ASIA
- No Patches for Critical Flaws in Fuji Electric Servo System, Drives
- Google first confirmed the existence of the Dragonfly program for returning to China
WORLD
- Facebook leaks data (including private conversations) from 50 million accounts
- Russian Sednit APT used the first UEFI rootkit of ever in attacks in the wild
- Aspire Health, Another Healthcare Firm as a Phishing Victim
- 7 new modules for VPNFilter malware, Hide & Seek botnet targets Android, and house oversight takes on AI | Avast
- New Phishing Campaign Targets US Employees' Online Payrolls
- IC3 Alerts of Increasing Danger of RDP Exploitation Attacks
- QRecorder app in the Play Store was hiding a Banking Trojan that targets European banks
- Magecart campaign remains active
- Researchers: 11-Year-Old Flaw in Vote Scanner Still Unfixed
- Who’s behind DDoS attacks at UK universities?
- Fancy Bear Attacks Governments Using LoJax UEFI Rootkit
- Resident evil: Inside a UEFI rootkit used to spy on govts, made by you-know-who (hi, Russia)
- Vulnerabilities and architectural considerations in industrial control systems
ATTACKS
- Facebook leaks data (including private conversations) from 50 million accounts
- Facebook leaks data (including private conversations) from 50 million accounts
- Facebook hacked – 50 Million Users’ Data exposed in the security breach
- Big Facebook data breach: 50 million accounts affected
- Facebook Data Breach Impacts Almost 50 Million Accounts
- Vulnerabilities in PureVPN Client Leak User Credentials
- Aspire Health, Another Healthcare Firm as a Phishing Victim
- 7 new modules for VPNFilter malware, Hide & Seek botnet targets Android, and house oversight takes on AI | Avast
- New Phishing Campaign Targets US Employees' Online Payrolls
- Learn how our @PhishingAI successfully detected a custom #phishing kit targeted at the DNC last month:
- 3 GOP senators doxed during Kavanaugh hearing
- Chegg forces password reset on 40 million users
- Torii malware could be gateway to more sophisticated IoT botnet attacks
- SHEIN breach exposes emails, encrypted passwords of 6.42M customers
- Do you know the top myths and facts of #mobile #phishing? If not, don't worry, we've compiled a list of
- Android App Verification Issues Pave Way For Phishing Attacks
- Facebook Resets 90 Million User Passwords as Flaw is Discovered
- Facebook Resets 90 Million User Passwords as Flaw is Discovered
- Meet Torii, a Stealthy, Versatile and Highly Persistent IoT Botnet
- Chegg Resets Passwords After Data Breach That Affected 40 Million Users
- Facebook Discloses Data Breach, 50 Million User Accounts Affected
- United Nations data found exposed on web: researcher
- Hide 'N Seek IoT Botnet Now Targets Android Devices
- Magecart campaign remains active
- Android password managers vulnerable to phishing apps
- “Firefox Monitor” will allow users to check whether their personal information and passwords have been part of a data breach
- Bupa fined £175,000 for 2017 data breach affecting 547,000 customers
- The @ironscales #whitepaper explores how modern #phishing techniques, such as business email compromise (#BEC), #ransomware, spear-phishing and advanced persistent threats
- Power to the people! Google backtracks (a bit) on forced Chrome logins
- Who’s behind DDoS attacks at UK universities?
- Microsoft is trying to kill passwords in Azure AD application
- Android password managers not as secure as desktop counterparts
- Stealthy and Persistent Torii IoT Botnet Infects Devices via Telnet
- United Nations data found exposed on web: researcher
- Meet Torii, a new IoT botnet far more sophisticated than Mirai variants
- How can live chat widgets leak personal employee data?
- Chegg Data Breach Affects 40 Million Customers
- 7 Most Prevalent Phishing Subject Lines
- New "Torii" Botnet's Sophisticated Techniques Set It Apart From Mirai
- Phorpiex bots target remote access servers to deliver ransomware
- New Iot Botnet Torii Uses Six Methods for Persistence, Has No Clear Purpose
- New "Torii" Botnet's Sophisticated Techniques Set It Apart From Mirai
THREATS
- CVE-2018-11776 RCE Flaw in Apache Struts Could Be Root Cause of Clamorous Hacks
- Port of San Diego suffers ransomware attack | Avast
- Port of San Diego suffers ransomware attack | Avast
- Critical Security Vulnerability in Facebook Affects 50 million Users!
- Russian Sednit APT used the first UEFI rootkit of ever in attacks in the wild
- Facebook Security Bug Affects 90M Users
- Zoho Was Blacklisted by Domain Registrar TierraNet
- [SingCERT] Alert on 14 High-Severity Vulnerabilities in Cisco Products
- Another Linux Kernel Bug Surfaces, Allowing Root Access
- Vulnerabilities in PureVPN Client Leak User Credentials
- The Week in Ransomware - September 28th 2018 - RDP and gandCrab
- 7 new modules for VPNFilter malware, Hide & Seek botnet targets Android, and house oversight takes on AI | Avast
- 'Torii' Breaks New Ground For IoT Malware
- FBI IC3 Warns of RDP Vulnerability
- Tripwire Patch Priority Index for September 2018
- Port of San Diego, The Newest Victim of Ransomware Attack
- Powerful Ransomware Attack Hit on Port of San Diego
- IC3 Alerts of Increasing Danger of RDP Exploitation Attacks
- Torii malware could be gateway to more sophisticated IoT botnet attacks
- Docs reveal how Fruitfly Mac spyware initially spread
- Facebook Vulnerability Affecting 50 Million Users Allowed Account Takeover
- Fancy Bear’s Lojax is First UEFI Rootkit in the Wild
- FBI solves mystery surrounding 15-year-old Fruitfly Mac malware
- USB malware and cryptominers are threat to emerging markets
- Facebook Resets 90 Million User Passwords as Flaw is Discovered
- Potential Misuse of Legitimate Websites to Avoid Malware Detection
- Facebook Resets 90 Million User Passwords as Flaw is Discovered
- Port of San Diego Suffers Ransomware Attack
- Delphi Packer Increasingly Used to Evade Malware Classification
- QRecorder app in the Play Store was hiding a Banking Trojan that targets European banks
- Hackers Stole 50 Million Facebook Users' Access Tokens Using Zero-Day Flaw
- The @ironscales #whitepaper explores how modern #phishing techniques, such as business email compromise (#BEC), #ransomware, spear-phishing and advanced persistent threats
- Researchers: 11-Year-Old Flaw in Vote Scanner Still Unfixed
- Port of San Diego Hit by Ransomware
- Facebook: 50 million accounts impacted by security flaw
- Fancy Bear Attacks Governments Using LoJax UEFI Rootkit
- Windows 10 security: Here's how we're hitting back at fileless malware, says Microsoft
- Resident evil: Inside a UEFI rootkit used to spy on govts, made by you-know-who (hi, Russia)
- Sunny Cali goes ballistic, this ransomware is atrocious. Even our IT bill will be something quite ferocious
- Fancy Bear still Putin out new modules for VPNFilter malware
- 'Mutagen Astronomy' Linux kernel vulnerability sighted
- How Data Security Improves When You Engage Employees in the Process
- SECURITY UPDATE: Facebook said a breach affected 50 million people on the social network.
The vulnerability stemmed from Facebook's "View As"
- Connected car cyber-security getting better, fewer critical vulnerabilities found
- Users Clicking Through Warnings, Leading to RAT Infections
- No Patches for Critical Flaws in Fuji Electric Servo System, Drives
- CVE-2018-1718 -Google Project Zero reports a new Linux Kernel flaw
- Google Play Store Swarmed with Malware
- Phorpiex bots target remote access servers to deliver ransomware
- Vulnerabilities and architectural considerations in industrial control systems
- Google Project Zero Discloses New Linux Kernel Flaw
- Port of San Diego Suffers Ransomware Attack
- ICS Cybersecurity: Visibility, Protective Controls & Continuous Monitoring
- Google Hacker Discloses New Linux Kernel Vulnerability and PoC Exploit
- Tripwire Patch Priority Index for September 2018
- ICS Cybersecurity: Visibility, Protective Controls & Continuous Monitoring
CRIME
- Russian Sednit APT used the first UEFI rootkit of ever in attacks in the wild
- Aspire Health, Another Healthcare Firm as a Phishing Victim
- New Phishing Campaign Targets US Employees' Online Payrolls
- IC3 Alerts of Increasing Danger of RDP Exploitation Attacks
- Potential Misuse of Legitimate Websites to Avoid Malware Detection
- QRecorder app in the Play Store was hiding a Banking Trojan that targets European banks
- Magecart campaign remains active
- The @ironscales #whitepaper explores how modern #phishing techniques, such as business email compromise (#BEC), #ransomware, spear-phishing and advanced persistent threats
- Stealthy and Persistent Torii IoT Botnet Infects Devices via Telnet
POLITICS
- Facebook leaks data (including private conversations) from 50 million accounts
- Russian Sednit APT used the first UEFI rootkit of ever in attacks in the wild
- Aspire Health, Another Healthcare Firm as a Phishing Victim
- Hackers Stole 50 Million Facebook Users' Access Tokens Using Zero-Day Flaw
- Resident evil: Inside a UEFI rootkit used to spy on govts, made by you-know-who (hi, Russia)
DATA BREACH
- Twitter Bug May Have Exposed Millions of DMs
- GDPR: Data Breach Class Action Lawsuits Come to Europe
- Fancy Bear LoJax campaign reveals first documented use of UEFI rootkit in the wild
- SheIn Data Breach Exposed Personal Details 6.4 Million Customers To Hackers
- United Nations data found exposed on web: researcher
- New GootKit Campaigns Target European Banks with Reconnaissance Attacks
- Uber to Pay $148 Million as a Settlement for Data Breach Cover
- Uber fined $148m for data breach cover-up
- You should prepare for the next mega data breach
- Uber agrees to pay $148 million in massive 2016 data breach settlement
- Endace launches petabyte network recording appliance
DENIAL-OF-SERVICE
- Hide and Seek (HNS) IoT Botnet targets Android devices with ADB option enabled
- Hide and seek Iot botnet updates include new Android ADB exploit
- New "Torii" Botnet's Sophisticated Techniques Set It Apart From Mirai
- DDoS attack on education vendor hinders access to districts’ online portals
- New Torii Botnet uncovered, more sophisticated than Mirai | Avast
- Hide and seek Iot botnet updates include new Android ADB exploit
- New "Torii" Botnet's Sophisticated Techniques Set It Apart From Mirai
MALVERTISING
Nothing to report
PHISHING
- Android password managers not as secure as desktop counterparts
- Boffins bypass password protection with pilfering by phony programs
- Are long passphrases the answer to password problems?
- Chrome 70 will resolve cookies and login privacy issues
WEB DEFACEMENT
Nothing to report
MALWARE
- APT Group Uses Dangerous LoJax Malware That Can Survive After OS Re-installation and Hard Disk Replacement
- Russians' stealthy 'LoJax' malware can infect on the firmware level
- CCSP Exam Details and Process
- CCSP: Overview of Domains
- Ransomware Attack Hits Port of San Diego
- The PowerShell Boogeyman: How to Defend Against Malicious PowerShell Attacks
- Chronicle Unveils VirusTotal Enterprise
- Crooks turn to Delphi packers to evade malware detection
- Chronicle announces VirusTotal Enterprise with greater search and analysis capabilities
- Out of sight but not invisible: Defeating fileless malware with behavior monitoring, AMSI, and next-gen AV
- Alphabet launches VirusTotal Enterprise
- Is There Such a Thing as a Malicious PowerShell Command?
- New KONNI Malware attacking Eurasia and Southeast Asia
- New KONNI Malware attacking Eurasia and Southeast Asia
- Pirated Game of Thrones episodes most popular TV bait for malware
- Seven additional modules make Fancy Bear’s VPNFilter malware even more versatile
- Russian Cyberspies Use UEFI Rootkit in Attacks
- Dirhunt – Search and Analyze Target Domain Directories
- Port of San Diego Affected by a Ransomware Attack
- Phorpiex worm pivots to infect the enterprise with GandCrab ransomware
- Crooks turn to Delphi packers to evade malware detection
- Russian Sednit APT used the first UEFI rootkit of ever in attacks in the wild
- LoJax: First-ever UEFI rootkit detected in a cyberattack
- DanaBot trojan sets sights on Europe, new features
- SC Media September Product Reviews: Threat Intelligence
DomainTools Iris Investigation Platform l
- #Malware classifcation, which encompasses both the identification and attribution of code, has the power to unlock many clues that aid
- New VirusTotal Enterprise Offers Private Graphs, Faster Searches
- Alphabet's Chronicle Releases VirusTotal Enterprise
- Malware steals personal information from 6.4M SheIn customers
- Malware hits fashion giant SHEIN; 6.42 million online shoppers affected
- Cybersecurity Researchers Spotted First-Ever UEFI Rootkit in the Wild
- Emergence of new ransomware variants feature names of popular politicians
- Now that Office 365 has become one of Microsoft's fastest-growing revenue streams, it has become a primary target for #ransomware.
- Fancy Bear LoJax campaign reveals first documented use of UEFI rootkit in the wild
- Researchers find vulnerability in Apple's MDM DEP process
- Seven additional modules make Fancy Bear's VPNFilter malware even more versatile
- Cloudflare Becomes a Registrar, Sells Domains At Cost
- APT28 Uses LoJax, First UEFI Rootkit Seen in the Wild
- Alphabet's Chronicle Security Business Launches VirusTotal Enterprise
- VPNFilter Router Malware Adds 7 New Network Exploitation Modules
- Malware in the Cloud: What You Need to Know
- Discover how Tripwire Malware Detection...
- Protects against zero-day exploits and other known threats.
- Offers an enterprise view of suspicious malware objects across all monitored systems.
- Protects from repeat #malware attacks.
Learn more here:
- Malware in the Cloud: What You Need to Know
EXPLOIT
- Hide and seek Iot botnet updates include new Android ADB exploit
- Hide and seek Iot botnet updates include new Android ADB exploit
- VPNFilter Router Malware Adds 7 New Network Exploitation Modules
- Discover how Tripwire Malware Detection...
- Protects against zero-day exploits and other known threats.
- Offers an enterprise view of suspicious malware objects across all monitored systems.
- Protects from repeat #malware attacks.
Learn more here:
VULNERABILITY
- Local-Privilege Escalation Flaw in Linux Kernel Allows Root Access
- DEF CON report finds decade-old flaw in widely used ballot-counting machine
- Twitter fixes API bug that shared data with wrong developers
- How to Keep Up Security in a Bug-Infested World
- Twitter Bug May Have Exposed Millions of DMs
- Developers focus on wrong open source software vulnerabilities, research says
- Security Flaw Found in Apple Mobile Device Enrollment Program
- Cisco Releases Alerts for 14 High Severity Bugs
- Apple DEP vulnerability lets attackers access orgs’ resources, info
- Cisco unearths 13 'High Impact' IOS vulnerabilities you need to patch now
- How automakers are tackling connected vehicle vulnerability management
- Tripwire Patch Priority Index for September 2018
- Researchers find vulnerability in Apple's MDM DEP process
- GNOME 3.30.1 released: bugfixes
- Norwegian state discusses vulnerabilities with IT sector
- Mutagen Astronomy Linux Kernel vulnerability affects Red Hat, CentOS, and Debian distros
- KDE Plasma 5.12.7 LTS releases: fix bugs
- Discover how Tripwire Malware Detection...
- Protects against zero-day exploits and other known threats.
- Offers an enterprise view of suspicious malware objects across all monitored systems.
- Protects from repeat #malware attacks.
Learn more here:
- ex-NSA Hacker Discloses macOS Mojave 10.14 Zero-Day Vulnerability
HEALTHCARE
Nothing to report
TRANSPORT
Nothing to report
BANKING & FINANCE
- Threat-group Magecart - More Victims
- New GootKit Campaigns Target European Banks with Reconnaissance Attacks
INFORMATION & TELECOMMUNICATION
Nothing to report
FOOD
Nothing to report
WATER
Nothing to report
ENERGY
Nothing to report
GOVERNMENT & PUBLIC SERVICE
- DEF CON report finds decade-old flaw in widely used ballot-counting machine
ASIA
- APT10 Targeting Japanese Corporations Using Updated TTPs
- New Torii Botnet uncovered, more sophisticated than Mirai | Avast
- “Disturbing plans” in China revealed by a former Google employee
WORLD
- Russians' stealthy 'LoJax' malware can infect on the firmware level
- DEF CON report finds decade-old flaw in widely used ballot-counting machine
- Russian Cyberspies Use UEFI Rootkit in Attacks
- Threat-group Magecart - More Victims
- Russian Sednit APT used the first UEFI rootkit of ever in attacks in the wild
- GDPR: Data Breach Class Action Lawsuits Come to Europe
- SheIn Data Breach Exposed Personal Details 6.4 Million Customers To Hackers
- Norwegian state discusses vulnerabilities with IT sector
- Seven additional modules make Fancy Bear's VPNFilter malware even more versatile
- You should prepare for the next mega data breach
- Uber agrees to pay $148 million in massive 2016 data breach settlement
- VPNFilter Router Malware Adds 7 New Network Exploitation Modules
- “Disturbing plans” in China revealed by a former Google employee
ATTACKS
- Hide and Seek (HNS) IoT Botnet targets Android devices with ADB option enabled
- Android password managers not as secure as desktop counterparts
- Hide and seek Iot botnet updates include new Android ADB exploit
- Twitter Bug May Have Exposed Millions of DMs
- New "Torii" Botnet's Sophisticated Techniques Set It Apart From Mirai
- DDoS attack on education vendor hinders access to districts’ online portals
- Boffins bypass password protection with pilfering by phony programs
- GDPR: Data Breach Class Action Lawsuits Come to Europe
- Fancy Bear LoJax campaign reveals first documented use of UEFI rootkit in the wild
- New Torii Botnet uncovered, more sophisticated than Mirai | Avast
- SheIn Data Breach Exposed Personal Details 6.4 Million Customers To Hackers
- Hide and seek Iot botnet updates include new Android ADB exploit
- United Nations data found exposed on web: researcher
- New GootKit Campaigns Target European Banks with Reconnaissance Attacks
- Uber to Pay $148 Million as a Settlement for Data Breach Cover
- Uber fined $148m for data breach cover-up
- New "Torii" Botnet's Sophisticated Techniques Set It Apart From Mirai
- You should prepare for the next mega data breach
- Uber agrees to pay $148 million in massive 2016 data breach settlement
- Are long passphrases the answer to password problems?
- Chrome 70 will resolve cookies and login privacy issues
- Endace launches petabyte network recording appliance
THREATS
- APT Group Uses Dangerous LoJax Malware That Can Survive After OS Re-installation and Hard Disk Replacement
- Russians' stealthy 'LoJax' malware can infect on the firmware level
- CCSP Exam Details and Process
- CCSP: Overview of Domains
- Ransomware Attack Hits Port of San Diego
- The PowerShell Boogeyman: How to Defend Against Malicious PowerShell Attacks
- Chronicle Unveils VirusTotal Enterprise
- Crooks turn to Delphi packers to evade malware detection
- Chronicle announces VirusTotal Enterprise with greater search and analysis capabilities
- Out of sight but not invisible: Defeating fileless malware with behavior monitoring, AMSI, and next-gen AV
- Local-Privilege Escalation Flaw in Linux Kernel Allows Root Access
- Alphabet launches VirusTotal Enterprise
- DEF CON report finds decade-old flaw in widely used ballot-counting machine
- Twitter fixes API bug that shared data with wrong developers
- Is There Such a Thing as a Malicious PowerShell Command?
- New KONNI Malware attacking Eurasia and Southeast Asia
- New KONNI Malware attacking Eurasia and Southeast Asia
- How to Keep Up Security in a Bug-Infested World
- Pirated Game of Thrones episodes most popular TV bait for malware
- Seven additional modules make Fancy Bear’s VPNFilter malware even more versatile
- Hide and seek Iot botnet updates include new Android ADB exploit
- Twitter Bug May Have Exposed Millions of DMs
- Russian Cyberspies Use UEFI Rootkit in Attacks
- Dirhunt – Search and Analyze Target Domain Directories
- Port of San Diego Affected by a Ransomware Attack
- Developers focus on wrong open source software vulnerabilities, research says
- Phorpiex worm pivots to infect the enterprise with GandCrab ransomware
- Security Flaw Found in Apple Mobile Device Enrollment Program
- Crooks turn to Delphi packers to evade malware detection
- Russian Sednit APT used the first UEFI rootkit of ever in attacks in the wild
- LoJax: First-ever UEFI rootkit detected in a cyberattack
- DanaBot trojan sets sights on Europe, new features
- SC Media September Product Reviews: Threat Intelligence
DomainTools Iris Investigation Platform l
- #Malware classifcation, which encompasses both the identification and attribution of code, has the power to unlock many clues that aid
- New VirusTotal Enterprise Offers Private Graphs, Faster Searches
- Alphabet's Chronicle Releases VirusTotal Enterprise
- Cisco Releases Alerts for 14 High Severity Bugs
- Apple DEP vulnerability lets attackers access orgs’ resources, info
- Cisco unearths 13 'High Impact' IOS vulnerabilities you need to patch now
- Malware steals personal information from 6.4M SheIn customers
- How automakers are tackling connected vehicle vulnerability management
- Malware hits fashion giant SHEIN; 6.42 million online shoppers affected
- Cybersecurity Researchers Spotted First-Ever UEFI Rootkit in the Wild
- Emergence of new ransomware variants feature names of popular politicians
- Now that Office 365 has become one of Microsoft's fastest-growing revenue streams, it has become a primary target for #ransomware.
- Fancy Bear LoJax campaign reveals first documented use of UEFI rootkit in the wild
- Tripwire Patch Priority Index for September 2018
- Researchers find vulnerability in Apple's MDM DEP process
- GNOME 3.30.1 released: bugfixes
- Norwegian state discusses vulnerabilities with IT sector
- Seven additional modules make Fancy Bear's VPNFilter malware even more versatile
- Hide and seek Iot botnet updates include new Android ADB exploit
- Cloudflare Becomes a Registrar, Sells Domains At Cost
- APT28 Uses LoJax, First UEFI Rootkit Seen in the Wild
- Mutagen Astronomy Linux Kernel vulnerability affects Red Hat, CentOS, and Debian distros
- Alphabet's Chronicle Security Business Launches VirusTotal Enterprise
- VPNFilter Router Malware Adds 7 New Network Exploitation Modules
- Malware in the Cloud: What You Need to Know
- KDE Plasma 5.12.7 LTS releases: fix bugs
- Discover how Tripwire Malware Detection...
- Protects against zero-day exploits and other known threats.
- Offers an enterprise view of suspicious malware objects across all monitored systems.
- Protects from repeat #malware attacks.
Learn more here:
- Malware in the Cloud: What You Need to Know
- ex-NSA Hacker Discloses macOS Mojave 10.14 Zero-Day Vulnerability
CRIME
- Russians' stealthy 'LoJax' malware can infect on the firmware level
- Threat-group Magecart - More Victims
- New GootKit Campaigns Target European Banks with Reconnaissance Attacks
POLITICS
- DEF CON report finds decade-old flaw in widely used ballot-counting machine
- Russian Cyberspies Use UEFI Rootkit in Attacks
- APT10 Targeting Japanese Corporations Using Updated TTPs
- APT28 Uses LoJax, First UEFI Rootkit Seen in the Wild
TRANSNATIONAL / UNKNOWN
- Source Defense raises $10 million for website supply chain solution
- Malware steals passwords from 6.4 million SHEIN customers
- Magecart Attacks Grow Rampant in September
CHINA
Nothing to report
INDIA
Nothing to report
NORTH KOREA
Nothing to report
PAKISTAN
Nothing to report
VIETNAM
Nothing to report
IRAN
Nothing to report
LEBANON
Nothing to report
PALESTINE
Nothing to report
SAUDI ARABIA
Nothing to report
UNITED ARAB EMIRATES
Nothing to report
RUSSIA
- Windows 10 October 2018 Update is RTM: Clues Leads to Final Build 17763
- Will Microsoft release Windows 10 October Update on October 2?
UKRAINE
Nothing to report
WINDOWS
- New Linux Kernel “Mutagen Astronomy” Flaw Impacts Red Hat, CentOS, Debian Distributions.
- Windows 10 October 2018 Update is RTM: Clues Leads to Final Build 17763
- Microsoft is killing passwords one announcement at a time
- WTB: Adwind Trojan Circumvents Antivirus Software To Infect Your PC
- Variant of patched IE vulnerability spotted in wild
- Alert: A remote code execution vulnerability is discovered in Microsoft Windows Jet database engine
- New Adwind RAT Attack Linux, Windows and Mac via DDE Code Injection Technique by Evading Antivirus Software
- Crooks leverages Kodi Media Player add-ons for malware distribution
- Will Microsoft release Windows 10 October Update on October 2?
LINUX
- Vulnerability in Cisco routers could allow DoS attacks
- New Linux Kernel “Mutagen Astronomy” Flaw Impacts Red Hat, CentOS, Debian Distributions.
- Cisco: Linux kernel FragmentSmack bug now affects 88 of our products
- WTB: Adwind Trojan Circumvents Antivirus Software To Infect Your PC
- Linux Kernel Vulnerability Affects Red Hat, CentOS, Debian
- New Adwind RAT Attack Linux, Windows and Mac via DDE Code Injection Technique by Evading Antivirus Software
- Crooks leverages Kodi Media Player add-ons for malware distribution
- New Linux Kernel Bug Affects Red Hat, CentOS, and Debian Distributions
- New security vulnerabilities (CVE-2018-14634) affects CentOS and Red Hat Linux
UNIX
Nothing to report
ANDROID
- Hide and Seek (HNS) IoT Botnet targets Android devices with ADB option enabled
- Android password managers can be tricked into believing that evil apps are good
- Trojanized App In Google Play Steals Bank Customers' Euros
- Password managers can be tricked into believing that malicious Android apps are legitimate
- Android Banking Trojan Found On Google Play with 10,000 Installs Steals User’s Banking Credentials
- Android spyware in development plunders WhatsApp data, private conversations
- Hide and Seek Botnet Adds Infection Vector for Android Devices
- Hide and Seek IoT Botnet Learns New Tricks: Uses ADB over Internet to Exploit Thousands of Android Devices
- 25 Malicious apps that Downloaded More Than 120,000 Times Contains Hidden Cryptomining Script
IOS
- CVE-2018-0150: Cisco IOS XE Software Static Credential Vulnerability
MACOS
- WTB: Adwind Trojan Circumvents Antivirus Software To Infect Your PC
- Apple pushes out Mojave 10.14, patches numerous vulnerabilities
- New Adwind RAT Attack Linux, Windows and Mac via DDE Code Injection Technique by Evading Antivirus Software
DATA BREACH
- Uber Agrees to $148M Settlement With States Over Data Breach
- Uber to pay $148 million to states for 2016 data breach
- Firefox Notifies Users of Compromised Accounts
- Uber to pay $148 million in settlment over 2016 data breach and cover-up
- Ex-NSA employee sentenced to 5.5 years in prison for leaking confidential data
- United Nations data found exposed on web: researcher
- United Nations data found exposed on web: researcher
- Former NSA TAO hacker sentenced to 66 months in prison over Kaspersky Leak
- SHEIN Data Breach Impacts Over 6.4 Million Customers
- SMBs face costs of up to $2.5 million after a data breach
- United Nations data found exposed on web: researcher
- Millions of Twitter DMs may have been exposed by year-long bug
- Firefox Monitor tells you whether your email was compromised in a data breach
- Alert: A remote code execution vulnerability is discovered in Microsoft Windows Jet database engine
- United Nations Mistakenly Exposed Sensitive Data to The Public
- oPatch community released micro patches for Microsoft JET Database Zero-Day
- Malware campaign attacks freelancers
DENIAL-OF-SERVICE
- Hide and Seek (HNS) IoT Botnet targets Android devices with ADB option enabled
- Bitcoin Core Team fixes a critical DDoS flaw in wallet software
- Bad bots are stealing data and ruining the customer experience
- DDoS Attack on German Energy Company RWE
- DDoS Attack on German Energy Company RWE
- Bots at the Gate: A Human Rights Analysis of Automated Decision Making in Canada’s Immigration and Refugee System
- Vulnerability in Cisco routers could allow DoS attacks
- DDoS attack on education vendor hinders access to districts’ online portals
- Microsoft Adds New Tools to Azure DDoS Protection
- Viro Botnet Ransomware
- Infinite Campus DDoS attack impedes access to student data
- Hide and Seek Botnet Adds Infection Vector for Android Devices
- Hide and Seek IoT Botnet Learns New Tricks: Uses ADB over Internet to Exploit Thousands of Android Devices
- Bitcoin Core Team Releases Critical Security Update to Fix DDoS Attack Vulnerability
MALVERTISING
Nothing to report
PHISHING
- Chegg to reset passwords for 40 million users after April 2018 hack
- Android password managers can be tricked into believing that evil apps are good
- User login notifications
- Beware of payroll-themed phishing. Here’s one example.
- SHEIN breach exposes emails, encrypted passwords of 6.42M customers
- Counter Phishing Attacks with These Five Tricks
- Password managers can be tricked into believing that malicious Android apps are legitimate
- Cisco patches critical default password vulnerability
- 11:30 AM ET today: @AlexanderGTster and @illena_a from @SCmagazine share the scoop on #spearphishing and how you can go beyond the obvious defenses to protect users from email attacks.
- Password Tips from a Pen Tester: Are 12-Character Passwords Really Stronger, or Just a Dime a Dozen?
- #SecurityNews: Popular news aggregation site #NewsNow has been notifying its users of a potential password #breach after it found evidence of an #intrusion. Read more about this #databreach here:
- Looking for a enterprise grade password vault solution but MUST be hosted onsite
- #SecurityNews: New #Ofcom rules "could help tackle #vishing" (voice #phishing) scams. They come into force on Oct 1st and will ban phone companies for charging for the Caller ID service that helps users screen their calls. Read more abut this here:
- 156 million #phishing emails are sent out every day and email users receive up to 20 phishing emails each month. Learn more about modern phishing techniques and how to address them in the @ironscales #whitepaper.
- Microsoft is killing passwords one announcement at a time
- Aggregate this: NewsNow has spilt a bunch of 'encrypted' passwords
- NewsNow Ditches Passwords After Possible Breach
- Malware steals passwords from SHEIN, 6.4 million customers impacted
- Malware steals passwords from 6.4 million SHEIN customers
- Backlash sees change in Chrome login and Google account behaviour
- Chrome 70 Lets you Control Automatic Login and Deletes Google Cookies
WEB DEFACEMENT
Nothing to report
MALWARE
- Cisco's probe of VPNFilter router malware uncovers several new hacking techniques
- VPNFilter Malware Adds Seven New Tools For Exploiting Network Devices
- Fraudulent shopping domain certificate issuance outstrips legitimate businesses
- Businesses in Arkansas Hit with Ransomware
- Malware in the Cloud: What You Need to Know
- Businesses in Arkansas Hit with Ransomware
- Air Gapped PCs are Still at Risk. The Rise of USB-based Crytojacking Malware
- Crooks turn to Delphi packers to evade malware detection
- USB malware and cryptominers are threat to emerging markets
- DanaBot trojan sets sights on Europe, new features
- Trojanized App In Google Play Steals Bank Customers' Euros
- Password managers can be tricked into believing that malicious Android apps are legitimate
- Crooks turn to Delphi packers to evade malware detection
- Viro Botnet Ransomware
- Freelancers baited with job offers to download malicious macros
- Android Banking Trojan Found On Google Play with 10,000 Installs Steals User’s Banking Credentials
- Domain flub leaves 30 million customers high and dry
- USB malware and cryptominers are threat to emerging markets
- WTB: Adwind Trojan Circumvents Antivirus Software To Infect Your PC
- Android spyware in development plunders WhatsApp data, private conversations
- The MITRE ATT&CK Framework: Exfiltration
- Malware steals passwords from SHEIN, 6.4 million customers impacted
- VPNFilter III: More Tools for the Swiss Army Knife of Malware
- New Adwind RAT Attack Linux, Windows and Mac via DDE Code Injection Technique by Evading Antivirus Software
- Malware steals passwords from 6.4 million SHEIN customers
- Crooks leverages Kodi Media Player add-ons for malware distribution
- Malware in the Cloud: What You Need to Know
- Cryptocurrency mining malware increases 86%
- 25 Malicious apps that Downloaded More Than 120,000 Times Contains Hidden Cryptomining Script
- Malware campaign attacks freelancers
- GandCrab v5 Ransomware Utilizing the ALPC Task Scheduler Exploit
EXPLOIT
- VPNFilter Malware Adds Seven New Tools For Exploiting Network Devices
- NSA dev in the clink for 5.5 years after letting Kaspersky, allegedly Russia slurp US exploits
- Rockwell Automation Buffer Overflow Vulnerability
- Hide and Seek IoT Botnet Learns New Tricks: Uses ADB over Internet to Exploit Thousands of Android Devices
- GandCrab v5 Ransomware Utilizing the ALPC Task Scheduler Exploit
VULNERABILITY
- Bitcoin Core Team fixes a critical DDoS flaw in wallet software
- Vulnerability in Cisco routers could allow DoS attacks
- Cisco patches critical default password vulnerability
- New Linux Kernel “Mutagen Astronomy” Flaw Impacts Red Hat, CentOS, Debian Distributions.
- Twitter fixes API bug that shared data with wrong developers
- Cisco: Linux kernel FragmentSmack bug now affects 88 of our products
- Bug? Feature? Power users baffled as BitLocker update switch-off continues
- Braking bad: Mitsubishi recalls 68k SUVs over buggy software
- Linux Kernel Vulnerability Affects Red Hat, CentOS, Debian
- Millions of Twitter DMs may have been exposed by year-long bug
- Apple pushes out Mojave 10.14, patches numerous vulnerabilities
- Variant of patched IE vulnerability spotted in wild
- Alert: A remote code execution vulnerability is discovered in Microsoft Windows Jet database engine
- Rockwell Automation Buffer Overflow Vulnerability
- Crowdfense launches Vulnerability Research Hub for top security researchers
- oPatch community released micro patches for Microsoft JET Database Zero-Day
- New Linux Kernel Bug Affects Red Hat, CentOS, and Debian Distributions
- Vulnerability affects Cisco Video Surveillance Manager
- Bitcoin Core Team Releases Critical Security Update to Fix DDoS Attack Vulnerability
- Snyk raises $22 million to address security vulnerabilities in open source code
- New security vulnerabilities (CVE-2018-14634) affects CentOS and Red Hat Linux
- CVE-2018-0150: Cisco IOS XE Software Static Credential Vulnerability
