DATA BREACH
- URSNIF Phishing Campaign Spreads Malware by Replying to Existing E-mail Threads
- Heathrow Fined For USB Stick Data Breach
- Google+ Users, Upset Over Data Leak, Sue Google
- Google+ will shut down after leaking info of 500k accounts
- Amazon acknowledges that the company’s employees leaked user information to the seller
- Upgrade Your Threat Intelligence Program Part 5: Take Down Fraud Campaigns & Cyber Scams
- Magecart group compromises customer ratings tool, affecting 'hundreds' of online stores
- Google: We're giving you more control over what personal data apps can use
- Garmin's Navionics exposed data belonging to thousands of customers
- Phishing Campaign uses Hijacked Emails to Deliver URSNIF by Replying to Ongoing Threads
- Google+ shut down after bug exposed user data
- Over 4.5 Billion Records Breached in H1 2018, Finds Report
- Google+ Shuts Down Following Undisclosed Data Breach
- The end of Google+: Low usage and an API bug that exposed user data
- 33,000 Accounting Inbox Credentials Exposed Online: BEC Made Easy. Read the full blog here:
- Magecart Group Compromises Plugin Used in Thousands of Stores, Makes Rookie Mistake
- Heathrow Airport fined £120,000 over USB data breach debacle
- "Application control bypass techniques are a big thing that is happening right now - - 80% to 85% of compromises
- For @5ean5ullivan, a security adviser at cyber firm F-Secure, a campaign’s cyber protections boil down to education — making sure
- Google has made the decision to shut down much of its #GooglePlus social network following the disclosure of vulnerable data.
- Gemalto reports 4.6 billion record breaches in the first half of 2018
- Hackers Targeting Instagram Accounts of Influential Profiles for Ransom in a Recent Campaign
- Sunsets for Google Plus after Reports of Data Breach
- Google Announced Google+ Shut down, Following Security Breach That Exposed 500,000 Users Accounts
- Oh no, looks like we can't trust our data with Google either
"Google hid major Google+ security flaw that exposed
- Cryptojacking campaign targets add-ons for popular streaming app Kodi
DENIAL-OF-SERVICE
- New Cloud VPS Provider with Built-In DDoS Protection and Anti-Virus | SkySilk Cloud Services
- Over nine million cameras and DVRs open to APTs, botnet herders, and voyeurs
- New IoT botnet “hide and seek” variants target Android devices
- Hacked #Fortnite accounts and rent-a-botnet being pushed on
MALVERTISING
Nil
PHISHING
- How to Evade Expensive Phishing Filters with One Simple Trick
- URSNIF Phishing Campaign Spreads Malware by Replying to Existing E-mail Threads
- With a few keystrokes, Number One used the admin/admin login to siphon all the email addresses, names and titles of
- As a way to inch forward in the battle of default passwords, California has passed a law that will make
- Phishing Campaign uses Hijacked Emails to Deliver URSNIF by Replying to Ongoing Threads
- Phishing attacks use Azure Blob storage to simulate Microsoft
- Weak IOT passwords outlawed in California
- California’s ban on weak default passwords isn’t going to fix IoT security
- Police Warned that Phishing Text Messages are Used to Target the Bank Customers
- one more reason to not use Facebook login everywhere, no matter how convenient it is.
- Using web phishing, criminals have managed to steal $3.7 million (251 million rubles), which is 6% more than in the
WEB DEFACEMENT
Nil
MALWARE
- Cryptomining dethrones ransomware as 2018’s top threat - Webroot
- Slideshow: Intel from Virus Bulletin 2018
- Block puzzle games laced with malware | Avast
- How does #FacexWorm #malware use @Facebook Messenger to spread? Learn more about this new malware with expert @lewisnic.
- URSNIF Phishing Campaign Spreads Malware by Replying to Existing E-mail Threads
- The @USAgov is rolling out #2FA authentication for officers managing .gov domains, but experts say #GoogleAuthenticator might not be the
- Panda Banker Trojan becomes part of Emotet threat distribution platform
- New Cloud VPS Provider with Built-In DDoS Protection and Anti-Virus | SkySilk Cloud Services
- How does #MassMiner #malware infect systems across the web?
- Hackers breach customer rating tool used on over 7,000 websites
- The government domain registrar -- DotGov -- began rolling out two-factor #authentication for officials managing .gov domains in order to
- Magecart group compromises customer ratings tool, affecting 'hundreds' of online stores
- Proofpoint: One month out from deadline, half of agency domains are #DMARC compliant http://ow.ly/3SRI50iYi41 via CyberScoopNews
- New Domains: A Wide-Open Playing Field for Cybercrime
- #Ransomware Survival Guide: 10 things to know before, during, and after an attack:
EXPLOIT
- Microsoft Patches Windows Zero-Day Exploited by 'FruityArmor' Group
- Microsoft October 2018 Patch Tuesday fixes zero-day exploited by FruityArmor APT
- Sophos recently discovered a #Samsam extortion code that performs whole-company attacks through a variety of vulnerability exploits. Discover how this
- Active Workload Protection on Amazon EKS and AWS Fargate
VULNERABILITY
- Microsoft patches 0-day Windows flaw under attack
- Microsoft Patches Zero-Day Under Active Attack by APT
- VMware Workstation, Fusion, and ESXi Affected by DoS Vulnerability, No Patch Yet
- Microsoft Patches Windows Zero-Day Exploited by 'FruityArmor' Group
- Microsoft October 2018 Patch Tuesday fixes zero-day exploited by FruityArmor APT
- Vulnerability Spotlight: VMWare Workstation DoS Vulnerability
- Microsoft Patch Tuesday — October 18: Vulnerability disclosures and Snort coverage
- Vulnerability in the Intel Unified Shader compiler for the Intel Graphics Accelerator
- Git Gets Patched for Newly Found Flaw
- Microsoft October 2018 Patch Tuesday Fixes 12 Critical Vulnerabilities
- Sony Bravia Smart TVs affected by a critical vulnerability
- Apple fixes iOS 12 passcode bypass vulnerabilities
- Vulnerability Spotlight: VMWare Workstation DoS Vulnerability
- Microsoft October Patch Tuesday Fixes 12 Critical Vulnerabilities
- Microsoft Patch Tuesday — October 18: Vulnerability disclosures and Snort coverage
- Sophos recently discovered a #Samsam extortion code that performs whole-company attacks through a variety of vulnerability exploits. Discover how this
- Google+ shut down after bug exposed user data
- Vulnerability in the Intel Unified Shader compiler for the Intel Graphics Accelerator
- Adobe Releases Security Patch Updates for 11 Vulnerabilities
- The end of Google+: Low usage and an API bug that exposed user data
- TOP 10 PHP Vulnerability Scanners
- RIP Google Plus: Shutdown announced after API bug exposes 500,000 users' details
- On our new #CyberSauna podcast:
Find out how F-Secure's @nxsolle and Pasi Saarinen discovered a flaw that allows attackers to get
- Critical vulnerability in Sony Bravia Smart TV
- Oh no, looks like we can't trust our data with Google either
"Google hid major Google+ security flaw that exposed
HEALTHCARE
- DHS issued an alert on attacks aimed at Managed Service Providers
- Sunsets for Google Plus after Reports of Data Breach
TRANSPORT
- Heathrow Airport fined £120,000 over USB data breach debacle
BANKING & FINANCE
- Panda Banker Trojan becomes part of Emotet threat distribution platform
- Amazon acknowledges that the company’s employees leaked user information to the seller
- The Magecart Seal of Approval: Card-Skimming Group Executes Scaled Supply Chain Attack on Shopper Approved
- Magecart group compromises customer ratings tool, affecting 'hundreds' of online stores
- Phishing Campaign uses Hijacked Emails to Deliver URSNIF by Replying to Ongoing Threads
- New Domains: A Wide-Open Playing Field for Cybercrime
- Magecart Group Compromises Plugin Used in Thousands of Stores, Makes Rookie Mistake
- Active Workload Protection on Amazon EKS and AWS Fargate
- Police Warned that Phishing Text Messages are Used to Target the Bank Customers
- Sunsets for Google Plus after Reports of Data Breach
INFORMATION & TELECOMMUNICATION
- How does #FacexWorm #malware use @Facebook Messenger to spread? Learn more about this new malware with expert @lewisnic.
- The Magecart Seal of Approval: Card-Skimming Group Executes Scaled Supply Chain Attack on Shopper Approved
- As a way to inch forward in the battle of default passwords, California has passed a law that will make
- Phishing Campaign uses Hijacked Emails to Deliver URSNIF by Replying to Ongoing Threads
- Formjacking attacks are on the rise, with the recent #Magecart attacks the most notable examples. @Symantec has blocked almost 250,000
- Google+ Shuts Down Following Undisclosed Data Breach
- Phishing attacks use Azure Blob storage to simulate Microsoft
- The end of Google+: Low usage and an API bug that exposed user data
- 33,000 Accounting Inbox Credentials Exposed Online: BEC Made Easy. Read the full blog here:
- For @5ean5ullivan, a security adviser at cyber firm F-Secure, a campaign’s cyber protections boil down to education — making sure
- Google has made the decision to shut down much of its #GooglePlus social network following the disclosure of vulnerable data.
- On our new #CyberSauna podcast:
Find out how F-Secure's @nxsolle and Pasi Saarinen discovered a flaw that allows attackers to get
- Hacked #Fortnite accounts and rent-a-botnet being pushed on
- Hackers Targeting Instagram Accounts of Influential Profiles for Ransom in a Recent Campaign
- one more reason to not use Facebook login everywhere, no matter how convenient it is.
- Sunsets for Google Plus after Reports of Data Breach
- Using web phishing, criminals have managed to steal $3.7 million (251 million rubles), which is 6% more than in the
- Comienza en MoscĂș #CyberCrimeCon —el gran encuentro mundial sobre cibercrimen y ciberterrorismo— y de lo primero que hablan es de
- Oh no, looks like we can't trust our data with Google either
"Google hid major Google+ security flaw that exposed
- #Ransomware Survival Guide: 10 things to know before, during, and after an attack:
FOOD
Nil
WATER
Nil
ENERGY
- DHS issued an alert on attacks aimed at Managed Service Providers
- Phishing Campaign uses Hijacked Emails to Deliver URSNIF by Replying to Ongoing Threads
GOVERNMENT & PUBLIC SERVICE
- APT28 group return to covert intelligence gathering ops in Europe and South America.
ASIA
- Panda Banker Trojan becomes part of Emotet threat distribution platform
- DHS issued an alert on attacks aimed at Managed Service Providers
- Police Warned that Phishing Text Messages are Used to Target the Bank Customers
WORLD
- How to Evade Expensive Phishing Filters with One Simple Trick
- Panda Banker Trojan becomes part of Emotet threat distribution platform
- APT28 group return to covert intelligence gathering ops in Europe and South America.
- Sony Bravia Smart TVs affected by a critical vulnerability
- DHS issued an alert on attacks aimed at Managed Service Providers
- The Magecart Seal of Approval: Card-Skimming Group Executes Scaled Supply Chain Attack on Shopper Approved
- Hackers breach customer rating tool used on over 7,000 websites
- Magecart group compromises customer ratings tool, affecting 'hundreds' of online stores
- New Magecart hack detected at Shopper Approved
- Phishing Campaign uses Hijacked Emails to Deliver URSNIF by Replying to Ongoing Threads
- Vulnerability Spotlight: VMWare Workstation DoS Vulnerability
- Phishing attacks use Azure Blob storage to simulate Microsoft
- Weak IOT passwords outlawed in California
- Gemalto reports 4.6 billion record breaches in the first half of 2018
- Sunsets for Google Plus after Reports of Data Breach
- Critical vulnerability in Sony Bravia Smart TV
ATTACKS
- How to Evade Expensive Phishing Filters with One Simple Trick
- URSNIF Phishing Campaign Spreads Malware by Replying to Existing E-mail Threads
- Heathrow Fined For USB Stick Data Breach
- Google+ Users, Upset Over Data Leak, Sue Google
- New Cloud VPS Provider with Built-In DDoS Protection and Anti-Virus | SkySilk Cloud Services
- Over nine million cameras and DVRs open to APTs, botnet herders, and voyeurs
- Google+ will shut down after leaking info of 500k accounts
- Amazon acknowledges that the company’s employees leaked user information to the seller
- Upgrade Your Threat Intelligence Program Part 5: Take Down Fraud Campaigns & Cyber Scams
- With a few keystrokes, Number One used the admin/admin login to siphon all the email addresses, names and titles of
- Magecart group compromises customer ratings tool, affecting 'hundreds' of online stores
- Google: We're giving you more control over what personal data apps can use
- As a way to inch forward in the battle of default passwords, California has passed a law that will make
- Garmin's Navionics exposed data belonging to thousands of customers
- Phishing Campaign uses Hijacked Emails to Deliver URSNIF by Replying to Ongoing Threads
- Google+ shut down after bug exposed user data
- Over 4.5 Billion Records Breached in H1 2018, Finds Report
- Google+ Shuts Down Following Undisclosed Data Breach
- Phishing attacks use Azure Blob storage to simulate Microsoft
- The end of Google+: Low usage and an API bug that exposed user data
- 33,000 Accounting Inbox Credentials Exposed Online: BEC Made Easy. Read the full blog here:
- Weak IOT passwords outlawed in California
- California’s ban on weak default passwords isn’t going to fix IoT security
- Magecart Group Compromises Plugin Used in Thousands of Stores, Makes Rookie Mistake
- Heathrow Airport fined £120,000 over USB data breach debacle
- "Application control bypass techniques are a big thing that is happening right now - - 80% to 85% of compromises
- New IoT botnet “hide and seek” variants target Android devices
- For @5ean5ullivan, a security adviser at cyber firm F-Secure, a campaign’s cyber protections boil down to education — making sure
- Google has made the decision to shut down much of its #GooglePlus social network following the disclosure of vulnerable data.
- Hacked #Fortnite accounts and rent-a-botnet being pushed on
- Gemalto reports 4.6 billion record breaches in the first half of 2018
- Police Warned that Phishing Text Messages are Used to Target the Bank Customers
- Hackers Targeting Instagram Accounts of Influential Profiles for Ransom in a Recent Campaign
- one more reason to not use Facebook login everywhere, no matter how convenient it is.
- Sunsets for Google Plus after Reports of Data Breach
- Google Announced Google+ Shut down, Following Security Breach That Exposed 500,000 Users Accounts
- Using web phishing, criminals have managed to steal $3.7 million (251 million rubles), which is 6% more than in the
- Oh no, looks like we can't trust our data with Google either
"Google hid major Google+ security flaw that exposed
- Cryptojacking campaign targets add-ons for popular streaming app Kodi
THREATS
- Cryptomining dethrones ransomware as 2018’s top threat - Webroot
- Microsoft patches 0-day Windows flaw under attack
- Microsoft Patches Zero-Day Under Active Attack by APT
- VMware Workstation, Fusion, and ESXi Affected by DoS Vulnerability, No Patch Yet
- Microsoft Patches Windows Zero-Day Exploited by 'FruityArmor' Group
- Microsoft October 2018 Patch Tuesday fixes zero-day exploited by FruityArmor APT
- Vulnerability Spotlight: VMWare Workstation DoS Vulnerability
- Microsoft Patch Tuesday — October 18: Vulnerability disclosures and Snort coverage
- Slideshow: Intel from Virus Bulletin 2018
- Vulnerability in the Intel Unified Shader compiler for the Intel Graphics Accelerator
- Git Gets Patched for Newly Found Flaw
- Block puzzle games laced with malware | Avast
- How does #FacexWorm #malware use @Facebook Messenger to spread? Learn more about this new malware with expert @lewisnic.
- URSNIF Phishing Campaign Spreads Malware by Replying to Existing E-mail Threads
- The @USAgov is rolling out #2FA authentication for officers managing .gov domains, but experts say #GoogleAuthenticator might not be the
- Panda Banker Trojan becomes part of Emotet threat distribution platform
- New Cloud VPS Provider with Built-In DDoS Protection and Anti-Virus | SkySilk Cloud Services
- Microsoft October 2018 Patch Tuesday Fixes 12 Critical Vulnerabilities
- Sony Bravia Smart TVs affected by a critical vulnerability
- How does #MassMiner #malware infect systems across the web?
- Hackers breach customer rating tool used on over 7,000 websites
- The government domain registrar -- DotGov -- began rolling out two-factor #authentication for officials managing .gov domains in order to
- Magecart group compromises customer ratings tool, affecting 'hundreds' of online stores
- Apple fixes iOS 12 passcode bypass vulnerabilities
- Vulnerability Spotlight: VMWare Workstation DoS Vulnerability
- Proofpoint: One month out from deadline, half of agency domains are #DMARC compliant http://ow.ly/3SRI50iYi41 via CyberScoopNews
- Microsoft October Patch Tuesday Fixes 12 Critical Vulnerabilities
- Microsoft Patch Tuesday — October 18: Vulnerability disclosures and Snort coverage
- Sophos recently discovered a #Samsam extortion code that performs whole-company attacks through a variety of vulnerability exploits. Discover how this
- Google+ shut down after bug exposed user data
- Vulnerability in the Intel Unified Shader compiler for the Intel Graphics Accelerator
- Adobe Releases Security Patch Updates for 11 Vulnerabilities
- New Domains: A Wide-Open Playing Field for Cybercrime
- The end of Google+: Low usage and an API bug that exposed user data
- TOP 10 PHP Vulnerability Scanners
- RIP Google Plus: Shutdown announced after API bug exposes 500,000 users' details
- Active Workload Protection on Amazon EKS and AWS Fargate
- On our new #CyberSauna podcast:
Find out how F-Secure's @nxsolle and Pasi Saarinen discovered a flaw that allows attackers to get
- Critical vulnerability in Sony Bravia Smart TV
- Oh no, looks like we can't trust our data with Google either
"Google hid major Google+ security flaw that exposed
- #Ransomware Survival Guide: 10 things to know before, during, and after an attack:
CRIME
- Cryptomining dethrones ransomware as 2018’s top threat - Webroot
- How to Evade Expensive Phishing Filters with One Simple Trick
- DHS issued an alert on attacks aimed at Managed Service Providers
- The Magecart Seal of Approval: Card-Skimming Group Executes Scaled Supply Chain Attack on Shopper Approved
- Magecart group compromises customer ratings tool, affecting 'hundreds' of online stores
- Phishing Campaign uses Hijacked Emails to Deliver URSNIF by Replying to Ongoing Threads
- Sophos recently discovered a #Samsam extortion code that performs whole-company attacks through a variety of vulnerability exploits. Discover how this
- New Domains: A Wide-Open Playing Field for Cybercrime
- 33,000 Accounting Inbox Credentials Exposed Online: BEC Made Easy. Read the full blog here:
- Magecart Group Compromises Plugin Used in Thousands of Stores, Makes Rookie Mistake
- Police Warned that Phishing Text Messages are Used to Target the Bank Customers
POLITICS
- APT28 group return to covert intelligence gathering ops in Europe and South America.
- DHS issued an alert on attacks aimed at Managed Service Providers
TRANSNATIONAL / UNKNOWN
- Fin7 Cybercrime Group Hacked Burgerville and Stolen Payment Card Details
CHINA
- Apple tells Congress it was never hacked by Chinese spy chips
- Apple to Congress: Chinese spy-chip story is “simply wrong”
- Bloomberg’s Chinese Hacking Report Is Wrong, Claims Apple
- Apple denies Chinese surveillance claims, Microsoft pulls Windows 10 update video
- UK, US Security Agencies Deny Investigating Chinese Spy Chips
- Why I don’t believe Bloomberg’s Chinese spy chip report
- Department of Homeland Security and GCHQ back Apple and Amazon’s denials they were hacked by China
- Apple, Amazon deny servers affected by China microchip plot
- China inserts microchips into motherboards used by Apple, CIA, Amazon
- China Infiltrated Amazon, Apple, U.S. Companies Using Tiny Chip: Report
- DHS, Apple push back on Bloomberg supply chain story
- DHS and GCHQ Say There's no Reason to Doubt Apple, Amazon Supermicro Hack Denial
- There’s a serious threat to the supply chain, says Pentagon
- DHS and GCHQ join Amazon and Apple in denying Bloomberg chip hack story
- US and UK Governments Back Denial of Supermicro Story
INDIA
Nil
NORTH KOREA
Nil
PAKISTAN
Nil
VIETNAM
Nil
IRAN
Nil
IRAQ
Nil
LEBANON
Nil
PALESTINE
Nil
SAUDI ARABIA
Nil
SYRIA
Nil
TURKEY
Nil
UNITED ARAB EMIRATES
Nil
YEMEN
Nil
RUSSIA
- APT28 Gets the Spotlight, But Turla Remains Russia’s Elite Hacking Unit
- APT28 Hacking Group’s New Espionage Operations Targets Military and Government Organizations
- Russian Privacy Blunder May Have Outed 300 GRU Agents
- Russia dismisses suspected spy actions as routine Dutch trip
- Seven Russian cyberspies indicted for hacking, wire fraud, ID theft
- Investigation Uncovers 300+ Possible GRU Officers
- Researchers: Turla and Zebrocy APT actors shared code, targets in 2018
- Kaspersky shed lights on the overlap of operations conducted by Turla and Sofacy
- First In-The-Wild UEFI Rootkit Discovered
SERBIA
Nil
UKRAINE
Nil
WINDOWS
Nil
LINUX
Nil
UNIX
Nil
ANDROID
Nil
IOS
Nil
MACOS
Nil
DATA BREACH
- 10/8/18: Dtex, Insider Threat, Privacy News: Dtex Earns Leadership, Product Awards; Insider Compromises French Law Enforcement Agency; The Big Hack
- Google was aware of a flaw that exposed over 500,000 of Google Plus users, but did not disclose it
- Google Says Social Network Bug Exposed Private Data
- Google+ Is Shutting Down After a Security Bug Exposed User Info
- Google chose not to go public about bug that exposed Google Plus users’ data
- Google shuts down Google+ after API bug exposed details for over 500,000 users
- #TLBleed exploits abuse Intel's HTT chip feature to leak data. Find out how hackers could launch side-channel attacks to obtain
- GitLab API Vulnerability Leaked Confidential Data On Public Projects
- Google announces plans to close Google+ for consumers following data breach
- Google+ Shutting Down After Bug Leaks Info of 500k Accounts
- .@David_Ingram of @NBCNews reports that political #campaigns and parties say they’re sending many more texts this year than in past
- Google+ is Shutting Down After a Vulnerability Exposed 500,000 Users' Data
- Expert presented a new attack technique to compromise MikroTik Routers
- With 12,556,810 email archives already exposed across misconfigured online file stores, attackers don’t even need to perform #accounttakeovers to gain
- ICO hits Heathrow Airport with £120,000 data breach fine over lost USB stick
- MikroTik routers with default credentials can be easily compromised
- Project Insecurity (@insecurity) researchers discovered certain #livechatsoftware that were leaking personal details of employee at several high-profile sites. Discover how
DENIAL-OF-SERVICE
- Hide and Seek IoT Botnet Now Spreads to New Android Devices Using ADB over Wi-Fi
- Assassin’s Creed Odyssey suffers DDoS attack at launch
MALVERTISING
Nil
PHISHING
- California to Ban Weak Passwords
- Phishing Enables Domestic Violence. Education Can Help Stop It.
- Hook, Line and Sinker: After Phish Get Caught
- Aspire Health Lost 'Protected Health Information' after Getting Hacked by a Phishing Scheme
- "Life is short - passwords are long."
- Finnish Communications Regulatory Authority
WEB DEFACEMENT
Nil
MALWARE
- GRRCon Augusta 2018, Ankur Tyagi’s ‘Analyzing Multi-Dimensional Malware Dataset’
- Malware isn't the only threat to Android apps. Others include copies of popular apps and those that abuse permission requests.
Here
- Code Execution Bug In Malicious Repositories Resolved By Git Project
- #Stegware: it's #Malware that uses #steganography techniques to avoid detection
- 2018's Most Active Ransomware: The Ongoing Evolution of GandCrab
- Most hosting providers take too long to remove malware distribution sites
- .@Trustlook Labs discovered an #Android #Trojan stealing data from messaging apps. Learn what #mobilesecurity programs should look for to detect
- .@ThreatFabric researchers uncovered a #malware that uses overlay techniques to avoid detection. Learn from @lewisnic how this new #Androidmalware --
- Mikko Hypponen's Picks For the Top 5 Viruses of All Time - F-Secure Blog
- US government rolls out 2-step verification for .gov domain owners
- Intel’s 9th-Generation Core Processors Unveiled
- Code execution bug in malicious repositories resolved by Git Project
- #Android #Trojan: How is data being stolen from #messagingapps?
- #GoScanSSH: How does this #malware work and differ from others?
- How did an organized crime group get a zip file from a reputable malware scanning service?
Malware researchers occasionally have ties
- Keeping your cloud malware-free: What you need to know
- Virus Attack Hampers the Email System of Ulster Town
- Beware!! Hackers Now Spreading Dangerous FlawedAmmyy Malware Through PDF & IQY File
- First In-The-Wild UEFI Rootkit Discovered
- The MITRE ATT&CK Framework: Command and Control
- .@TrendMicro researchers discovered #FacexWorm, a #malware that uses a #ChromeExtension and @Facebook Messenger to spread. Learn which users are at
EXPLOIT
- Hackers exploit vulnerability in Bitcoin code
- #TLBleed exploits abuse Intel's HTT chip feature to leak data. Find out how hackers could launch side-channel attacks to obtain
- Websites vulnerable to attack exploiting major framework
- "It is no secret that the #RemoteDesktop Protocol has long been a source of exploitable vulnerabilities, and it is well
- New Exploit for MikroTik Router WinBox Vulnerability Gives Full Root Access
VULNERABILITY
- Google shutting down Google+ after covering up privacy bug
- Hackers exploit vulnerability in Bitcoin code
- Google was aware of a flaw that exposed over 500,000 of Google Plus users, but did not disclose it
- Google Says Social Network Bug Exposed Private Data
- WECON PI Studio HMI software affected by code execution flaws
- Mozilla Patched Multiple Vulnerabilities In Thunderbird 60.2.1
- Google+ Is Shutting Down After a Security Bug Exposed User Info
- Google shuts down Google+ for consumers due to bug found months ago
- Google chose not to go public about bug that exposed Google Plus users’ data
- iOS 12.0.1 Released with Fixes to Passcode Bypass Bugs
- Google+ Shutting Down After Google Discovers API Bug Affecting 500K Users
- Google shuts down Google+ after API bug exposed details for over 500,000 users
- Code Execution Flaws Found in WECON Industrial Products
- GitLab API Vulnerability Leaked Confidential Data On Public Projects
- Code Execution Bug In Malicious Repositories Resolved By Git Project
- Google+ Shutting Down After Bug Leaks Info of 500k Accounts
- Vulnerabilities in RouterOS could enble hackers to take control of routers
- #Shodan, a device search engine, can help identify #ICS security vulnerabilities. Learn more about how Shodan works and how it
- NEW #CYBERSAUNA EPISODE: Reinventing the Cold Boot Attack: Modern Laptop Version
@nxsolle and Pasi Saarinen discuss how they discovered a flaw
- Vulnerabilities discovered in electoral counting machines in 23 states
- Most routers full of firmware flaws that leave users at risk
- Google+ is Shutting Down After a Vulnerability Exposed 500,000 Users' Data
- Who's watching your TV? Sony quietly killed three critical Bravia TV bugs
- Microsoft says it can recover files lost to the Windows 10 October Update's data deletion bug
- Tenable Researcher Reveals Extended MikroTik Router Vulnerability
- MikroTik vulnerability climbs up the severity scale, new attack permits root access
- Google Criticizes Apple Over Safari Security, Flaw Disclosures
- Code execution bug in malicious repositories resolved by Git Project
- Users complain of boot loops on Series 4 Apple Watch due to daylight savings bug
- "It is no secret that the #RemoteDesktop Protocol has long been a source of exploitable vulnerabilities, and it is well
- New Exploit for MikroTik Router WinBox Vulnerability Gives Full Root Access
- The Git Project addresses a critical arbitrary code execution vulnerability in Git
- D-Link Security Updates Fixed Multiple Vulnerabilities in WiFiManager Software
- Beware!! Hackers Now Spreading Dangerous FlawedAmmyy Malware Through PDF & IQY File
- PoC Attack Escalates MikroTik Router Bug to ‘As Bad As It Gets’
ASIA
Nil
OCEANIA
Nil
NORTH AMERICA
Nil
SOUTH AMERICA
Nil
EUROPE
Nil
AFRICA
Nil
ASIA
Nil
WORLD
Nil
ATTACKS
- 10/8/18: Dtex, Insider Threat, Privacy News: Dtex Earns Leadership, Product Awards; Insider Compromises French Law Enforcement Agency; The Big Hack
- Google was aware of a flaw that exposed over 500,000 of Google Plus users, but did not disclose it
- Hide and Seek IoT Botnet Now Spreads to New Android Devices Using ADB over Wi-Fi
- Google Says Social Network Bug Exposed Private Data
- Google+ Is Shutting Down After a Security Bug Exposed User Info
- Google chose not to go public about bug that exposed Google Plus users’ data
- Google shuts down Google+ after API bug exposed details for over 500,000 users
- Assassin’s Creed Odyssey suffers DDoS attack at launch
- #TLBleed exploits abuse Intel's HTT chip feature to leak data. Find out how hackers could launch side-channel attacks to obtain
- California to Ban Weak Passwords
- Phishing Enables Domestic Violence. Education Can Help Stop It.
- GitLab API Vulnerability Leaked Confidential Data On Public Projects
- Google announces plans to close Google+ for consumers following data breach
- Google+ Shutting Down After Bug Leaks Info of 500k Accounts
- .@David_Ingram of @NBCNews reports that political #campaigns and parties say they’re sending many more texts this year than in past
- Google+ is Shutting Down After a Vulnerability Exposed 500,000 Users' Data
- Expert presented a new attack technique to compromise MikroTik Routers
- With 12,556,810 email archives already exposed across misconfigured online file stores, attackers don’t even need to perform #accounttakeovers to gain
- Hook, Line and Sinker: After Phish Get Caught
- ICO hits Heathrow Airport with £120,000 data breach fine over lost USB stick
- MikroTik routers with default credentials can be easily compromised
- Project Insecurity (@insecurity) researchers discovered certain #livechatsoftware that were leaking personal details of employee at several high-profile sites. Discover how
- Aspire Health Lost 'Protected Health Information' after Getting Hacked by a Phishing Scheme
- "Life is short - passwords are long."
- Finnish Communications Regulatory Authority
THREATS
- Google shutting down Google+ after covering up privacy bug
- Hackers exploit vulnerability in Bitcoin code
- Google was aware of a flaw that exposed over 500,000 of Google Plus users, but did not disclose it
- Google Says Social Network Bug Exposed Private Data
- WECON PI Studio HMI software affected by code execution flaws
- Mozilla Patched Multiple Vulnerabilities In Thunderbird 60.2.1
- Google+ Is Shutting Down After a Security Bug Exposed User Info
- Google shuts down Google+ for consumers due to bug found months ago
- Google chose not to go public about bug that exposed Google Plus users’ data
- iOS 12.0.1 Released with Fixes to Passcode Bypass Bugs
- GRRCon Augusta 2018, Ankur Tyagi’s ‘Analyzing Multi-Dimensional Malware Dataset’
- Google+ Shutting Down After Google Discovers API Bug Affecting 500K Users
- Google shuts down Google+ after API bug exposed details for over 500,000 users
- #TLBleed exploits abuse Intel's HTT chip feature to leak data. Find out how hackers could launch side-channel attacks to obtain
- Malware isn't the only threat to Android apps. Others include copies of popular apps and those that abuse permission requests.
Here
- Code Execution Flaws Found in WECON Industrial Products
- GitLab API Vulnerability Leaked Confidential Data On Public Projects
- Code Execution Bug In Malicious Repositories Resolved By Git Project
- #Stegware: it's #Malware that uses #steganography techniques to avoid detection
- 2018's Most Active Ransomware: The Ongoing Evolution of GandCrab
- Websites vulnerable to attack exploiting major framework
- Most hosting providers take too long to remove malware distribution sites
- Google+ Shutting Down After Bug Leaks Info of 500k Accounts
- .@Trustlook Labs discovered an #Android #Trojan stealing data from messaging apps. Learn what #mobilesecurity programs should look for to detect
- Vulnerabilities in RouterOS could enble hackers to take control of routers
- #Shodan, a device search engine, can help identify #ICS security vulnerabilities. Learn more about how Shodan works and how it
- .@ThreatFabric researchers uncovered a #malware that uses overlay techniques to avoid detection. Learn from @lewisnic how this new #Androidmalware --
- NEW #CYBERSAUNA EPISODE: Reinventing the Cold Boot Attack: Modern Laptop Version
@nxsolle and Pasi Saarinen discuss how they discovered a flaw
- Vulnerabilities discovered in electoral counting machines in 23 states
- Most routers full of firmware flaws that leave users at risk
- Google+ is Shutting Down After a Vulnerability Exposed 500,000 Users' Data
- Who's watching your TV? Sony quietly killed three critical Bravia TV bugs
- Microsoft says it can recover files lost to the Windows 10 October Update's data deletion bug
- Mikko Hypponen's Picks For the Top 5 Viruses of All Time - F-Secure Blog
- US government rolls out 2-step verification for .gov domain owners
- Tenable Researcher Reveals Extended MikroTik Router Vulnerability
- Intel’s 9th-Generation Core Processors Unveiled
- MikroTik vulnerability climbs up the severity scale, new attack permits root access
- Google Criticizes Apple Over Safari Security, Flaw Disclosures
- Code execution bug in malicious repositories resolved by Git Project
- Users complain of boot loops on Series 4 Apple Watch due to daylight savings bug
- "It is no secret that the #RemoteDesktop Protocol has long been a source of exploitable vulnerabilities, and it is well
- New Exploit for MikroTik Router WinBox Vulnerability Gives Full Root Access
- #Android #Trojan: How is data being stolen from #messagingapps?
- #GoScanSSH: How does this #malware work and differ from others?
- How did an organized crime group get a zip file from a reputable malware scanning service?
Malware researchers occasionally have ties
- The Git Project addresses a critical arbitrary code execution vulnerability in Git
- Keeping your cloud malware-free: What you need to know
- D-Link Security Updates Fixed Multiple Vulnerabilities in WiFiManager Software
- Virus Attack Hampers the Email System of Ulster Town
- Beware!! Hackers Now Spreading Dangerous FlawedAmmyy Malware Through PDF & IQY File
- First In-The-Wild UEFI Rootkit Discovered
- PoC Attack Escalates MikroTik Router Bug to ‘As Bad As It Gets’
- The MITRE ATT&CK Framework: Command and Control
- .@TrendMicro researchers discovered #FacexWorm, a #malware that uses a #ChromeExtension and @Facebook Messenger to spread. Learn which users are at
CRIME
Nil
POLITICS
Nil
TRANSNATIONAL / UNKNOWN
- Burgerville discloses year-long data breach, courtesy of FIN7 cybergang
- Burgerville Hacked By Fin7 Group Losing Customers’ Card Data
CHINA
Nothing to report
INDIA
Nothing to report
NORTH KOREA
- Security Affairs newsletter Round 183 – News of the week
PAKISTAN
Nothing to report
VIETNAM
Nothing to report
IRAN
Nothing to report
LEBANON
Nothing to report
PALESTINE
Nothing to report
SAUDI ARABIA
Nothing to report
UNITED ARAB EMIRATES
Nothing to report
RUSSIA
- APT28 group return to covert intelligence gathering ops in Europe and South America.
UKRAINE
Nothing to report
DATA BREACH
- Week in review: Facebook data breach fallout, BEC-as-a-Service, true password behaviors
- New details and images leak of Google's upcoming Pixel Slate tablet
- Burgerville discloses year-long data breach, courtesy of FIN7 cybergang
DENIAL-OF-SERVICE
Nothing to report
MALVERTISING
Nothing to report
PHISHING
- Week in review: Facebook data breach fallout, BEC-as-a-Service, true password behaviors
- This #whitepaper by @IRONSCALES explores how modern phishing techniques, such as #BEC, #ransomware, spear-phishing & #APTs are meticulously designed to
- Dan Nadir, vice president of digital risk @proofpoint quoted - Tips for Better #Passwords.
WEB DEFACEMENT
Nothing to report
MALWARE
- How a #cryptocurrency mining #malware infects systems
- This #whitepaper by @IRONSCALES explores how modern phishing techniques, such as #BEC, #ransomware, spear-phishing & #APTs are meticulously designed to
- Can monitoring help defend against #Sanny #malware update?
- The MITRE ATT&CK Framework: Command and Control
EXPLOIT
- APT Actors Exploiting Global MSPs: DHS Security Alert
- Vulnerability Scanning vs. Penetration Testing: What's the Difference?
- Penetration Testing Mail Server with Email Spoofing – Exploiting Open Relay configured Public Mail Servers
- Sony Bravia Smart TV Contains Multiple Critical Vulnerabilities That Allows Attacker Exploit Remotely Without Authentication
VULNERABILITY
- Vulnerability Scanning vs. Penetration Testing: What's the Difference?
- SAP bug beatdowns, Apple gets nasty with Mac repairs, Struts woe, and more from infosec
- D-Link fixed several flaws in Central WiFiManager access point management tool
- Sony Bravia Smart TV Contains Multiple Critical Vulnerabilities That Allows Attacker Exploit Remotely Without Authentication
- Cisco updates address 36 vulnerabilities, three critical
- Cisco Patched Two Critical Vulnerabilities in Digital Network Architecture Center
