ASIA
- KeyBoy Abuses Popular Office Exploits for Malware Delivery
- The Many Faces of Necurs: How the Botnet Spewed Millions of Spam Emails for Cyber Extortion
- Thieves and Geeks: Russian and Chinese Hacking Communities
- WTB: Phishing Attack Uses Azure Blob Storage To Impersonate Microsoft
- MuddyWater expands operations
- Group-IB: $49.4 million of damage caused to Russia’s financial sector from cyber attacks
- Leak reveals Google's Chinese search engine is months away from launch
WORLD
- Rapidly Evolving Ransomware GandCrab Version 5 Partners With Crypter Service for Obfuscation
- Campaign 2018: These hacking groups could target the 2018 midterm elections
- Top 5 ThreatConnect Resources for Malware Analysis
- Cyber Fraud Ring Used Phishing to Steal $4 Million, Alleged Leader Faces Charges
- A Google security audit uncovered a glitch in Google+ that exposed data from nearly 500,000 accounts. Ping CTO West @baber
- The Many Faces of Necurs: How the Botnet Spewed Millions of Spam Emails for Cyber Extortion
- Thieves and Geeks: Russian and Chinese Hacking Communities
- CVE-2018-8453 Zero-Day flaw exploited by FruityArmor APT in attacks aimed at Middle East
- New Threat Insight research: German-language threats span #phishing, BEC, #malware, and more...
- Rebound Orthopedics & Neurosurgery hacked; 2,800 records exposed
- A @Google #SecurityAudit uncovered privacy flaws and potential exposure of #PersonalData, leading to API changes, the shutdown of #GooglePlus and
- Security Vulnerabilities in US Weapons Systems
- Don't make us pay compensation for employee data breach, Morrisons begs UK court
- WTB: Phishing Attack Uses Azure Blob Storage To Impersonate Microsoft
- MuddyWater expands operations
- Ubisoft Hit With DDoS Attack During The Launch of Assassin’s Creed: Odyssey
- Magecart Hits Popular Customer Review Plugin
- A #Google security audit uncovered a glitch in #GooglePlus that exposed data from nearly 500,000 accounts, causing the company to
- Group-IB: $49.4 million of damage caused to Russia’s financial sector from cyber attacks
- '5,000 UK firms' financial details exposed in data breaches' http://www.cityam.com/264491/uk-business-emails-could-represent-major-cyber-security … @CityAM Read the full research report here:
- Zero-day exploit (CVE-2018-8453) used in targeted attacks
- My Health Record justifications 'kind of lame': Godwin
- Shopper Approved, the new victim of the Magecart hacking group
- Acorus Network protects enterprises and service providers from DDoS attacks
ATTACKS
- Campaign 2018: These hacking groups could target the 2018 midterm elections
- 4.5 Billion Records Stolen in Data Breaches in the First Six Months of 2018
- “You have 48 hours after reading this letter”– How to Identify the Latest Phishing Scam
- Threat Actors Prey on Drupalgeddon Vulnerability to Mass-Compromise Websites and Underlying Servers
- Google Restricts Android Apps From Accessing Your Personal Data
- Triangulating Beyond the Hack: Stolen Records Just One Tool in a Comprehensive Kit
- Cyber Fraud Ring Used Phishing to Steal $4 Million, Alleged Leader Faces Charges
- #NetSpectre exploits leak data remotely via side-channel attacks. Learn how to use #ThreatModeling to stop speculative execution from expert Ed
- A Google security audit uncovered a glitch in Google+ that exposed data from nearly 500,000 accounts. Ping CTO West @baber
- Innovative Phishing Tactic Makes Inroads Using Azure Blob
- Razer Phone 2 leaks hours before announcement: wireless charging and IP67 water resistance
- Goodbye Google Plus – Google Plans Google+ Shut Down After Data Breach
- The #TLBleed vulnerability uses @Intel's HTT chip feature to leak data. Learn about how hackers could use #malware to launch
- New state-backed espionage campaign targets military and government using freely available hacking tools
- Follow @PhishingAi to stay up to date on #phishing attacks and trends!
- Flaw in Ghostscript sandbox allowed system compromise
- Emerging threat: password stuffing explained
- New Threat Insight research: German-language threats span #phishing, BEC, #malware, and more...
- Leaks suggest Samsung is working on a mid-range smartphone with four cameras
- Rebound Orthopedics & Neurosurgery hacked; 2,800 records exposed
- Business email compromise made easy for #cybercriminals as 12.5 million company email boxes and 33,000 finance department credentials are openly
- The spearphishing email contained a zip folder with a custom-built remote access trojan (RAT).
Once executed, it would connect back to
- Hackers can compromise your WhatsApp account by tricking you into answering a video call
- Google+ API glitch exposed user profile data to developers
- 291 records breached per second in first half of 2018
- Hackers can use legitimate #AdminTools to compromise networks. Learn more about "living off the land" attacks from expert Michael Cobb
- Don't make us pay compensation for employee data breach, Morrisons begs UK court
- WTB: Phishing Attack Uses Azure Blob Storage To Impersonate Microsoft
- A $12 million case of business email compromise.
- Microsoft WindowsCodecs.dll SniffAndConvertToWideString Information Leak Vulnerability
- A #Google security audit uncovered a glitch in #GooglePlus that exposed data from nearly 500,000 accounts, causing the company to
- California state primaries put spotlight on election campaign vulnerabilities #cybersecurity @5ean5ullivan
- '5,000 UK firms' financial details exposed in data breaches' http://www.cityam.com/264491/uk-business-emails-could-represent-major-cyber-security … @CityAM Read the full research report here:
- New Phishing Campaign Drops Ursnif into Conversation Threads
- October Patch Tuesday: Microsoft Repairs JET Database Engine Bug, Win32K EoP Zero-Day
- October Patch Tuesday: Microsoft Repairs JET Database Engine Bug, Win32K EoP Zero-Day
- Leak reveals Google's Chinese search engine is months away from launch
- PHASE 2 - INITIAL INTRUSION
Number One decides it is time to launch a targeted spearphishing campaign.
Through the newsletter, he learns
- My Health Record justifications 'kind of lame': Godwin
- Just Answering A Video Call Could Compromise Your WhatsApp Account
- Acorus Network protects enterprises and service providers from DDoS attacks
- Zero trust security: 5 reasons it’s not just about passwords
- .@Google Firebase #DatabaseSecurity proved insufficient when bypassed by hackers to leak data. Learn more about this #SecurityFlaw from expert Michael
THREATS
- Rapidly Evolving Ransomware GandCrab Version 5 Partners With Crypter Service for Obfuscation
- Decrypting GandCrab Ransomware
- CCSP Domain 4: Cloud Application Security
- CCSP Domain 3: Cloud Platform and Infrastructure Security
- FruityArmor APT Exploits Yet Another Windows Graphics Kernel Flaw
- CCSP Domain 2: Cloud Data Security
- CCSP Domain 1: Architectural Concepts & Design Requirements
- The CAP Exam: Application Process, Rules and Eligibility, Exam Length and More
- #ISC2Congress: The Promise of Blockchain
- Top 5 ThreatConnect Resources for Malware Analysis
- Threat Actors Prey on Drupalgeddon Vulnerability to Mass-Compromise Websites and Underlying Servers
- WhatsApp Fixes Vulnerability That’s Triggered by Answering a Call.
- Cryptomining replaces ransomware as 2018's top cybersecurity threat
- WhatsApp fixes video call bug that could have let hackers in, says report
- KeyBoy Abuses Popular Office Exploits for Malware Delivery
- Microsoft Added Severity Levels to Feedback Hub Bug Reports for Windows 10
- Vulnerabilities found in Intel Unified Shader compiler
- Malware 101: How Malware Avoids Static Detection Techniques
- The #TLBleed vulnerability uses @Intel's HTT chip feature to leak data. Learn about how hackers could use #malware to launch
- CSEU 2018: Nato grappling with implications of cyberspace as domain of warfare
- Flaw in Ghostscript sandbox allowed system compromise
- Four Critical Flaws Patched in Adobe Digital Edition
- CVE-2018-8453 Zero-Day flaw exploited by FruityArmor APT in attacks aimed at Middle East
- SAP Patches Critical Vulnerability in BusinessObjects
- Symantec reveals state-sponsored group that doesn’t care for malware
- New Threat Insight research: German-language threats span #phishing, BEC, #malware, and more...
- Stegware: How is #malware using #steganography techniques to avoid detection?
- A @Google #SecurityAudit uncovered privacy flaws and potential exposure of #PersonalData, leading to API changes, the shutdown of #GooglePlus and
- The spearphishing email contained a zip folder with a custom-built remote access trojan (RAT).
Once executed, it would connect back to
- #Shodan can be a helpful tool for security professionals to locate #ICSsecurity vulnerabilities. Expert Ernie Hayden explains how Shodan works
- Security Vulnerabilities in US Weapons Systems
- Microsoft Patch Tuesday update covers zero-day, 12 critical issues
- Many Siemens Products Affected by Foreshadow Vulnerabilities
- A remote access #Trojan -- dubbed #GravityRAT -- was discovered by Cisco Talos (@TalosSecurity) to be checking for #antimalware sandboxes.
- Microsoft has fixed the Windows 10 October Update data deletion bug
- Gallmaker: New Attack Group Eschews Malware to Live off the Land
- It's October 2018, and Exchange can be pwned by an 8 year-old... bug
- Adobe security update fixes a handful of critical bugs, ignores Flash Player
- .@FBI, @DHSgov call on users to mitigate #RemoteDesktop Protocol vulnerabilities and handle RDP exploits on their own, even as the
- October 2018 Patch Tuesday: Microsoft fixes 49 flaws, one APT-wielded zero-day
- Microsoft WindowsCodecs.dll SniffAndConvertToWideString Information Leak Vulnerability
- Adobe October Security Update fixes 20 security flaws
- Apple Released Security Updates for iOS 12.0.1 & iCloud with the Fixes for 21 Vulnerabilities
- Google+ to shut down due to lack of adoption and privacy bug
- Microsoft Fixes Zero Day and Data Deletion Bugs
- Why Apple must be looking into using blockchain
- California state primaries put spotlight on election campaign vulnerabilities #cybersecurity @5ean5ullivan
- Zero-day exploit (CVE-2018-8453) used in targeted attacks
- Windows Zero-Day Exploited in Attacks Aimed at Middle East
- Bug bounties not a silver bullet, Katie Moussouris warns
- Microsoft Released Security Updates & Fixed 49 Vulnerabilities that Affected Microsoft Products
- October Patch Tuesday: Microsoft Repairs JET Database Engine Bug, Win32K EoP Zero-Day
- October Patch Tuesday: Microsoft Repairs JET Database Engine Bug, Win32K EoP Zero-Day
- Port of San Diego Hit by a Ransomware Attack Affecting its Computer Systems
- Old-School Malware Tricks Still Work
- "Creation of complex malware and organisation of multi-layered targeted attacks has shifted from financially motivated cyber-criminals to state-sponsored threat actors"
- Hacker steals over $30k USD in cryptocurrency of SpankChain
- WhatsApp fixes bug that let hackers take over app when answering a video call
- At the 2018 @RSAConference, researchers discussed the rise of stegware -- #malware that uses #steganography techniques to avoid detection. Learn
CRIME
- Rapidly Evolving Ransomware GandCrab Version 5 Partners With Crypter Service for Obfuscation
- #ISC2Congress: The Promise of Blockchain
- 4.5 Billion Records Stolen in Data Breaches in the First Six Months of 2018
- “You have 48 hours after reading this letter”– How to Identify the Latest Phishing Scam
- Threat Actors Prey on Drupalgeddon Vulnerability to Mass-Compromise Websites and Underlying Servers
- Triangulating Beyond the Hack: Stolen Records Just One Tool in a Comprehensive Kit
- The Many Faces of Necurs: How the Botnet Spewed Millions of Spam Emails for Cyber Extortion
- Thieves and Geeks: Russian and Chinese Hacking Communities
- New Threat Insight research: German-language threats span #phishing, BEC, #malware, and more...
- Business email compromise made easy for #cybercriminals as 12.5 million company email boxes and 33,000 finance department credentials are openly
- Payment-card-skimming Magecart strikes again: Zero out of five for infecting e-retail sites
- Don't make us pay compensation for employee data breach, Morrisons begs UK court
- WTB: Phishing Attack Uses Azure Blob Storage To Impersonate Microsoft
- A $12 million case of business email compromise.
- Group-IB: $49.4 million of damage caused to Russia’s financial sector from cyber attacks
- Old-School Malware Tricks Still Work
- "Creation of complex malware and organisation of multi-layered targeted attacks has shifted from financially motivated cyber-criminals to state-sponsored threat actors"
- Hacker steals over $30k USD in cryptocurrency of SpankChain
- Shopper Approved, the new victim of the Magecart hacking group
- Acorus Network protects enterprises and service providers from DDoS attacks
POLITICS
- Campaign 2018: These hacking groups could target the 2018 midterm elections
- MuddyWater Threat Actor Expands Targets List
- New state-backed espionage campaign targets military and government using freely available hacking tools
- CSEU 2018: Nato grappling with implications of cyberspace as domain of warfare
- The Many Faces of Necurs: How the Botnet Spewed Millions of Spam Emails for Cyber Extortion
- Thieves and Geeks: Russian and Chinese Hacking Communities
- CVE-2018-8453 Zero-Day flaw exploited by FruityArmor APT in attacks aimed at Middle East
- Symantec reveals state-sponsored group that doesn’t care for malware
- Hackers can compromise your WhatsApp account by tricking you into answering a video call
- Gallmaker: New Attack Group Eschews Malware to Live off the Land
- WTB: Phishing Attack Uses Azure Blob Storage To Impersonate Microsoft
- MuddyWater expands operations
- Group-IB: $49.4 million of damage caused to Russia’s financial sector from cyber attacks
- California state primaries put spotlight on election campaign vulnerabilities #cybersecurity @5ean5ullivan
DATA BREACH
- URSNIF Phishing Campaign Spreads Malware by Replying to Existing E-mail Threads
- Heathrow Fined For USB Stick Data Breach
- Google+ Users, Upset Over Data Leak, Sue Google
- Google+ will shut down after leaking info of 500k accounts
- Amazon acknowledges that the company’s employees leaked user information to the seller
- Upgrade Your Threat Intelligence Program Part 5: Take Down Fraud Campaigns & Cyber Scams
- Magecart group compromises customer ratings tool, affecting 'hundreds' of online stores
- Google: We're giving you more control over what personal data apps can use
- Garmin's Navionics exposed data belonging to thousands of customers
- Phishing Campaign uses Hijacked Emails to Deliver URSNIF by Replying to Ongoing Threads
- Google+ shut down after bug exposed user data
- Over 4.5 Billion Records Breached in H1 2018, Finds Report
- Google+ Shuts Down Following Undisclosed Data Breach
- The end of Google+: Low usage and an API bug that exposed user data
- 33,000 Accounting Inbox Credentials Exposed Online: BEC Made Easy. Read the full blog here:
- Magecart Group Compromises Plugin Used in Thousands of Stores, Makes Rookie Mistake
- Heathrow Airport fined £120,000 over USB data breach debacle
- "Application control bypass techniques are a big thing that is happening right now - - 80% to 85% of compromises
- For @5ean5ullivan, a security adviser at cyber firm F-Secure, a campaign’s cyber protections boil down to education — making sure
- Google has made the decision to shut down much of its #GooglePlus social network following the disclosure of vulnerable data.
- Gemalto reports 4.6 billion record breaches in the first half of 2018
- Hackers Targeting Instagram Accounts of Influential Profiles for Ransom in a Recent Campaign
- Sunsets for Google Plus after Reports of Data Breach
- Google Announced Google+ Shut down, Following Security Breach That Exposed 500,000 Users Accounts
- Oh no, looks like we can't trust our data with Google either
"Google hid major Google+ security flaw that exposed
- Cryptojacking campaign targets add-ons for popular streaming app Kodi
DENIAL-OF-SERVICE
- New Cloud VPS Provider with Built-In DDoS Protection and Anti-Virus | SkySilk Cloud Services
- Over nine million cameras and DVRs open to APTs, botnet herders, and voyeurs
- New IoT botnet “hide and seek” variants target Android devices
- Hacked #Fortnite accounts and rent-a-botnet being pushed on
MALVERTISING
Nil
PHISHING
- How to Evade Expensive Phishing Filters with One Simple Trick
- URSNIF Phishing Campaign Spreads Malware by Replying to Existing E-mail Threads
- With a few keystrokes, Number One used the admin/admin login to siphon all the email addresses, names and titles of
- As a way to inch forward in the battle of default passwords, California has passed a law that will make
- Phishing Campaign uses Hijacked Emails to Deliver URSNIF by Replying to Ongoing Threads
- Phishing attacks use Azure Blob storage to simulate Microsoft
- Weak IOT passwords outlawed in California
- California’s ban on weak default passwords isn’t going to fix IoT security
- Police Warned that Phishing Text Messages are Used to Target the Bank Customers
- one more reason to not use Facebook login everywhere, no matter how convenient it is.
- Using web phishing, criminals have managed to steal $3.7 million (251 million rubles), which is 6% more than in the
WEB DEFACEMENT
Nil
MALWARE
- Cryptomining dethrones ransomware as 2018’s top threat - Webroot
- Slideshow: Intel from Virus Bulletin 2018
- Block puzzle games laced with malware | Avast
- How does #FacexWorm #malware use @Facebook Messenger to spread? Learn more about this new malware with expert @lewisnic.
- URSNIF Phishing Campaign Spreads Malware by Replying to Existing E-mail Threads
- The @USAgov is rolling out #2FA authentication for officers managing .gov domains, but experts say #GoogleAuthenticator might not be the
- Panda Banker Trojan becomes part of Emotet threat distribution platform
- New Cloud VPS Provider with Built-In DDoS Protection and Anti-Virus | SkySilk Cloud Services
- How does #MassMiner #malware infect systems across the web?
- Hackers breach customer rating tool used on over 7,000 websites
- The government domain registrar -- DotGov -- began rolling out two-factor #authentication for officials managing .gov domains in order to
- Magecart group compromises customer ratings tool, affecting 'hundreds' of online stores
- Proofpoint: One month out from deadline, half of agency domains are #DMARC compliant http://ow.ly/3SRI50iYi41 via CyberScoopNews
- New Domains: A Wide-Open Playing Field for Cybercrime
- #Ransomware Survival Guide: 10 things to know before, during, and after an attack:
EXPLOIT
- Microsoft Patches Windows Zero-Day Exploited by 'FruityArmor' Group
- Microsoft October 2018 Patch Tuesday fixes zero-day exploited by FruityArmor APT
- Sophos recently discovered a #Samsam extortion code that performs whole-company attacks through a variety of vulnerability exploits. Discover how this
- Active Workload Protection on Amazon EKS and AWS Fargate
VULNERABILITY
- Microsoft patches 0-day Windows flaw under attack
- Microsoft Patches Zero-Day Under Active Attack by APT
- VMware Workstation, Fusion, and ESXi Affected by DoS Vulnerability, No Patch Yet
- Microsoft Patches Windows Zero-Day Exploited by 'FruityArmor' Group
- Microsoft October 2018 Patch Tuesday fixes zero-day exploited by FruityArmor APT
- Vulnerability Spotlight: VMWare Workstation DoS Vulnerability
- Microsoft Patch Tuesday — October 18: Vulnerability disclosures and Snort coverage
- Vulnerability in the Intel Unified Shader compiler for the Intel Graphics Accelerator
- Git Gets Patched for Newly Found Flaw
- Microsoft October 2018 Patch Tuesday Fixes 12 Critical Vulnerabilities
- Sony Bravia Smart TVs affected by a critical vulnerability
- Apple fixes iOS 12 passcode bypass vulnerabilities
- Vulnerability Spotlight: VMWare Workstation DoS Vulnerability
- Microsoft October Patch Tuesday Fixes 12 Critical Vulnerabilities
- Microsoft Patch Tuesday — October 18: Vulnerability disclosures and Snort coverage
- Sophos recently discovered a #Samsam extortion code that performs whole-company attacks through a variety of vulnerability exploits. Discover how this
- Google+ shut down after bug exposed user data
- Vulnerability in the Intel Unified Shader compiler for the Intel Graphics Accelerator
- Adobe Releases Security Patch Updates for 11 Vulnerabilities
- The end of Google+: Low usage and an API bug that exposed user data
- TOP 10 PHP Vulnerability Scanners
- RIP Google Plus: Shutdown announced after API bug exposes 500,000 users' details
- On our new #CyberSauna podcast:
Find out how F-Secure's @nxsolle and Pasi Saarinen discovered a flaw that allows attackers to get
- Critical vulnerability in Sony Bravia Smart TV
- Oh no, looks like we can't trust our data with Google either
"Google hid major Google+ security flaw that exposed
HEALTHCARE
- DHS issued an alert on attacks aimed at Managed Service Providers
- Sunsets for Google Plus after Reports of Data Breach
TRANSPORT
- Heathrow Airport fined £120,000 over USB data breach debacle
BANKING & FINANCE
- Panda Banker Trojan becomes part of Emotet threat distribution platform
- Amazon acknowledges that the company’s employees leaked user information to the seller
- The Magecart Seal of Approval: Card-Skimming Group Executes Scaled Supply Chain Attack on Shopper Approved
- Magecart group compromises customer ratings tool, affecting 'hundreds' of online stores
- Phishing Campaign uses Hijacked Emails to Deliver URSNIF by Replying to Ongoing Threads
- New Domains: A Wide-Open Playing Field for Cybercrime
- Magecart Group Compromises Plugin Used in Thousands of Stores, Makes Rookie Mistake
- Active Workload Protection on Amazon EKS and AWS Fargate
- Police Warned that Phishing Text Messages are Used to Target the Bank Customers
- Sunsets for Google Plus after Reports of Data Breach
INFORMATION & TELECOMMUNICATION
- How does #FacexWorm #malware use @Facebook Messenger to spread? Learn more about this new malware with expert @lewisnic.
- The Magecart Seal of Approval: Card-Skimming Group Executes Scaled Supply Chain Attack on Shopper Approved
- As a way to inch forward in the battle of default passwords, California has passed a law that will make
- Phishing Campaign uses Hijacked Emails to Deliver URSNIF by Replying to Ongoing Threads
- Formjacking attacks are on the rise, with the recent #Magecart attacks the most notable examples. @Symantec has blocked almost 250,000
- Google+ Shuts Down Following Undisclosed Data Breach
- Phishing attacks use Azure Blob storage to simulate Microsoft
- The end of Google+: Low usage and an API bug that exposed user data
- 33,000 Accounting Inbox Credentials Exposed Online: BEC Made Easy. Read the full blog here:
- For @5ean5ullivan, a security adviser at cyber firm F-Secure, a campaign’s cyber protections boil down to education — making sure
- Google has made the decision to shut down much of its #GooglePlus social network following the disclosure of vulnerable data.
- On our new #CyberSauna podcast:
Find out how F-Secure's @nxsolle and Pasi Saarinen discovered a flaw that allows attackers to get
- Hacked #Fortnite accounts and rent-a-botnet being pushed on
- Hackers Targeting Instagram Accounts of Influential Profiles for Ransom in a Recent Campaign
- one more reason to not use Facebook login everywhere, no matter how convenient it is.
- Sunsets for Google Plus after Reports of Data Breach
- Using web phishing, criminals have managed to steal $3.7 million (251 million rubles), which is 6% more than in the
- Comienza en MoscĂș #CyberCrimeCon —el gran encuentro mundial sobre cibercrimen y ciberterrorismo— y de lo primero que hablan es de
- Oh no, looks like we can't trust our data with Google either
"Google hid major Google+ security flaw that exposed
- #Ransomware Survival Guide: 10 things to know before, during, and after an attack:
FOOD
Nil
WATER
Nil
ENERGY
- DHS issued an alert on attacks aimed at Managed Service Providers
- Phishing Campaign uses Hijacked Emails to Deliver URSNIF by Replying to Ongoing Threads
GOVERNMENT & PUBLIC SERVICE
- APT28 group return to covert intelligence gathering ops in Europe and South America.
ASIA
- Panda Banker Trojan becomes part of Emotet threat distribution platform
- DHS issued an alert on attacks aimed at Managed Service Providers
- Police Warned that Phishing Text Messages are Used to Target the Bank Customers
WORLD
- How to Evade Expensive Phishing Filters with One Simple Trick
- Panda Banker Trojan becomes part of Emotet threat distribution platform
- APT28 group return to covert intelligence gathering ops in Europe and South America.
- Sony Bravia Smart TVs affected by a critical vulnerability
- DHS issued an alert on attacks aimed at Managed Service Providers
- The Magecart Seal of Approval: Card-Skimming Group Executes Scaled Supply Chain Attack on Shopper Approved
- Hackers breach customer rating tool used on over 7,000 websites
- Magecart group compromises customer ratings tool, affecting 'hundreds' of online stores
- New Magecart hack detected at Shopper Approved
- Phishing Campaign uses Hijacked Emails to Deliver URSNIF by Replying to Ongoing Threads
- Vulnerability Spotlight: VMWare Workstation DoS Vulnerability
- Phishing attacks use Azure Blob storage to simulate Microsoft
- Weak IOT passwords outlawed in California
- Gemalto reports 4.6 billion record breaches in the first half of 2018
- Sunsets for Google Plus after Reports of Data Breach
- Critical vulnerability in Sony Bravia Smart TV
ATTACKS
- How to Evade Expensive Phishing Filters with One Simple Trick
- URSNIF Phishing Campaign Spreads Malware by Replying to Existing E-mail Threads
- Heathrow Fined For USB Stick Data Breach
- Google+ Users, Upset Over Data Leak, Sue Google
- New Cloud VPS Provider with Built-In DDoS Protection and Anti-Virus | SkySilk Cloud Services
- Over nine million cameras and DVRs open to APTs, botnet herders, and voyeurs
- Google+ will shut down after leaking info of 500k accounts
- Amazon acknowledges that the company’s employees leaked user information to the seller
- Upgrade Your Threat Intelligence Program Part 5: Take Down Fraud Campaigns & Cyber Scams
- With a few keystrokes, Number One used the admin/admin login to siphon all the email addresses, names and titles of
- Magecart group compromises customer ratings tool, affecting 'hundreds' of online stores
- Google: We're giving you more control over what personal data apps can use
- As a way to inch forward in the battle of default passwords, California has passed a law that will make
- Garmin's Navionics exposed data belonging to thousands of customers
- Phishing Campaign uses Hijacked Emails to Deliver URSNIF by Replying to Ongoing Threads
- Google+ shut down after bug exposed user data
- Over 4.5 Billion Records Breached in H1 2018, Finds Report
- Google+ Shuts Down Following Undisclosed Data Breach
- Phishing attacks use Azure Blob storage to simulate Microsoft
- The end of Google+: Low usage and an API bug that exposed user data
- 33,000 Accounting Inbox Credentials Exposed Online: BEC Made Easy. Read the full blog here:
- Weak IOT passwords outlawed in California
- California’s ban on weak default passwords isn’t going to fix IoT security
- Magecart Group Compromises Plugin Used in Thousands of Stores, Makes Rookie Mistake
- Heathrow Airport fined £120,000 over USB data breach debacle
- "Application control bypass techniques are a big thing that is happening right now - - 80% to 85% of compromises
- New IoT botnet “hide and seek” variants target Android devices
- For @5ean5ullivan, a security adviser at cyber firm F-Secure, a campaign’s cyber protections boil down to education — making sure
- Google has made the decision to shut down much of its #GooglePlus social network following the disclosure of vulnerable data.
- Hacked #Fortnite accounts and rent-a-botnet being pushed on
- Gemalto reports 4.6 billion record breaches in the first half of 2018
- Police Warned that Phishing Text Messages are Used to Target the Bank Customers
- Hackers Targeting Instagram Accounts of Influential Profiles for Ransom in a Recent Campaign
- one more reason to not use Facebook login everywhere, no matter how convenient it is.
- Sunsets for Google Plus after Reports of Data Breach
- Google Announced Google+ Shut down, Following Security Breach That Exposed 500,000 Users Accounts
- Using web phishing, criminals have managed to steal $3.7 million (251 million rubles), which is 6% more than in the
- Oh no, looks like we can't trust our data with Google either
"Google hid major Google+ security flaw that exposed
- Cryptojacking campaign targets add-ons for popular streaming app Kodi
THREATS
- Cryptomining dethrones ransomware as 2018’s top threat - Webroot
- Microsoft patches 0-day Windows flaw under attack
- Microsoft Patches Zero-Day Under Active Attack by APT
- VMware Workstation, Fusion, and ESXi Affected by DoS Vulnerability, No Patch Yet
- Microsoft Patches Windows Zero-Day Exploited by 'FruityArmor' Group
- Microsoft October 2018 Patch Tuesday fixes zero-day exploited by FruityArmor APT
- Vulnerability Spotlight: VMWare Workstation DoS Vulnerability
- Microsoft Patch Tuesday — October 18: Vulnerability disclosures and Snort coverage
- Slideshow: Intel from Virus Bulletin 2018
- Vulnerability in the Intel Unified Shader compiler for the Intel Graphics Accelerator
- Git Gets Patched for Newly Found Flaw
- Block puzzle games laced with malware | Avast
- How does #FacexWorm #malware use @Facebook Messenger to spread? Learn more about this new malware with expert @lewisnic.
- URSNIF Phishing Campaign Spreads Malware by Replying to Existing E-mail Threads
- The @USAgov is rolling out #2FA authentication for officers managing .gov domains, but experts say #GoogleAuthenticator might not be the
- Panda Banker Trojan becomes part of Emotet threat distribution platform
- New Cloud VPS Provider with Built-In DDoS Protection and Anti-Virus | SkySilk Cloud Services
- Microsoft October 2018 Patch Tuesday Fixes 12 Critical Vulnerabilities
- Sony Bravia Smart TVs affected by a critical vulnerability
- How does #MassMiner #malware infect systems across the web?
- Hackers breach customer rating tool used on over 7,000 websites
- The government domain registrar -- DotGov -- began rolling out two-factor #authentication for officials managing .gov domains in order to
- Magecart group compromises customer ratings tool, affecting 'hundreds' of online stores
- Apple fixes iOS 12 passcode bypass vulnerabilities
- Vulnerability Spotlight: VMWare Workstation DoS Vulnerability
- Proofpoint: One month out from deadline, half of agency domains are #DMARC compliant http://ow.ly/3SRI50iYi41 via CyberScoopNews
- Microsoft October Patch Tuesday Fixes 12 Critical Vulnerabilities
- Microsoft Patch Tuesday — October 18: Vulnerability disclosures and Snort coverage
- Sophos recently discovered a #Samsam extortion code that performs whole-company attacks through a variety of vulnerability exploits. Discover how this
- Google+ shut down after bug exposed user data
- Vulnerability in the Intel Unified Shader compiler for the Intel Graphics Accelerator
- Adobe Releases Security Patch Updates for 11 Vulnerabilities
- New Domains: A Wide-Open Playing Field for Cybercrime
- The end of Google+: Low usage and an API bug that exposed user data
- TOP 10 PHP Vulnerability Scanners
- RIP Google Plus: Shutdown announced after API bug exposes 500,000 users' details
- Active Workload Protection on Amazon EKS and AWS Fargate
- On our new #CyberSauna podcast:
Find out how F-Secure's @nxsolle and Pasi Saarinen discovered a flaw that allows attackers to get
- Critical vulnerability in Sony Bravia Smart TV
- Oh no, looks like we can't trust our data with Google either
"Google hid major Google+ security flaw that exposed
- #Ransomware Survival Guide: 10 things to know before, during, and after an attack:
CRIME
- Cryptomining dethrones ransomware as 2018’s top threat - Webroot
- How to Evade Expensive Phishing Filters with One Simple Trick
- DHS issued an alert on attacks aimed at Managed Service Providers
- The Magecart Seal of Approval: Card-Skimming Group Executes Scaled Supply Chain Attack on Shopper Approved
- Magecart group compromises customer ratings tool, affecting 'hundreds' of online stores
- Phishing Campaign uses Hijacked Emails to Deliver URSNIF by Replying to Ongoing Threads
- Sophos recently discovered a #Samsam extortion code that performs whole-company attacks through a variety of vulnerability exploits. Discover how this
- New Domains: A Wide-Open Playing Field for Cybercrime
- 33,000 Accounting Inbox Credentials Exposed Online: BEC Made Easy. Read the full blog here:
- Magecart Group Compromises Plugin Used in Thousands of Stores, Makes Rookie Mistake
- Police Warned that Phishing Text Messages are Used to Target the Bank Customers
POLITICS
- APT28 group return to covert intelligence gathering ops in Europe and South America.
- DHS issued an alert on attacks aimed at Managed Service Providers
TRANSNATIONAL / UNKNOWN
- Fin7 Cybercrime Group Hacked Burgerville and Stolen Payment Card Details
CHINA
- Apple tells Congress it was never hacked by Chinese spy chips
- Apple to Congress: Chinese spy-chip story is “simply wrong”
- Bloomberg’s Chinese Hacking Report Is Wrong, Claims Apple
- Apple denies Chinese surveillance claims, Microsoft pulls Windows 10 update video
- UK, US Security Agencies Deny Investigating Chinese Spy Chips
- Why I don’t believe Bloomberg’s Chinese spy chip report
- Department of Homeland Security and GCHQ back Apple and Amazon’s denials they were hacked by China
- Apple, Amazon deny servers affected by China microchip plot
- China inserts microchips into motherboards used by Apple, CIA, Amazon
- China Infiltrated Amazon, Apple, U.S. Companies Using Tiny Chip: Report
- DHS, Apple push back on Bloomberg supply chain story
- DHS and GCHQ Say There's no Reason to Doubt Apple, Amazon Supermicro Hack Denial
- There’s a serious threat to the supply chain, says Pentagon
- DHS and GCHQ join Amazon and Apple in denying Bloomberg chip hack story
- US and UK Governments Back Denial of Supermicro Story
INDIA
Nil
NORTH KOREA
Nil
PAKISTAN
Nil
VIETNAM
Nil
IRAN
Nil
IRAQ
Nil
LEBANON
Nil
PALESTINE
Nil
SAUDI ARABIA
Nil
SYRIA
Nil
TURKEY
Nil
UNITED ARAB EMIRATES
Nil
YEMEN
Nil
RUSSIA
- APT28 Gets the Spotlight, But Turla Remains Russia’s Elite Hacking Unit
- APT28 Hacking Group’s New Espionage Operations Targets Military and Government Organizations
- Russian Privacy Blunder May Have Outed 300 GRU Agents
- Russia dismisses suspected spy actions as routine Dutch trip
- Seven Russian cyberspies indicted for hacking, wire fraud, ID theft
- Investigation Uncovers 300+ Possible GRU Officers
- Researchers: Turla and Zebrocy APT actors shared code, targets in 2018
- Kaspersky shed lights on the overlap of operations conducted by Turla and Sofacy
- First In-The-Wild UEFI Rootkit Discovered
SERBIA
Nil
UKRAINE
Nil
WINDOWS
Nil
LINUX
Nil
UNIX
Nil
ANDROID
Nil
IOS
Nil
MACOS
Nil
DATA BREACH
- 10/8/18: Dtex, Insider Threat, Privacy News: Dtex Earns Leadership, Product Awards; Insider Compromises French Law Enforcement Agency; The Big Hack
- Google was aware of a flaw that exposed over 500,000 of Google Plus users, but did not disclose it
- Google Says Social Network Bug Exposed Private Data
- Google+ Is Shutting Down After a Security Bug Exposed User Info
- Google chose not to go public about bug that exposed Google Plus users’ data
- Google shuts down Google+ after API bug exposed details for over 500,000 users
- #TLBleed exploits abuse Intel's HTT chip feature to leak data. Find out how hackers could launch side-channel attacks to obtain
- GitLab API Vulnerability Leaked Confidential Data On Public Projects
- Google announces plans to close Google+ for consumers following data breach
- Google+ Shutting Down After Bug Leaks Info of 500k Accounts
- .@David_Ingram of @NBCNews reports that political #campaigns and parties say they’re sending many more texts this year than in past
- Google+ is Shutting Down After a Vulnerability Exposed 500,000 Users' Data
- Expert presented a new attack technique to compromise MikroTik Routers
- With 12,556,810 email archives already exposed across misconfigured online file stores, attackers don’t even need to perform #accounttakeovers to gain
- ICO hits Heathrow Airport with £120,000 data breach fine over lost USB stick
- MikroTik routers with default credentials can be easily compromised
- Project Insecurity (@insecurity) researchers discovered certain #livechatsoftware that were leaking personal details of employee at several high-profile sites. Discover how
DENIAL-OF-SERVICE
- Hide and Seek IoT Botnet Now Spreads to New Android Devices Using ADB over Wi-Fi
- Assassin’s Creed Odyssey suffers DDoS attack at launch
MALVERTISING
Nil
PHISHING
- California to Ban Weak Passwords
- Phishing Enables Domestic Violence. Education Can Help Stop It.
- Hook, Line and Sinker: After Phish Get Caught
- Aspire Health Lost 'Protected Health Information' after Getting Hacked by a Phishing Scheme
- "Life is short - passwords are long."
- Finnish Communications Regulatory Authority
WEB DEFACEMENT
Nil
MALWARE
- GRRCon Augusta 2018, Ankur Tyagi’s ‘Analyzing Multi-Dimensional Malware Dataset’
- Malware isn't the only threat to Android apps. Others include copies of popular apps and those that abuse permission requests.
Here
- Code Execution Bug In Malicious Repositories Resolved By Git Project
- #Stegware: it's #Malware that uses #steganography techniques to avoid detection
- 2018's Most Active Ransomware: The Ongoing Evolution of GandCrab
- Most hosting providers take too long to remove malware distribution sites
- .@Trustlook Labs discovered an #Android #Trojan stealing data from messaging apps. Learn what #mobilesecurity programs should look for to detect
- .@ThreatFabric researchers uncovered a #malware that uses overlay techniques to avoid detection. Learn from @lewisnic how this new #Androidmalware --
- Mikko Hypponen's Picks For the Top 5 Viruses of All Time - F-Secure Blog
- US government rolls out 2-step verification for .gov domain owners
- Intel’s 9th-Generation Core Processors Unveiled
- Code execution bug in malicious repositories resolved by Git Project
- #Android #Trojan: How is data being stolen from #messagingapps?
- #GoScanSSH: How does this #malware work and differ from others?
- How did an organized crime group get a zip file from a reputable malware scanning service?
Malware researchers occasionally have ties
- Keeping your cloud malware-free: What you need to know
- Virus Attack Hampers the Email System of Ulster Town
- Beware!! Hackers Now Spreading Dangerous FlawedAmmyy Malware Through PDF & IQY File
- First In-The-Wild UEFI Rootkit Discovered
- The MITRE ATT&CK Framework: Command and Control
- .@TrendMicro researchers discovered #FacexWorm, a #malware that uses a #ChromeExtension and @Facebook Messenger to spread. Learn which users are at
EXPLOIT
- Hackers exploit vulnerability in Bitcoin code
- #TLBleed exploits abuse Intel's HTT chip feature to leak data. Find out how hackers could launch side-channel attacks to obtain
- Websites vulnerable to attack exploiting major framework
- "It is no secret that the #RemoteDesktop Protocol has long been a source of exploitable vulnerabilities, and it is well
- New Exploit for MikroTik Router WinBox Vulnerability Gives Full Root Access
VULNERABILITY
- Google shutting down Google+ after covering up privacy bug
- Hackers exploit vulnerability in Bitcoin code
- Google was aware of a flaw that exposed over 500,000 of Google Plus users, but did not disclose it
- Google Says Social Network Bug Exposed Private Data
- WECON PI Studio HMI software affected by code execution flaws
- Mozilla Patched Multiple Vulnerabilities In Thunderbird 60.2.1
- Google+ Is Shutting Down After a Security Bug Exposed User Info
- Google shuts down Google+ for consumers due to bug found months ago
- Google chose not to go public about bug that exposed Google Plus users’ data
- iOS 12.0.1 Released with Fixes to Passcode Bypass Bugs
- Google+ Shutting Down After Google Discovers API Bug Affecting 500K Users
- Google shuts down Google+ after API bug exposed details for over 500,000 users
- Code Execution Flaws Found in WECON Industrial Products
- GitLab API Vulnerability Leaked Confidential Data On Public Projects
- Code Execution Bug In Malicious Repositories Resolved By Git Project
- Google+ Shutting Down After Bug Leaks Info of 500k Accounts
- Vulnerabilities in RouterOS could enble hackers to take control of routers
- #Shodan, a device search engine, can help identify #ICS security vulnerabilities. Learn more about how Shodan works and how it
- NEW #CYBERSAUNA EPISODE: Reinventing the Cold Boot Attack: Modern Laptop Version
@nxsolle and Pasi Saarinen discuss how they discovered a flaw
- Vulnerabilities discovered in electoral counting machines in 23 states
- Most routers full of firmware flaws that leave users at risk
- Google+ is Shutting Down After a Vulnerability Exposed 500,000 Users' Data
- Who's watching your TV? Sony quietly killed three critical Bravia TV bugs
- Microsoft says it can recover files lost to the Windows 10 October Update's data deletion bug
- Tenable Researcher Reveals Extended MikroTik Router Vulnerability
- MikroTik vulnerability climbs up the severity scale, new attack permits root access
- Google Criticizes Apple Over Safari Security, Flaw Disclosures
- Code execution bug in malicious repositories resolved by Git Project
- Users complain of boot loops on Series 4 Apple Watch due to daylight savings bug
- "It is no secret that the #RemoteDesktop Protocol has long been a source of exploitable vulnerabilities, and it is well
- New Exploit for MikroTik Router WinBox Vulnerability Gives Full Root Access
- The Git Project addresses a critical arbitrary code execution vulnerability in Git
- D-Link Security Updates Fixed Multiple Vulnerabilities in WiFiManager Software
- Beware!! Hackers Now Spreading Dangerous FlawedAmmyy Malware Through PDF & IQY File
- PoC Attack Escalates MikroTik Router Bug to ‘As Bad As It Gets’
ASIA
Nil
OCEANIA
Nil
NORTH AMERICA
Nil
SOUTH AMERICA
Nil
EUROPE
Nil
AFRICA
Nil
