DATA BREACH
- Uber Agrees to $148M Settlement With States Over Data Breach
- Uber to pay $148 million to states for 2016 data breach
- Firefox Notifies Users of Compromised Accounts
- Uber to pay $148 million in settlment over 2016 data breach and cover-up
- Ex-NSA employee sentenced to 5.5 years in prison for leaking confidential data
- United Nations data found exposed on web: researcher
- United Nations data found exposed on web: researcher
- Former NSA TAO hacker sentenced to 66 months in prison over Kaspersky Leak
- SHEIN Data Breach Impacts Over 6.4 Million Customers
- SMBs face costs of up to $2.5 million after a data breach
- United Nations data found exposed on web: researcher
- Millions of Twitter DMs may have been exposed by year-long bug
- Firefox Monitor tells you whether your email was compromised in a data breach
- Alert: A remote code execution vulnerability is discovered in Microsoft Windows Jet database engine
- United Nations Mistakenly Exposed Sensitive Data to The Public
- oPatch community released micro patches for Microsoft JET Database Zero-Day
- Malware campaign attacks freelancers
DENIAL-OF-SERVICE
- Hide and Seek (HNS) IoT Botnet targets Android devices with ADB option enabled
- Bitcoin Core Team fixes a critical DDoS flaw in wallet software
- Bad bots are stealing data and ruining the customer experience
- DDoS Attack on German Energy Company RWE
- DDoS Attack on German Energy Company RWE
- Bots at the Gate: A Human Rights Analysis of Automated Decision Making in Canada’s Immigration and Refugee System
- Vulnerability in Cisco routers could allow DoS attacks
- DDoS attack on education vendor hinders access to districts’ online portals
- Microsoft Adds New Tools to Azure DDoS Protection
- Viro Botnet Ransomware
- Infinite Campus DDoS attack impedes access to student data
- Hide and Seek Botnet Adds Infection Vector for Android Devices
- Hide and Seek IoT Botnet Learns New Tricks: Uses ADB over Internet to Exploit Thousands of Android Devices
- Bitcoin Core Team Releases Critical Security Update to Fix DDoS Attack Vulnerability
MALVERTISING
Nothing to report
PHISHING
- Chegg to reset passwords for 40 million users after April 2018 hack
- Android password managers can be tricked into believing that evil apps are good
- User login notifications
- Beware of payroll-themed phishing. Here’s one example.
- SHEIN breach exposes emails, encrypted passwords of 6.42M customers
- Counter Phishing Attacks with These Five Tricks
- Password managers can be tricked into believing that malicious Android apps are legitimate
- Cisco patches critical default password vulnerability
- 11:30 AM ET today: @AlexanderGTster and @illena_a from @SCmagazine share the scoop on #spearphishing and how you can go beyond the obvious defenses to protect users from email attacks.
- Password Tips from a Pen Tester: Are 12-Character Passwords Really Stronger, or Just a Dime a Dozen?
- #SecurityNews: Popular news aggregation site #NewsNow has been notifying its users of a potential password #breach after it found evidence of an #intrusion. Read more about this #databreach here:
- Looking for a enterprise grade password vault solution but MUST be hosted onsite
- #SecurityNews: New #Ofcom rules "could help tackle #vishing" (voice #phishing) scams. They come into force on Oct 1st and will ban phone companies for charging for the Caller ID service that helps users screen their calls. Read more abut this here:
- 156 million #phishing emails are sent out every day and email users receive up to 20 phishing emails each month. Learn more about modern phishing techniques and how to address them in the @ironscales #whitepaper.
- Microsoft is killing passwords one announcement at a time
- Aggregate this: NewsNow has spilt a bunch of 'encrypted' passwords
- NewsNow Ditches Passwords After Possible Breach
- Malware steals passwords from SHEIN, 6.4 million customers impacted
- Malware steals passwords from 6.4 million SHEIN customers
- Backlash sees change in Chrome login and Google account behaviour
- Chrome 70 Lets you Control Automatic Login and Deletes Google Cookies
WEB DEFACEMENT
Nothing to report
MALWARE
- Cisco's probe of VPNFilter router malware uncovers several new hacking techniques
- VPNFilter Malware Adds Seven New Tools For Exploiting Network Devices
- Fraudulent shopping domain certificate issuance outstrips legitimate businesses
- Businesses in Arkansas Hit with Ransomware
- Malware in the Cloud: What You Need to Know
- Businesses in Arkansas Hit with Ransomware
- Air Gapped PCs are Still at Risk. The Rise of USB-based Crytojacking Malware
- Crooks turn to Delphi packers to evade malware detection
- USB malware and cryptominers are threat to emerging markets
- DanaBot trojan sets sights on Europe, new features
- Trojanized App In Google Play Steals Bank Customers' Euros
- Password managers can be tricked into believing that malicious Android apps are legitimate
- Crooks turn to Delphi packers to evade malware detection
- Viro Botnet Ransomware
- Freelancers baited with job offers to download malicious macros
- Android Banking Trojan Found On Google Play with 10,000 Installs Steals User’s Banking Credentials
- Domain flub leaves 30 million customers high and dry
- USB malware and cryptominers are threat to emerging markets
- WTB: Adwind Trojan Circumvents Antivirus Software To Infect Your PC
- Android spyware in development plunders WhatsApp data, private conversations
- The MITRE ATT&CK Framework: Exfiltration
- Malware steals passwords from SHEIN, 6.4 million customers impacted
- VPNFilter III: More Tools for the Swiss Army Knife of Malware
- New Adwind RAT Attack Linux, Windows and Mac via DDE Code Injection Technique by Evading Antivirus Software
- Malware steals passwords from 6.4 million SHEIN customers
- Crooks leverages Kodi Media Player add-ons for malware distribution
- Malware in the Cloud: What You Need to Know
- Cryptocurrency mining malware increases 86%
- 25 Malicious apps that Downloaded More Than 120,000 Times Contains Hidden Cryptomining Script
- Malware campaign attacks freelancers
- GandCrab v5 Ransomware Utilizing the ALPC Task Scheduler Exploit
EXPLOIT
- VPNFilter Malware Adds Seven New Tools For Exploiting Network Devices
- NSA dev in the clink for 5.5 years after letting Kaspersky, allegedly Russia slurp US exploits
- Rockwell Automation Buffer Overflow Vulnerability
- Hide and Seek IoT Botnet Learns New Tricks: Uses ADB over Internet to Exploit Thousands of Android Devices
- GandCrab v5 Ransomware Utilizing the ALPC Task Scheduler Exploit
VULNERABILITY
- Bitcoin Core Team fixes a critical DDoS flaw in wallet software
- Vulnerability in Cisco routers could allow DoS attacks
- Cisco patches critical default password vulnerability
- New Linux Kernel “Mutagen Astronomy” Flaw Impacts Red Hat, CentOS, Debian Distributions.
- Twitter fixes API bug that shared data with wrong developers
- Cisco: Linux kernel FragmentSmack bug now affects 88 of our products
- Bug? Feature? Power users baffled as BitLocker update switch-off continues
- Braking bad: Mitsubishi recalls 68k SUVs over buggy software
- Linux Kernel Vulnerability Affects Red Hat, CentOS, Debian
- Millions of Twitter DMs may have been exposed by year-long bug
- Apple pushes out Mojave 10.14, patches numerous vulnerabilities
- Variant of patched IE vulnerability spotted in wild
- Alert: A remote code execution vulnerability is discovered in Microsoft Windows Jet database engine
- Rockwell Automation Buffer Overflow Vulnerability
- Crowdfense launches Vulnerability Research Hub for top security researchers
- oPatch community released micro patches for Microsoft JET Database Zero-Day
- New Linux Kernel Bug Affects Red Hat, CentOS, and Debian Distributions
- Vulnerability affects Cisco Video Surveillance Manager
- Bitcoin Core Team Releases Critical Security Update to Fix DDoS Attack Vulnerability
- Snyk raises $22 million to address security vulnerabilities in open source code
- New security vulnerabilities (CVE-2018-14634) affects CentOS and Red Hat Linux
- CVE-2018-0150: Cisco IOS XE Software Static Credential Vulnerability
ASIA
- Source Defense raises $10 million for website supply chain solution
- Former NSA TAO hacker sentenced to 66 months in prison over Kaspersky Leak
- Braking bad: Mitsubishi recalls 68k SUVs over buggy software
- WTB: Adwind Trojan Circumvents Antivirus Software To Infect Your PC
WORLD
- DDoS Attack on German Energy Company RWE
- DDoS Attack on German Energy Company RWE
- Uber to pay $148 million to states for 2016 data breach
- Ex-NSA employee sentenced to 5.5 years in prison for leaking confidential data
- Bots at the Gate: A Human Rights Analysis of Automated Decision Making in Canada’s Immigration and Refugee System
- Source Defense raises $10 million for website supply chain solution
- Former NSA TAO hacker sentenced to 66 months in prison over Kaspersky Leak
- Viro Botnet Ransomware
- NSA dev in the clink for 5.5 years after letting Kaspersky, allegedly Russia slurp US exploits
- Aggregate this: NewsNow has spilt a bunch of 'encrypted' passwords
- Braking bad: Mitsubishi recalls 68k SUVs over buggy software
- WTB: Adwind Trojan Circumvents Antivirus Software To Infect Your PC
- Rockwell Automation Buffer Overflow Vulnerability
- VPNFilter III: More Tools for the Swiss Army Knife of Malware
- Snyk raises $22 million to address security vulnerabilities in open source code
ATTACKS
- Hide and Seek (HNS) IoT Botnet targets Android devices with ADB option enabled
- Uber Agrees to $148M Settlement With States Over Data Breach
- Bitcoin Core Team fixes a critical DDoS flaw in wallet software
- Chegg to reset passwords for 40 million users after April 2018 hack
- Bad bots are stealing data and ruining the customer experience
- DDoS Attack on German Energy Company RWE
- DDoS Attack on German Energy Company RWE
- Uber to pay $148 million to states for 2016 data breach
- Android password managers can be tricked into believing that evil apps are good
- User login notifications
- Firefox Notifies Users of Compromised Accounts
- Uber to pay $148 million in settlment over 2016 data breach and cover-up
- Ex-NSA employee sentenced to 5.5 years in prison for leaking confidential data
- Beware of payroll-themed phishing. Here’s one example.
- Bots at the Gate: A Human Rights Analysis of Automated Decision Making in Canada’s Immigration and Refugee System
- United Nations data found exposed on web: researcher
- SHEIN breach exposes emails, encrypted passwords of 6.42M customers
- United Nations data found exposed on web: researcher
- Counter Phishing Attacks with These Five Tricks
- Vulnerability in Cisco routers could allow DoS attacks
- Password managers can be tricked into believing that malicious Android apps are legitimate
- Cisco patches critical default password vulnerability
- 11:30 AM ET today: @AlexanderGTster and @illena_a from @SCmagazine share the scoop on #spearphishing and how you can go beyond the obvious defenses to protect users from email attacks.
- DDoS attack on education vendor hinders access to districts’ online portals
- Microsoft Adds New Tools to Azure DDoS Protection
- Former NSA TAO hacker sentenced to 66 months in prison over Kaspersky Leak
- Password Tips from a Pen Tester: Are 12-Character Passwords Really Stronger, or Just a Dime a Dozen?
- #SecurityNews: Popular news aggregation site #NewsNow has been notifying its users of a potential password #breach after it found evidence of an #intrusion. Read more about this #databreach here:
- SHEIN Data Breach Impacts Over 6.4 Million Customers
- Viro Botnet Ransomware
- Looking for a enterprise grade password vault solution but MUST be hosted onsite
- #SecurityNews: New #Ofcom rules "could help tackle #vishing" (voice #phishing) scams. They come into force on Oct 1st and will ban phone companies for charging for the Caller ID service that helps users screen their calls. Read more abut this here:
- SMBs face costs of up to $2.5 million after a data breach
- 156 million #phishing emails are sent out every day and email users receive up to 20 phishing emails each month. Learn more about modern phishing techniques and how to address them in the @ironscales #whitepaper.
- Microsoft is killing passwords one announcement at a time
- United Nations data found exposed on web: researcher
- Aggregate this: NewsNow has spilt a bunch of 'encrypted' passwords
- Millions of Twitter DMs may have been exposed by year-long bug
- NewsNow Ditches Passwords After Possible Breach
- Firefox Monitor tells you whether your email was compromised in a data breach
- Alert: A remote code execution vulnerability is discovered in Microsoft Windows Jet database engine
- Malware steals passwords from SHEIN, 6.4 million customers impacted
- Infinite Campus DDoS attack impedes access to student data
- Hide and Seek Botnet Adds Infection Vector for Android Devices
- United Nations Mistakenly Exposed Sensitive Data to The Public
- Hide and Seek IoT Botnet Learns New Tricks: Uses ADB over Internet to Exploit Thousands of Android Devices
- Malware steals passwords from 6.4 million SHEIN customers
- Backlash sees change in Chrome login and Google account behaviour
- oPatch community released micro patches for Microsoft JET Database Zero-Day
- Malware campaign attacks freelancers
- Bitcoin Core Team Releases Critical Security Update to Fix DDoS Attack Vulnerability
- Chrome 70 Lets you Control Automatic Login and Deletes Google Cookies
THREATS
- Cisco's probe of VPNFilter router malware uncovers several new hacking techniques
- VPNFilter Malware Adds Seven New Tools For Exploiting Network Devices
- Fraudulent shopping domain certificate issuance outstrips legitimate businesses
- Bitcoin Core Team fixes a critical DDoS flaw in wallet software
- Businesses in Arkansas Hit with Ransomware
- Malware in the Cloud: What You Need to Know
- Businesses in Arkansas Hit with Ransomware
- Air Gapped PCs are Still at Risk. The Rise of USB-based Crytojacking Malware
- Crooks turn to Delphi packers to evade malware detection
- USB malware and cryptominers are threat to emerging markets
- DanaBot trojan sets sights on Europe, new features
- Trojanized App In Google Play Steals Bank Customers' Euros
- Vulnerability in Cisco routers could allow DoS attacks
- Password managers can be tricked into believing that malicious Android apps are legitimate
- Cisco patches critical default password vulnerability
- New Linux Kernel “Mutagen Astronomy” Flaw Impacts Red Hat, CentOS, Debian Distributions.
- Crooks turn to Delphi packers to evade malware detection
- Twitter fixes API bug that shared data with wrong developers
- Viro Botnet Ransomware
- Freelancers baited with job offers to download malicious macros
- Android Banking Trojan Found On Google Play with 10,000 Installs Steals User’s Banking Credentials
- Domain flub leaves 30 million customers high and dry
- Cisco: Linux kernel FragmentSmack bug now affects 88 of our products
- USB malware and cryptominers are threat to emerging markets
- Bug? Feature? Power users baffled as BitLocker update switch-off continues
- NSA dev in the clink for 5.5 years after letting Kaspersky, allegedly Russia slurp US exploits
- Braking bad: Mitsubishi recalls 68k SUVs over buggy software
- WTB: Adwind Trojan Circumvents Antivirus Software To Infect Your PC
- Linux Kernel Vulnerability Affects Red Hat, CentOS, Debian
- Millions of Twitter DMs may have been exposed by year-long bug
- Apple pushes out Mojave 10.14, patches numerous vulnerabilities
- Android spyware in development plunders WhatsApp data, private conversations
- Variant of patched IE vulnerability spotted in wild
- Alert: A remote code execution vulnerability is discovered in Microsoft Windows Jet database engine
- The MITRE ATT&CK Framework: Exfiltration
- Malware steals passwords from SHEIN, 6.4 million customers impacted
- Rockwell Automation Buffer Overflow Vulnerability
- Hide and Seek IoT Botnet Learns New Tricks: Uses ADB over Internet to Exploit Thousands of Android Devices
- VPNFilter III: More Tools for the Swiss Army Knife of Malware
- New Adwind RAT Attack Linux, Windows and Mac via DDE Code Injection Technique by Evading Antivirus Software
- Malware steals passwords from 6.4 million SHEIN customers
- Crooks leverages Kodi Media Player add-ons for malware distribution
- Malware in the Cloud: What You Need to Know
- Crowdfense launches Vulnerability Research Hub for top security researchers
- oPatch community released micro patches for Microsoft JET Database Zero-Day
- Cryptocurrency mining malware increases 86%
- New Linux Kernel Bug Affects Red Hat, CentOS, and Debian Distributions
- 25 Malicious apps that Downloaded More Than 120,000 Times Contains Hidden Cryptomining Script
- Vulnerability affects Cisco Video Surveillance Manager
- Malware campaign attacks freelancers
- GandCrab v5 Ransomware Utilizing the ALPC Task Scheduler Exploit
- Bitcoin Core Team Releases Critical Security Update to Fix DDoS Attack Vulnerability
- Snyk raises $22 million to address security vulnerabilities in open source code
- New security vulnerabilities (CVE-2018-14634) affects CentOS and Red Hat Linux
- CVE-2018-0150: Cisco IOS XE Software Static Credential Vulnerability
CRIME
- Bitcoin Core Team fixes a critical DDoS flaw in wallet software
- Ex-NSA employee sentenced to 5.5 years in prison for leaking confidential data
- Source Defense raises $10 million for website supply chain solution
- Trojanized App In Google Play Steals Bank Customers' Euros
- Former NSA TAO hacker sentenced to 66 months in prison over Kaspersky Leak
- SHEIN Data Breach Impacts Over 6.4 Million Customers
- Android Banking Trojan Found On Google Play with 10,000 Installs Steals User’s Banking Credentials
- WTB: Adwind Trojan Circumvents Antivirus Software To Infect Your PC
- Crooks leverages Kodi Media Player add-ons for malware distribution
- Cryptocurrency mining malware increases 86%
- 25 Malicious apps that Downloaded More Than 120,000 Times Contains Hidden Cryptomining Script
- Malware campaign attacks freelancers
- Bitcoin Core Team Releases Critical Security Update to Fix DDoS Attack Vulnerability
- Magecart Attacks Grow Rampant in September
POLITICS
- Ex-NSA employee sentenced to 5.5 years in prison for leaking confidential data
- Former NSA TAO hacker sentenced to 66 months in prison over Kaspersky Leak
- United Nations Mistakenly Exposed Sensitive Data to The Public
DATA BREACH
- Ex-NSA Hacker Sentenced to Jail Over Kaspersky Leak
- Malware on SHEIN Servers Compromises Data of 6.4M Customers
- Mozilla Launches Firefox Monitor Data Breach Notification Service
- Third-Party Patch Available for Microsoft JET Database Zero-Day
- 130 Million Hotel Customers Breached Due to Exposed Database
- State Department data breach exposes employee info (w/ commentary from @TripwireInc’s @craigtweets http://bit.ly/2MTcplE
- New Adwind RAT Campaign Targets Windows, Linux and Mac Users
- Shein Data Breach Exposes Personal Data and Email Address of 6.42 Million Customers
- SHEIN Data breach affected 6.42 million users
- Security In The Crypto World: Exchanges, Wallets, Personal Data. Kiev To Host The Largest Cybersecurity Forum In Eastern Europe
- Symantec accountancy audit uncovers customer transaction recorded as revenue
- NewsNow suffers security breach - passwords should be considered compromised
- First known malicious cryptomining campaign targeting Kodi discovered
- SHEIN-Fashion Shopping Site Suffers Data Breach Affecting 6.5 Million Users
- macOS zero-day vulnerability leads to user data leaks
- How Long Does it Take to Find Compromised Data
- DBeaver Community Edition 5.2.1 Releases: Free universal database tool and SQL client
DENIAL-OF-SERVICE
- DDoS Attack on Infinite Campus Limits Parent Access http://dlvr.it/QlL12Z
- DDoS Attack on Infinite Campus Limits Parent Access https://www.infosecurity-magazine.com/news/ddos-attacks-infinite-campus?utm_source=twitterfeed&utm_medium=twitter …
- DDoS attack on education vendor hinders access to districts’ online portals
- Bitcoin Core Team fixes a critical DDoS flaw in wallet software
- Some credential-stuffing botnets don't care about being noticed any more
- Advanced DDoS Detection and Defense
- ZombieBoy
- Bitcoin Core Software Patches a Critical DDoS Attack Vulnerability
MALVERTISING
Nothing to report
PHISHING
- Firefox Monitor provides password breach alerts, Would it convince you to set up a Firefox Account
- GrrCon Augusta 2018, Rachel Giacobozzi’s ‘The Hybrid Analyst: How Phishing Created A New Type Of Intel Analyst’
- Tomorrow: Go beyond the usual defenses and *really* protect your email from #spearphishing attacks. Find out how with @AlexanderGTster and @illena_a from @SCmagazine. http://www.workcast.com/register?cpak=2026696370909275&referrer=valimailA …
- Cisco patches critical default password vulnerability
- Security researcher fined for hacking hotel Wi-Fi and putting passwords on the internet
- Users fret over Chrome auto-login change
- Security Engineer Hacks Hotel WiFi, Fined for Exposing Admin Password
- AdGuard adblocker resets passwords after credential-stuffing attack
- 5 Notable Security Incidents that Recently Affected Federal Entities https://tripwire.me/2xGwKoH
- Anti-Phishing Requires A Three-Pronged Strategy https://www.infosecurity-magazine.com/white-papers/antiphishing-requires-threepronged?utm_source=twitterfeed&utm_medium=twitter …
- Microsoft: Here's why we're declaring end of password era
- Microsoft 'kills' passwords, throws up threat manager, APIs Graph Security
- Baddies just need one email account with clout to unleash phishing hell
- Why Was Equifax So Stupid About Passwords?
- NewsNow suffers security breach - passwords should be considered compromised
- Cisco patches critical default password vulnerability
- 5 Notable Security Incidents that Recently Affected Federal Entities https://tripwire.me/2xGwKoH
WEB DEFACEMENT
Nothing to report
MALWARE
- The MITRE ATT&CK Framework: Exfiltration https://tripwire.me/2NDbSJV
- Malware on SHEIN Servers Compromises Data of 6.4M Customers
- Operator of Scan4You Malware-Scanning sentenced to 14 Years in prison
- New Adwind RAT Campaign Targets Windows, Linux and Mac Users
- Cryptomining Malware Continues Rapid Growth: Report
- Freelancers baited with job offers to download malicious macros
- DanaBot trojan sets sights on Europe, new features
- Crooks turn to Delphi packers to evade malware detection
- Mac Mojave Zero-Day Allows Malicious Apps to Access Sensitive Info
- Astaroth Trojan Resurges in South America
- BrandPost: Malicious Tactics Have Evolved: Your DNS Needs to, Too
- Bloodhound – A Tool For Exploring Active Directory Domain Security
- #SecurityNews: #Cryptocurrency mining soars 459% from 2017 to 2018 with no indication of slowing down. Read more about this story here: https://bit.ly/2PXYSew
- #SecurityNews: Scottish #Brewery recovers from #ransomware attack. #Arran Brewery in Scotland, received what they thought was a cover letter as part of a job application, but the email attachment contained malware. Read more here:
https://bit.ly/2PYAR7k
- Man gets two years in prison for sabotaging US Army servers with 'logic bomb'
- Malware Analysis using Osquery Part 2
- Off-the-shelf RATs Targeting Pakistan
- Malware Analysis using Osquery Part 1
- Malicious Documents from Lazarus Group Targeting South Korea
- GZipDe: An Encrypted Downloader Serving Metasploit
- Satan Ransomware Spawns New Methods to Spread
- MassMiner Malware Targeting Web Servers
- 14 years prison for man who helped hackers evade detection by anti-virus software
- USB threats from malware to miners
- DanaBot trojan sets sights on Europe, new features
- Stealthy cryptomining apps still on Google Play
- New Version of GandCrab Ransomware Appends 5 Character Extension To Encrypted Files
- First known malicious cryptomining campaign targeting Kodi discovered
- 14 years prison for man who helped hackers evade detection by anti-virus software
- New malware-as-a-service, Black Rose Lucy targets Android devices
- Domain registrar oversteps taking down Zoho domain, impacts over 30Mil users
EXPLOIT
- New CVE-2018-8373 Exploit Spotted in the Wild
VULNERABILITY
- Open-source reuse has left Android’s most-popular apps laced with critical vulnerabilities
- Monero bug could have allowed hackers to steal massive amounts of cryptocurrency
- New Linux 'Mutagen Astronomy' security flaw impacts Red Hat and CentOS distros
- Third-Party Patch Available for Microsoft JET Database Zero-Day
- Over 80 Cisco Products Affected by FragmentSmack DoS Bug
- MacOS Mojave zero-day privacy vulnerability uncovered
- Snyk gets $22 million for platform that tracks security flaws in open source projects
- Cisco patches critical default password vulnerability
- Twitter fixes API bug that shared data with wrong developers
- Mac Mojave Zero-Day Allows Malicious Apps to Access Sensitive Info
- Bitcoin Core Team fixes a critical DDoS flaw in wallet software
- No Takers for Zero-Day Vulnerabilities on the Dark Web
- macOS Mojave Patches Vulnerabilities, But New Flaws Already Emerge
- New CVE-2018-8373 Exploit Spotted in the Wild
- More Details on an ActiveX Vulnerability Recently Used to Target Users in South Korea
- Vulnerability Spotlight: Epee Levin Packet Deserialization Code Execution Vulnerability
- Twitter fixes API bug that shared data with wrong developers
- Cisco patches critical default password vulnerability
- White hat hacker found a macOS Mojave privacy bypass 0-day flaw on release day
- macOS zero-day vulnerability leads to user data leaks
- Bitcoin Core Software Patches a Critical DDoS Attack Vulnerability
- Vulnerability in macOS Mojave allows access to protected files
- Firefox bugs can cause browsers and even the entire operating system to crash directly
- Why the market for zero-day vulnerabilities on the dark web is vanishing
ASIA
- Snyk gets $22 million for platform that tracks security flaws in open source projects
- Security Engineer Hacks Hotel WiFi, Fined for Exposing Admin Password
- Off-the-shelf RATs Targeting Pakistan
- Malicious Documents from Lazarus Group Targeting South Korea
- GZipDe: An Encrypted Downloader Serving Metasploit
- More Details on an ActiveX Vulnerability Recently Used to Target Users in South Korea
- USB threats from malware to miners
WORLD
- Ex-NSA Hacker Sentenced to Jail Over Kaspersky Leak
- Operator of Scan4You Malware-Scanning sentenced to 14 Years in prison
- Snyk gets $22 million for platform that tracks security flaws in open source projects
- Astaroth Trojan Resurges in South America
- BrandPost: Malicious Tactics Have Evolved: Your DNS Needs to, Too
- Security In The Crypto World: Exchanges, Wallets, Personal Data. Kiev To Host The Largest Cybersecurity Forum In Eastern Europe
- #SecurityNews: Scottish #Brewery recovers from #ransomware attack. #Arran Brewery in Scotland, received what they thought was a cover letter as part of a job application, but the email attachment contained malware. Read more here:
https://bit.ly/2PYAR7k
- Man gets two years in prison for sabotaging US Army servers with 'logic bomb'
- Baddies just need one email account with clout to unleash phishing hell
- Malware Analysis using Osquery Part 1
- MassMiner Malware Targeting Web Servers
- 14 years prison for man who helped hackers evade detection by anti-virus software
- SHEIN-Fashion Shopping Site Suffers Data Breach Affecting 6.5 Million Users
- 14 years prison for man who helped hackers evade detection by anti-virus software
- New malware-as-a-service, Black Rose Lucy targets Android devices
ATTACKS
- Firefox Monitor provides password breach alerts, Would it convince you to set up a Firefox Account
- Ex-NSA Hacker Sentenced to Jail Over Kaspersky Leak
- Malware on SHEIN Servers Compromises Data of 6.4M Customers
- GrrCon Augusta 2018, Rachel Giacobozzi’s ‘The Hybrid Analyst: How Phishing Created A New Type Of Intel Analyst’
- Mozilla Launches Firefox Monitor Data Breach Notification Service
- Tomorrow: Go beyond the usual defenses and *really* protect your email from #spearphishing attacks. Find out how with @AlexanderGTster and @illena_a from @SCmagazine. http://www.workcast.com/register?cpak=2026696370909275&referrer=valimailA …
- Third-Party Patch Available for Microsoft JET Database Zero-Day
- 130 Million Hotel Customers Breached Due to Exposed Database
- State Department data breach exposes employee info (w/ commentary from @TripwireInc’s @craigtweets http://bit.ly/2MTcplE
- DDoS Attack on Infinite Campus Limits Parent Access http://dlvr.it/QlL12Z
- DDoS Attack on Infinite Campus Limits Parent Access https://www.infosecurity-magazine.com/news/ddos-attacks-infinite-campus?utm_source=twitterfeed&utm_medium=twitter …
- New Adwind RAT Campaign Targets Windows, Linux and Mac Users
- Cisco patches critical default password vulnerability
- DDoS attack on education vendor hinders access to districts’ online portals
- Bitcoin Core Team fixes a critical DDoS flaw in wallet software
- Shein Data Breach Exposes Personal Data and Email Address of 6.42 Million Customers
- Security researcher fined for hacking hotel Wi-Fi and putting passwords on the internet
- SHEIN Data breach affected 6.42 million users
- Security In The Crypto World: Exchanges, Wallets, Personal Data. Kiev To Host The Largest Cybersecurity Forum In Eastern Europe
- Users fret over Chrome auto-login change
- Security Engineer Hacks Hotel WiFi, Fined for Exposing Admin Password
- AdGuard adblocker resets passwords after credential-stuffing attack
- Symantec accountancy audit uncovers customer transaction recorded as revenue
- 5 Notable Security Incidents that Recently Affected Federal Entities https://tripwire.me/2xGwKoH
- Anti-Phishing Requires A Three-Pronged Strategy https://www.infosecurity-magazine.com/white-papers/antiphishing-requires-threepronged?utm_source=twitterfeed&utm_medium=twitter …
- Microsoft: Here's why we're declaring end of password era
- Microsoft 'kills' passwords, throws up threat manager, APIs Graph Security
- Baddies just need one email account with clout to unleash phishing hell
- Some credential-stuffing botnets don't care about being noticed any more
- Advanced DDoS Detection and Defense
- Why Was Equifax So Stupid About Passwords?
- ZombieBoy
- NewsNow suffers security breach - passwords should be considered compromised
- Cisco patches critical default password vulnerability
- First known malicious cryptomining campaign targeting Kodi discovered
- SHEIN-Fashion Shopping Site Suffers Data Breach Affecting 6.5 Million Users
- macOS zero-day vulnerability leads to user data leaks
- How Long Does it Take to Find Compromised Data
- Bitcoin Core Software Patches a Critical DDoS Attack Vulnerability
- 5 Notable Security Incidents that Recently Affected Federal Entities https://tripwire.me/2xGwKoH
- DBeaver Community Edition 5.2.1 Releases: Free universal database tool and SQL client
THREATS
- Open-source reuse has left Android’s most-popular apps laced with critical vulnerabilities
- The MITRE ATT&CK Framework: Exfiltration https://tripwire.me/2NDbSJV
- Monero bug could have allowed hackers to steal massive amounts of cryptocurrency
- New Linux 'Mutagen Astronomy' security flaw impacts Red Hat and CentOS distros
- Once Popular Online Ad Format Opens Top Tier Sites to XSS Attacks
- Malware on SHEIN Servers Compromises Data of 6.4M Customers
- Third-Party Patch Available for Microsoft JET Database Zero-Day
- Over 80 Cisco Products Affected by FragmentSmack DoS Bug
- Operator of Scan4You Malware-Scanning sentenced to 14 Years in prison
- MacOS Mojave zero-day privacy vulnerability uncovered
- New Adwind RAT Campaign Targets Windows, Linux and Mac Users
- Cryptomining Malware Continues Rapid Growth: Report
- Freelancers baited with job offers to download malicious macros
- Snyk gets $22 million for platform that tracks security flaws in open source projects
- Cisco patches critical default password vulnerability
- Twitter fixes API bug that shared data with wrong developers
- DanaBot trojan sets sights on Europe, new features
- Crooks turn to Delphi packers to evade malware detection
- Mac Mojave Zero-Day Allows Malicious Apps to Access Sensitive Info
- Bitcoin Core Team fixes a critical DDoS flaw in wallet software
- Astaroth Trojan Resurges in South America
- BrandPost: Malicious Tactics Have Evolved: Your DNS Needs to, Too
- Bloodhound – A Tool For Exploring Active Directory Domain Security
- No Takers for Zero-Day Vulnerabilities on the Dark Web
- macOS Mojave Patches Vulnerabilities, But New Flaws Already Emerge
- #SecurityNews: #Cryptocurrency mining soars 459% from 2017 to 2018 with no indication of slowing down. Read more about this story here: https://bit.ly/2PXYSew
- New CVE-2018-8373 Exploit Spotted in the Wild
- #SecurityNews: Scottish #Brewery recovers from #ransomware attack. #Arran Brewery in Scotland, received what they thought was a cover letter as part of a job application, but the email attachment contained malware. Read more here:
https://bit.ly/2PYAR7k
- Man gets two years in prison for sabotaging US Army servers with 'logic bomb'
- Malware Analysis using Osquery Part 2
- Off-the-shelf RATs Targeting Pakistan
- Malware Analysis using Osquery Part 1
- Malicious Documents from Lazarus Group Targeting South Korea
- GZipDe: An Encrypted Downloader Serving Metasploit
- More Details on an ActiveX Vulnerability Recently Used to Target Users in South Korea
- Satan Ransomware Spawns New Methods to Spread
- MassMiner Malware Targeting Web Servers
- Vulnerability Spotlight: Epee Levin Packet Deserialization Code Execution Vulnerability
- 14 years prison for man who helped hackers evade detection by anti-virus software
- USB threats from malware to miners
- DanaBot trojan sets sights on Europe, new features
- Twitter fixes API bug that shared data with wrong developers
- Stealthy cryptomining apps still on Google Play
- New Version of GandCrab Ransomware Appends 5 Character Extension To Encrypted Files
- Cisco patches critical default password vulnerability
- White hat hacker found a macOS Mojave privacy bypass 0-day flaw on release day
- First known malicious cryptomining campaign targeting Kodi discovered
- 14 years prison for man who helped hackers evade detection by anti-virus software
- macOS zero-day vulnerability leads to user data leaks
- New malware-as-a-service, Black Rose Lucy targets Android devices
- Bitcoin Core Software Patches a Critical DDoS Attack Vulnerability
- Vulnerability in macOS Mojave allows access to protected files
- Firefox bugs can cause browsers and even the entire operating system to crash directly
- Domain registrar oversteps taking down Zoho domain, impacts over 30Mil users
- Why the market for zero-day vulnerabilities on the dark web is vanishing
CRIME
- Ex-NSA Hacker Sentenced to Jail Over Kaspersky Leak
- Porous portals, Newegg is a broken egg, and Mirai’s creators have new hats
- Operator of Scan4You Malware-Scanning sentenced to 14 Years in prison
- Cryptomining Malware Continues Rapid Growth: Report
- Bitcoin Core Team fixes a critical DDoS flaw in wallet software
- SHEIN Data breach affected 6.42 million users
- #SecurityNews: #Cryptocurrency mining soars 459% from 2017 to 2018 with no indication of slowing down. Read more about this story here: https://bit.ly/2PXYSew
- Man gets two years in prison for sabotaging US Army servers with 'logic bomb'
- Microsoft: Here's why we're declaring end of password era
- Malware Analysis using Osquery Part 2
- Malware Analysis using Osquery Part 1
- ZombieBoy
- Malicious Documents from Lazarus Group Targeting South Korea
- MassMiner Malware Targeting Web Servers
- 14 years prison for man who helped hackers evade detection by anti-virus software
- DanaBot trojan sets sights on Europe, new features
- Stealthy cryptomining apps still on Google Play
- First known malicious cryptomining campaign targeting Kodi discovered
- 14 years prison for man who helped hackers evade detection by anti-virus software
- Bitcoin Core Software Patches a Critical DDoS Attack Vulnerability
POLITICS
- Ex-NSA Hacker Sentenced to Jail Over Kaspersky Leak
- Man gets two years in prison for sabotaging US Army servers with 'logic bomb'
- Vulnerability in macOS Mojave allows access to protected files
