical Vulnerabilities
  14. Vulnerability in My cloud devices exposes sensitive information
  15. Western Digital My Cloud vulnerability, let’s hacker gives full access
  16. Guarding the Gate: Cybersecurity De-Mystified
at
Labels:

Region brief for 2018-09-20

ASIA

  1. Hundreds of Indian Government Websites Hit with Cryptojacking Malware
  2. The public's trust, politics and race, and dignity for the LGBT community: MP Murali Pillai goes On the Record
  3. China Arrests Suspect for Customer Data Leak at Accor Partner

OCEANIA

  1. Privacy advocates have failed to engage on My Health Record

NORTH AMERICA

  1. A worrying future for the next generation?
  2. US authorities Have Pardoned Authors of Mirai Ransomware in Return For Government “Cooperation”
  3. Book Review: Malware Data Science
  4. Wyden: Tech company has told multiple senators of foreign hacking attempts
  5. Data commissioner fines Equifax £500,000 for US data breach affecting UK customers
  6. LG V40 ThinQ Alleged Specifications Sheet Leaked; Reveals 8GB RAM Model With a 6.4-Inch Display, but No Triple-Rear-Camera
  7. 7GB of Medical Data Publicly Exposed Thanks to Misconfigured AWS S3 Bucket
  8. US State Department confirms data breach to unclassified email system
  9. Threats posed by using RATs in ICS
  10. GovPayNow Leak of 14M+ Records The All Time Low in Processing
  11. Card Data-Scraping Magecart Code Found on Newegg
  12. Mirai botnet developers collaborate with the FBI
  13. US Signal partners with Cloudflare to deliver DDoS protection service

SOUTH AMERICA

Nothing to report

EUROPE

  1. New Magecart victims ABS-CBN and Newegg are just the tip of the iceberg
  2. Magecart Strikes Again, Siphoning Payment Info from Newegg
  3. Wyden: Tech company has told multiple senators of foreign hacking attempts
  4. Data commissioner fines Equifax £500,000 for US data breach affecting UK customers
  5. UK organisations’ email accounts used in mass phishing campaigns
  6. Newegg Inc. Suffers Hack, Credit Card Data Stolen
  7. This Russian botnet mimics your click to prevent Android device factory resets
  8. HMRC Tax Refund Scam via Phishing Campaign
  9. NewEgg Network is attacked by hackers
  10. UK Regulator Fines Equifax £500,000 Over 2017 Data Breach
  11. Magecart cybercrime group stole customers’ credit cards from Newegg electronics retailer
  12. Latest Hacking News Podcast
  13. Newegg hacked: The new victim of Magecart malware
  14. Western Digital My Cloud vulnerability, let’s hacker gives full access

AFRICA

Nothing to report
at
Labels:

Sector brief for 2018-09-20

HEALTHCARE

  1. 7GB of Medical Data Publicly Exposed Thanks to Misconfigured AWS S3 Bucket

TRANSPORT

  1. US Signal partners with Cloudflare to deliver DDoS protection service

BANKING & FINANCE

  1. Malicious Login Attempts Spike in Finance, Retail  pic.twitter.com/OQPWqymDRB
  2. Malicious Login Attempts Spike in Finance, Retail -magazine.com/news/malicious-login-attempts-spike-in?utm_source=twitterfeed&utm_medium=twitter …
  3. New Magecart victims ABS-CBN and Newegg are just the tip of the iceberg
  4. Magecart Strikes Again, Siphoning Payment Info from Newegg
  5. Newegg Electronic Retailers Suffered a Data Breach and Hackers Stole Customers Credit Card Data
  6. Newegg Inc. Suffers Hack, Credit Card Data Stolen
  7. Hackers Uploaded Fake Apps into Google Play Store to Steal Credit card details and Login Credentials
  8. HMRC Tax Refund Scam via Phishing Campaign
  9. Phishing finance apps make way back into Google Play
  10. NewEgg Network is attacked by hackers
  11. UK Regulator Fines Equifax £500,000 Over 2017 Data Breach
  12. Magecart cybercrime group stole customers’ credit cards from Newegg electronics retailer
  13. Manipulation tactics that you fall for in phishing attacks
  14. GovPayNow Leak of 14M+ Records The All Time Low in Processing
  15. Card Data-Scraping Magecart Code Found on Newegg

INFORMATION & TELECOMMUNICATION

Nothing to report

FOOD

Nothing to report

WATER

Nothing to report

ENERGY

Nothing to report

PUBLIC SERVICE

  1. Wyden: Tech company has told multiple senators of foreign hacking attempts
at
Labels:

Daily brief for 2018-09-20

ASIA

  1. Hundreds of Indian Government Websites Hit with Cryptojacking Malware
  2. The public's trust, politics and race, and dignity for the LGBT community: MP Murali Pillai goes On the Record
  3. China Arrests Suspect for Customer Data Leak at Accor Partner

WORLD

  1. A worrying future for the next generation?
  2. US authorities Have Pardoned Authors of Mirai Ransomware in Return For Government “Cooperation”
  3. Book Review: Malware Data Science
  4. New Magecart victims ABS-CBN and Newegg are just the tip of the iceberg
  5. Magecart Strikes Again, Siphoning Payment Info from Newegg
  6. Wyden: Tech company has told multiple senators of foreign hacking attempts
  7. Data commissioner fines Equifax £500,000 for US data breach affecting UK customers
  8. LG V40 ThinQ Alleged Specifications Sheet Leaked; Reveals 8GB RAM Model With a 6.4-Inch Display, but No Triple-Rear-Camera
  9. UK organisations’ email accounts used in mass phishing campaigns
  10. Newegg Inc. Suffers Hack, Credit Card Data Stolen
  11. This Russian botnet mimics your click to prevent Android device factory resets
  12. 7GB of Medical Data Publicly Exposed Thanks to Misconfigured AWS S3 Bucket
  13. US State Department confirms data breach to unclassified email system
  14. HMRC Tax Refund Scam via Phishing Campaign
  15. Threats posed by using RATs in ICS
  16. NewEgg Network is attacked by hackers
  17. Privacy advocates have failed to engage on My Health Record
  18. UK Regulator Fines Equifax £500,000 Over 2017 Data Breach
  19. Magecart cybercrime group stole customers’ credit cards from Newegg electronics retailer
  20. GovPayNow Leak of 14M+ Records The All Time Low in Processing
  21. Latest Hacking News Podcast
  22. Card Data-Scraping Magecart Code Found on Newegg
  23. Newegg hacked: The new victim of Magecart malware
  24. Mirai botnet developers collaborate with the FBI
  25. Western Digital My Cloud vulnerability, let’s hacker gives full access
  26. US Signal partners with Cloudflare to deliver DDoS protection service

ATTACKS

  1. 14 million customer records exposed in GovPayNow leak
  2. State Department email breach leaks employee PII
  3. Magecart data breach possibly avoidable -magecart-data-breach-possibly-avoidable/ …
  4. Adams County clerk resigns over role in data breach
  5. Snap! Adobe patches, sneaky Android botnets, Alexa invasion, robot skins
  6. Account Takeover Attacks Become a Phishing Fave
  7. ICO to Fine Equifax £500,000 for 2017 Data Breach   via
  8. Account Takeover Attacks Result in Phishing Scams  pic.twitter.com/hR2kSqlpCN
  9. Malicious Login Attempts Spike in Finance, Retail  pic.twitter.com/OQPWqymDRB
  10. Account Takeover Attacks Result in Phishing Scams -magazine.com/news/account-takeover-attacks-result-in?utm_source=twitterfeed&utm_medium=twitter …
  11. Malicious Login Attempts Spike in Finance, Retail -magazine.com/news/malicious-login-attempts-spike-in?utm_source=twitterfeed&utm_medium=twitter …
  12. The makers of the Mirai IoT-hijacking botnet are sentenced   via
  13. 3 Drivers Behind the Increasing Frequency of DDoS Attacks
  14. New XBash malware combines features from ransomware, cryptocurrency miners, botnets, and worms
  15. Pegasus spyware spotted in 45 countries, many with questionable human rights records
  16. Account Takeover Attacks Become a Phishing Fave
  17. : The 3 people suspected of the have escaped jail after agreeing to provide “substantial assistance” to the in ongoing cases. Read more about this story here:   .twitter.com/Yzb9wM7KzU
  18. State Department: Some Employee Info Possibly Exposed in Security Incident   via
  19. This breach is a great example of how CT logs can be useful as an early indicator of an ongoing attack campaign. Orgs should be monitoring CT for certificates issued to look-alike domains to improve their situational awareness. -magazine.com/news/magecart-skimmed-newegg-cards/ …
  20. 3 Drivers Behind the Increasing Frequency of DDoS Attacks
  21. Data commissioner fines Equifax £500,000 for US data breach affecting UK customers
  22. Newegg Electronic Retailers Suffered a Data Breach and Hackers Stole Customers Credit Card Data
  23. LG V40 ThinQ Alleged Specifications Sheet Leaked; Reveals 8GB RAM Model With a 6.4-Inch Display, but No Triple-Rear-Camera
  24. : malware detections have soared 273% since 2017 according to new stats from . The most popular way to spread is brute-forcing of passwords, used in 93% of detected attacks. Read more here:   .twitter.com/Ct8Z7qckRC
  25. ICO to Fine Equifax £500,000 for 2017 Data Breach   via
  26. UK organisations’ email accounts used in mass phishing campaigns
  27. Threat Spotlight: Barracuda study finds account takeover incidents widespread, most commonly used for phishing campaigns
  28. Hackers Uploaded Fake Apps into Google Play Store to Steal Credit card details and Login Credentials
  29. This Russian botnet mimics your click to prevent Android device factory resets
  30. 7GB of Medical Data Publicly Exposed Thanks to Misconfigured AWS S3 Bucket
  31. The public's trust, politics and race, and dignity for the LGBT community: MP Murali Pillai goes On the Record
  32. FBI wants to keep “helpful” Mirai botnet authors around
  33. US State Department confirms data breach to unclassified email system
  34. Researcher discovers buffer overflow vulnerability in Microsoft's JET Database Engine
  35. HMRC Tax Refund Scam via Phishing Campaign
  36. China Arrests Suspect for Customer Data Leak at Accor Partner
  37. Phishing finance apps make way back into Google Play
  38. State Department Email Breach Exposed Personal Data Of Employees
  39. Equifax fined £500,000 over customer data breach
  40. The makers of the Mirai IoT-hijacking botnet are sentenced   via
  41. Privacy advocates have failed to engage on My Health Record
  42. UK Regulator Fines Equifax £500,000 Over 2017 Data Breach
  43. Manipulation tactics that you fall for in phishing attacks
  44. GovPayNow Leak of 14M+ Records The All Time Low in Processing
  45. Mirai botnet developers collaborate with the FBI
  46. State Department: Some Employee Info Possibly Exposed in Security Incident   via
  47. Identifying botnets before an attack: The new DARPA challenge
  48. US Signal partners with Cloudflare to deliver DDoS protection service

THREATS

  1. Android bug bounty tops $3m in third year, but pay flattens out
  2. Facebook Bug Bounty opens to reward access token exposure
  3. US authorities Have Pardoned Authors of Mirai Ransomware in Return For Government “Cooperation”
  4. Bug hunters fail third year in a row to get top prize in Android hacking program
  5. Domain Joined Outlook 2016 Issues - 0x8004011D
  6. Report: Cryptomining malware detections up more than 459 percent since 2017
  7. Bad actors are sizing up systems via lightweight recon before attack, researchers at Proofpoint said:
  8. The rate at which new threats appear now requires a much greater reliance on threat intelligence. Learn more about its opportunities and challenges in our .  pic.twitter.com/bEh9MKP6nS
  9. Malicious Login Attempts Spike in Finance, Retail  pic.twitter.com/OQPWqymDRB
  10. Malicious Login Attempts Spike in Finance, Retail -magazine.com/news/malicious-login-attempts-spike-in?utm_source=twitterfeed&utm_medium=twitter …
  11. New XBash malware combines features from ransomware, cryptocurrency miners, botnets, and worms
  12. Pegasus spyware spotted in 45 countries, many with questionable human rights records
  13. Book Review: Malware Data Science
  14. Increased Use of a Delphi Packer to Evade Malware Classification
  15. Cisco Issues New Warning for 6-Month-Old Critical Bug in IOS XE
  16. Hundreds of Indian Government Websites Hit with Cryptojacking Malware
  17. This breach is a great example of how CT logs can be useful as an early indicator of an ongoing attack campaign. Orgs should be monitoring CT for certificates issued to look-alike domains to improve their situational awareness. -magazine.com/news/magecart-skimmed-newegg-cards/ …
  18. Mitigate Risk From Malicious and Accidental Insiders
  19. : malware detections have soared 273% since 2017 according to new stats from . The most popular way to spread is brute-forcing of passwords, used in 93% of detected attacks. Read more here:   .twitter.com/Ct8Z7qckRC
  20. Sustes Malware: CPU for Monero
  21. : Hackers say and have been the easiest attack vectors to exploit this year. 56% of said that social engineering is the fastest account seizing technique to use on them. Read more here:   .twitter.com/e5ogD8VYWT
  22. Guarding the Gate: Cybersecurity De-Mystified
  23. Researcher discovers buffer overflow vulnerability in Microsoft's JET Database Engine
  24. Interview with Daniel Stenberg: His thoughts on the Curl Bug Bounty Program
  25. Report: Cryptomining malware detections up more than 459 percent since 2017
  26. Threats posed by using RATs in ICS
  27. Western Digital goes quiet on unpatched MyCloud flaw
  28. CVE-2018-0150: Cisco IOS XE Software Static Credential Vulnerability
  29. Adobe releases patch out of schedule to squash critical code execution bug
  30. Cisco IOS XE Software Static Credential Vulnerability
  31. Report Reveals Widespread Use of Pegasus Spyware
  32. GovPayNow Leak of 14M+ Records The All Time Low in Processing
  33. Adobe issued a critical out-of-band patch to address CVE-2018-12848 Acrobat flaw
  34. Ubuntu Released Security Updates & Fixed Multiple Critical Vulnerabilities
  35. Evil Clone Attack – Hackers Injecting Crypto-mining Malware into Legitimate PDF Software
  36. Newegg hacked: The new victim of Magecart malware
  37. Vulnerability in My cloud devices exposes sensitive information
  38. Western Digital My Cloud vulnerability, let’s hacker gives full access
  39. Guarding the Gate: Cybersecurity De-Mystified
  40. How to detect and remove a virus from your Android phone | Avast

CRIME

  1. Report: Cryptomining malware detections up more than 459 percent since 2017
  2. The makers of the Mirai IoT-hijacking botnet are sentenced   via
  3. : The 3 people suspected of the have escaped jail after agreeing to provide “substantial assistance” to the in ongoing cases. Read more about this story here:   .twitter.com/Yzb9wM7KzU
  4. New Magecart victims ABS-CBN and Newegg are just the tip of the iceberg
  5. Magecart Strikes Again, Siphoning Payment Info from Newegg
  6. Newegg Electronic Retailers Suffered a Data Breach and Hackers Stole Customers Credit Card Data
  7. Newegg Inc. Suffers Hack, Credit Card Data Stolen
  8. Hackers Uploaded Fake Apps into Google Play Store to Steal Credit card details and Login Credentials
  9. 7GB of Medical Data Publicly Exposed Thanks to Misconfigured AWS S3 Bucket
  10. HMRC Tax Refund Scam via Phishing Campaign
  11. Report: Cryptomining malware detections up more than 459 percent since 2017
  12. NewEgg Network is attacked by hackers
  13. The makers of the Mirai IoT-hijacking botnet are sentenced   via
  14. Magecart cybercrime group stole customers’ credit cards from Newegg electronics retailer
  15. Manipulation tactics that you fall for in phishing attacks
  16. GovPayNow Leak of 14M+ Records The All Time Low in Processing
  17. Card Data-Scraping Magecart Code Found on Newegg
  18. Newegg hacked: The new victim of Magecart malware
  19. Mirai botnet developers collaborate with the FBI

POLITICS

  1. Wyden: Tech company has told multiple senators of foreign hacking attempts
  2. 7GB of Medical Data Publicly Exposed Thanks to Misconfigured AWS S3 Bucket
at
Labels:

Sep 20, 2018

Threat report for 2018-09-19

DATA BREACH

  1. Survey: Nearly one-third of breached companies reported job losses after data breach
  2. Access to over 3,000 compromised sites sold on Russian black marketplace MagBo
  3. NSA Leak Fuels Rise in Hacking for Crypto Mining: Report
  4. Magecart claims another victim in Newegg merchant data theft
  5. Here we Mongo again! Millions of records exposed by insecure database
  6. How Facebook wants to protect political campaigners from hacking
  7. Yahoo settles for $47 million in litigation following data breach of 3 billion accounts
  8. State Department reveals data breach, employee information exposed
  9. Vulnerabilities Discovered in NUUO Network Video Recorder
  10. Veeam gets hacked: Data management enterprise exposes database with more than 400 million emails
  11. New ransomware campaign encrypts files even if the ransom is paid

DENIAL-OF-SERVICE

  1. A Hybrid Solution to Taming SOC Alert Overload
  2. The makers of the Mirai IoT-hijacking botnet are sentenced
  3. Mirai botnet authors avoid prison after "substantial assistance" to the FBI
  4. New Malware Combines Ransomware, Coin Mining and Botnet Features in One
  5. Mirai Botnet Creators Helping FBI Fight Cybercrime to Stay Out of Jail

MALVERTISING

  1. Nothing to report

DATA LEAK

  1. Nothing to report

PHISHING

  1. Phishing finance apps make way back into Google Play
  2. Hackers Constantly Carrying out Password Stealing Attacks Targeting Financial Services Industry
  3. FBI: Phishing Attacks Aim to Swap Payroll Information
  4. Credential Stuffing Attacks Generate Billions of Login Attempts
  5. This Windows file may be secretly hoarding your passwords and emails
  6. Your business should be more afraid of phishing than malware

WEB DEFACEMENT

  1. Nothing to report

MALWARE

  1. VAI MALANDRA: A LOOK INTO THE LIFECYCLE OF BRAZILIAN FINANCIAL MALWARE
  2. WANNAMINE CRYPTOMINER THAT USES ETERNALBLUE STILL ACTIVE
  3. Colorado firm claims ransomware attack behind closure
  4. Access to over 3,000 backdoored sites sold on Russian hacking forum
  5. NSA Leak Fuels Rise in Hacking for Crypto Mining: Report
  6. Researchers find new financial malware targeting banking customers in Brazil
  7. XBash Malware Packs Double Punch: Destroys Data and Mines for Crypto Coins
  8. The Past, the Present, and the Future of Illicit Cryptomining: Cyber Threat Alliance Publishes Landmark White Paper
  9. New Malware Combines Ransomware, Coin Mining and Botnet Features in One
  10. Your business should be more afraid of phishing than malware
  11. Cyber Threat Alliance Releases Cryptomining Whitepaper
  12. Hackers using Android & iOS Spyware “Pegasus” to Conducting Massive Surveillance Operations in 45 Countries
  13. New ransomware campaign encrypts files even if the ransom is paid

EXPLOIT

  1. Nothing to report

VULNERABILITY

  1. Adobe Patches Code Execution, Other Flaws in Acrobat and Reader
  2. Bug in Bitcoin code also opens smaller cryptocurrencies to attacks
  3. Rapid7 Threat Intelligence Book Club: ‘Countdown to Zero Day’ Recap
  4. ‘Peekaboo’ zero-day lets hackers view and alter surveillance camera footage
  5. WTB: Windows Systems Vulnerable To FragmentSmack, 90s-Like DoS Bug
  6. Flaw in Western Digital My Cloud exposes the content to hackers
  7. Vulnerabilities Discovered in NUUO Network Video Recorder
  8. Zero Day vulnerability allows access to CCTV cameras
  9. Windows 10 Build 18242 (19H1) Released With Bug Fixes
at
Labels:

Region brief for 2018-09-19

ASIA

  1. APT10 targets Japanese media company with upgraded UPPERCUT
  2. New Malware Combines Ransomware, Coin Mining and Botnet Features in One
  3. Zero Day vulnerability allows access to CCTV cameras
  4. Hackers using Android & iOS Spyware “Pegasus” to Conducting Massive Surveillance Operations in 45 Countries

OCEANIA

  1. Nothing to report

NORTH AMERICA

  1. NSA Leak Fuels Rise in Hacking for Crypto Mining: Report
  2. Magecart strikes again, this time at electronics retailer Newegg
  3. Yahoo settles for $47 million in litigation following data breach of 3 billion accounts
  4. Mirai Botnet Creators Helping FBI Fight Cybercrime to Stay Out of Jail

SOUTH AMERICA

  1. Researchers find new financial malware targeting banking customers in Brazil

EUROPE

  1. Access to over 3,000 compromised sites sold on Russian black marketplace MagBo
  2. Access to over 3,000 backdoored sites sold on Russian hacking forum
  3. Newegg Credit Card Info Stolen For a Month by Injected MageCart Script
  4. Another Victim of the Magecart Assault Emerges: Newegg
  5. Hackers Steal Customers' Credit Cards From Newegg Electronics Retailer

AFRICA

  1. Nothing to report
at
Labels:

Sector brief for 2018-09-19

HEALTHCARE

  1. Nothing to report

TRANSPORT

  1. Nothing to report

BANKING & FINANCE

  1. Phishing finance apps make way back into Google Play
  2. VAI MALANDRA: A LOOK INTO THE LIFECYCLE OF BRAZILIAN FINANCIAL MALWARE
  3. Magecart strikes again, this time at electronics retailer Newegg
  4. Researchers find new financial malware targeting banking customers in Brazil
  5. Hackers Constantly Carrying out Password Stealing Attacks Targeting Financial Services Industry
  6. Newegg Credit Card Info Stolen For a Month by Injected MageCart Script
  7. Another Victim of the Magecart Assault Emerges: Newegg
  8. Hackers Steal Customers' Credit Cards From Newegg Electronics Retailer
  9. FBI: Phishing Attacks Aim to Swap Payroll Information
  10. Credential Stuffing Attacks Generate Billions of Login Attempts

INFORMATION & TELECOMMUNICATION

  1. Nothing to report

FOOD

  1. Nothing to report

WATER

  1. Nothing to report

ENERGY

  1. Nothing to report

PUBLIC SERVICE

  1. Nothing to report
at
Labels:

Daily brief for 2018-09-19

ASIA

  1. APT10 targets Japanese media company with upgraded UPPERCUT
  2. New Malware Combines Ransomware, Coin Mining and Botnet Features in One
  3. Zero Day vulnerability allows access to CCTV cameras
  4. Hackers using Android & iOS Spyware “Pegasus” to Conducting Massive Surveillance Operations in 45 Countries

WORLD

  1. Access to over 3,000 compromised sites sold on Russian black marketplace MagBo
  2. Access to over 3,000 backdoored sites sold on Russian hacking forum
  3. NSA Leak Fuels Rise in Hacking for Crypto Mining: Report
  4. Magecart strikes again, this time at electronics retailer Newegg
  5. Researchers find new financial malware targeting banking customers in Brazil
  6. Newegg Credit Card Info Stolen For a Month by Injected MageCart Script
  7. Another Victim of the Magecart Assault Emerges: Newegg
  8. Hackers Steal Customers' Credit Cards From Newegg Electronics Retailer
  9. Yahoo settles for $47 million in litigation following data breach of 3 billion accounts
  10. Mirai Botnet Creators Helping FBI Fight Cybercrime to Stay Out of Jail

ATTACKS

  1. Phishing finance apps make way back into Google Play
  2. Survey: Nearly one-third of breached companies reported job losses after data breach
  3. Access to over 3,000 compromised sites sold on Russian black marketplace MagBo
  4. NSA Leak Fuels Rise in Hacking for Crypto Mining: Report
  5. Hackers Constantly Carrying out Password Stealing Attacks Targeting Financial Services Industry
  6. A Hybrid Solution to Taming SOC Alert Overload
  7. Magecart claims another victim in Newegg merchant data theft
  8. The makers of the Mirai IoT-hijacking botnet are sentenced
  9. Here we Mongo again! Millions of records exposed by insecure database
  10. How Facebook wants to protect political campaigners from hacking
  11. FBI: Phishing Attacks Aim to Swap Payroll Information
  12. Yahoo settles for $47 million in litigation following data breach of 3 billion accounts
  13. Mirai botnet authors avoid prison after "substantial assistance" to the FBI
  14. New Malware Combines Ransomware, Coin Mining and Botnet Features in One
  15. State Department reveals data breach, employee information exposed
  16. Credential Stuffing Attacks Generate Billions of Login Attempts
  17. This Windows file may be secretly hoarding your passwords and emails
  18. Your business should be more afraid of phishing than malware
  19. Mirai Botnet Creators Helping FBI Fight Cybercrime to Stay Out of Jail
  20. Vulnerabilities Discovered in NUUO Network Video Recorder
  21. Veeam gets hacked: Data management enterprise exposes database with more than 400 million emails
  22. New ransomware campaign encrypts files even if the ransom is paid

THREATS

  1. VAI MALANDRA: A LOOK INTO THE LIFECYCLE OF BRAZILIAN FINANCIAL MALWARE
  2. WANNAMINE CRYPTOMINER THAT USES ETERNALBLUE STILL ACTIVE
  3. Colorado firm claims ransomware attack behind closure
  4. Access to over 3,000 backdoored sites sold on Russian hacking forum
  5. Adobe Patches Code Execution, Other Flaws in Acrobat and Reader
  6. Bug in Bitcoin code also opens smaller cryptocurrencies to attacks
  7. NSA Leak Fuels Rise in Hacking for Crypto Mining: Report
  8. Researchers find new financial malware targeting banking customers in Brazil
  9. XBash Malware Packs Double Punch: Destroys Data and Mines for Crypto Coins
  10. Rapid7 Threat Intelligence Book Club: ‘Countdown to Zero Day’ Recap
  11. The Past, the Present, and the Future of Illicit Cryptomining: Cyber Threat Alliance Publishes Landmark White Paper
  12. ‘Peekaboo’ zero-day lets hackers view and alter surveillance camera footage
  13. WTB: Windows Systems Vulnerable To FragmentSmack, 90s-Like DoS Bug
  14. New Malware Combines Ransomware, Coin Mining and Botnet Features in One
  15. Your business should be more afraid of phishing than malware
  16. Flaw in Western Digital My Cloud exposes the content to hackers
  17. Vulnerabilities Discovered in NUUO Network Video Recorder
  18. Cyber Threat Alliance Releases Cryptomining Whitepaper
  19. Zero Day vulnerability allows access to CCTV cameras
  20. Hackers using Android & iOS Spyware “Pegasus” to Conducting Massive Surveillance Operations in 45 Countries
  21. New ransomware campaign encrypts files even if the ransom is paid
  22. Windows 10 Build 18242 (19H1) Released With Bug Fixes

CRIME

  1. Bug in Bitcoin code also opens smaller cryptocurrencies to attacks
  2. Magecart strikes again, this time at electronics retailer Newegg
  3. Researchers find new financial malware targeting banking customers in Brazil
  4. Newegg Credit Card Info Stolen For a Month by Injected MageCart Script
  5. Magecart claims another victim in Newegg merchant data theft
  6. XBash Malware Packs Double Punch: Destroys Data and Mines for Crypto Coins
  7. The Past, the Present, and the Future of Illicit Cryptomining: Cyber Threat Alliance Publishes Landmark White Paper
  8. Another Victim of the Magecart Assault Emerges: Newegg
  9. Hackers Steal Customers' Credit Cards From Newegg Electronics Retailer
  10. The makers of the Mirai IoT-hijacking botnet are sentenced
  11. FBI: Phishing Attacks Aim to Swap Payroll Information
  12. WTB: Windows Systems Vulnerable To FragmentSmack, 90s-Like DoS Bug
  13. Mirai botnet authors avoid prison after "substantial assistance" to the FBI
  14. Mirai Botnet Creators Helping FBI Fight Cybercrime to Stay Out of Jail
  15. Cyber Threat Alliance Releases Cryptomining Whitepaper
  16. New ransomware campaign encrypts files even if the ransom is paid

POLITICS

  1. ‘Peekaboo’ zero-day lets hackers view and alter surveillance camera footage
  2. Veeam gets hacked: Data management enterprise exposes database with more than 400 million emails
  3. Zero Day vulnerability allows access to CCTV cameras
at
Labels:

Sep 19, 2018

Threat report for 2018-09-18

Data Breach

  1. US Dept of State says attack on email system exposed employees’ personal data
  2. State Department email breach leaks employee PII
  3. 14 million customer records exposed in GovPayNow leak
  4. Xbash Malware Deletes Databases on Linux, Mines for Coins on Windows
  5. Survey: Nearly one-third of breached companies reported job losses after data breach
  6. Insiders Continue to be Data Theft’s Best Friend
  7. Symantec offers political campaigns service to guard against website spoofing
  8. Huge E-marketing Database that Contains 11 Million Sensitive Personal Records Exposed Online
  9. GovPayNow Leak of 14M+ Records Dates Back to 2012
  10. MongoDB server leaks 11 million user records from e-marketing service
  11. GovPayNow payment portal may have exposed over 14 million customer records
  12. Database with 11 Million Email Records Exposed
  13. UK watchdog has not issued any GDPR data breach-related fines yet
  14. Political Figures Differ Online: Names of Trump, Obama, Merkel Attached to Ransomware Campaigns
  15. 900,000 Australians opt out of My Health Record

Denial-of-Service

  1. Bizarre botnet infects your PC to scrub away cryptocurrency mining malware
  2. New Xbash Malware Attack on Linux & Windows with Botnet, Ransomware & Coinminer Capabilities
  3. New XBash malware combines features from ransomware, cryptocurrency miners, botnets, and worms

Malvertising

  1. Nothing to report

Data Leak

  1. Nothing to report

Phishing

  1. Here’s a Free Turnkey Phishing Awareness Program for National Cybersecurity Awareness Month
  2. Hackers selling research phished from universities on WhatsApp

Web Defacement

  1. Nothing to report

Malware

  1. NSO mobile Pegasus Spyware used in operations in 45 countries
  2. ThreatList: Malware Samples Targeting IoT More Than Double in 2018
  3. Xbash Malware Deletes Databases on Linux, Mines for Coins on Windows
  4. Chinese-speaking cybercrime group launches destructive malware family
  5. Pegasus spyware active in 45 countries, Citizen Lab says
  6. Destructive Xbash Linux Malware Targets Enterprise Intranets
  7. Dangerous Pegasus Spyware Has Spread to 45 Countries
  8. "Lawful intercept" Pegasus spyware found deployed in 45 countries
  9. Cybercrime: Ransomware remains a 'key' malware threat says Europol
  10. HIDE AND SEEK: Tracking NSO Group’s Pegasus Spyware to Operations in 45 Countries
  11. Bizarre botnet infects your PC to scrub away cryptocurrency mining malware
  12. Powerful Android and iOS Spyware Found Deployed in 45 Countries
  13. New Xbash Malware Attack on Linux & Windows with Botnet, Ransomware & Coinminer Capabilities
  14. New XBash malware combines features from ransomware, cryptocurrency miners, botnets, and worms
  15. Political Figures Differ Online: Names of Trump, Obama, Merkel Attached to Ransomware Campaigns
  16. Ransomware attack causes blackout on screens of Bristol Airport

Exploit

  1. 91 “child friendly” Android apps accused of exploitation
  2. Cracked Windows installations are serially infected with EternalBlue exploit code

Vulnerability

  1. Facebook Bug Bounty opens to reward access token exposure
  2. iOS Webkit flaw found that forces iPhone restart
  3. The NUUO Peekaboo vulnerability gives hackers your camera feed | Avast
  4. Intel releases firmware update for ME flaw
  5. Critical Vulnerability Impacts Hundreds of Thousands of IoT Cameras
  6. iOS 12 Brings Patches for 16 Security Vulnerabilities
  7. A flaw in Alpine Linux could allow executing arbitrary code
  8. Windows 10 Build 17763 Released As Microsoft Continues to Squash Bugs
  9. Hackers acknowledge Windows flaws but prefer social engineering tricks
  10. Critical RCE Peekaboo Bug in NVR Surveillance System, PoC Available
  11. Facebook Offers Rewards for Access Token Exposure Flaws
  12. Response Guide of IBM WebSphere Code Execution Vulnerability
at
Labels:

Region brief for 2018-09-18

Asia

  1. NSO mobile Pegasus Spyware used in operations in 45 countries
  2. Chinese-speaking cybercrime group launches destructive malware family
  3. Pegasus spyware active in 45 countries, Citizen Lab says
  4. Political Figures Differ Online: Names of Trump, Obama, Merkel Attached to Ransomware Campaigns

Oceania

  1. 900,000 Australians opt out of My Health Record

North America

  1. US Dept of State says attack on email system exposed employees’ personal data
  2. NSO mobile Pegasus Spyware used in operations in 45 countries
  3. 91 “child friendly” Android apps accused of exploitation
  4. GovPayNow Leak of 14M+ Records Dates Back to 2012
  5. Political Figures Differ Online: Names of Trump, Obama, Merkel Attached to Ransomware Campaigns

South America

  1. Nothing to report

Europe

  1. Broadcaster ABS-CBN customer data stolen, sent to Russian servers
  2. Hackers selling research phished from universities on WhatsApp
  3. UK watchdog has not issued any GDPR data breach-related fines yet
  4. Ransomware attack causes blackout on screens of Bristol Airport

Africa

  1. Nothing to report
at
Labels:
Subscribe to: Posts (Atom)