DATA BREACH & DATA LOSS
- Campaign 2018: These hacking groups could target the 2018 midterm elections
- 4.5 Billion Records Stolen in Data Breaches in the First Six Months of 2018
- Threat Actors Prey on Drupalgeddon Vulnerability to Mass-Compromise Websites and Underlying Servers
- Google Restricts Android Apps From Accessing Your Personal Data
- Triangulating Beyond the Hack: Stolen Records Just One Tool in a Comprehensive Kit
- #NetSpectre exploits leak data remotely via side-channel attacks. Learn how to use #ThreatModeling to stop speculative execution from expert Ed
- A Google security audit uncovered a glitch in Google+ that exposed data from nearly 500,000 accounts. Ping CTO West @baber
- Razer Phone 2 leaks hours before announcement: wireless charging and IP67 water resistance
- Goodbye Google Plus – Google Plans Google+ Shut Down After Data Breach
- The #TLBleed vulnerability uses @Intel's HTT chip feature to leak data. Learn about how hackers could use #malware to launch
- New state-backed espionage campaign targets military and government using freely available hacking tools
- Flaw in Ghostscript sandbox allowed system compromise
- Leaks suggest Samsung is working on a mid-range smartphone with four cameras
- Rebound Orthopedics & Neurosurgery hacked; 2,800 records exposed
- Business email compromise made easy for #cybercriminals as 12.5 million company email boxes and 33,000 finance department credentials are openly
- Hackers can compromise your WhatsApp account by tricking you into answering a video call
- Google+ API glitch exposed user profile data to developers
- 291 records breached per second in first half of 2018
- Hackers can use legitimate #AdminTools to compromise networks. Learn more about "living off the land" attacks from expert Michael Cobb
- Don't make us pay compensation for employee data breach, Morrisons begs UK court
- A $12 million case of business email compromise.
- Microsoft WindowsCodecs.dll SniffAndConvertToWideString Information Leak Vulnerability
- A #Google security audit uncovered a glitch in #GooglePlus that exposed data from nearly 500,000 accounts, causing the company to
- California state primaries put spotlight on election campaign vulnerabilities #cybersecurity @5ean5ullivan
- '5,000 UK firms' financial details exposed in data breaches' http://www.cityam.com/264491/uk-business-emails-could-represent-major-cyber-security … @CityAM Read the full research report here:
- New Phishing Campaign Drops Ursnif into Conversation Threads
- October Patch Tuesday: Microsoft Repairs JET Database Engine Bug, Win32K EoP Zero-Day
- October Patch Tuesday: Microsoft Repairs JET Database Engine Bug, Win32K EoP Zero-Day
- Leak reveals Google's Chinese search engine is months away from launch
- PHASE 2 - INITIAL INTRUSION
Number One decides it is time to launch a targeted spearphishing campaign.
Through the newsletter, he learns
- My Health Record justifications 'kind of lame': Godwin
- Just Answering A Video Call Could Compromise Your WhatsApp Account
- .@Google Firebase #DatabaseSecurity proved insufficient when bypassed by hackers to leak data. Learn more about this #SecurityFlaw from expert Michael
DENIAL-OF-SERVICE
- Ubisoft Hit With DDoS Attack During The Launch of Assassin’s Creed: Odyssey
- DDoS Attacks Target Multiple Games including Final Fantasy XIV
- Researchers have recently observed an alarming trend:
#DDoS attacks are multiplying in size, often far exceeding what many service providers
- Acorus Network protects enterprises and service providers from DDoS attacks
MALVERTISING
Nil
PHISHING
- “You have 48 hours after reading this letter”– How to Identify the Latest Phishing Scam
- Cyber Fraud Ring Used Phishing to Steal $4 Million, Alleged Leader Faces Charges
- Innovative Phishing Tactic Makes Inroads Using Azure Blob
- Follow @PhishingAi to stay up to date on #phishing attacks and trends!
- Emerging threat: password stuffing explained
- New Threat Insight research: German-language threats span #phishing, BEC, #malware, and more...
- The spearphishing email contained a zip folder with a custom-built remote access trojan (RAT).
Once executed, it would connect back to
- WTB: Phishing Attack Uses Azure Blob Storage To Impersonate Microsoft
- New Phishing Campaign Drops Ursnif into Conversation Threads
- PHASE 2 - INITIAL INTRUSION
Number One decides it is time to launch a targeted spearphishing campaign.
Through the newsletter, he learns
- Zero trust security: 5 reasons it’s not just about passwords
WEB DEFACEMENT
Nil
BOTNET
- The Many Faces of Necurs: How the Botnet Spewed Millions of Spam Emails for Cyber Extortion
RANSOMWARE
- Rapidly Evolving Ransomware GandCrab Version 5 Partners With Crypter Service for Obfuscation
- Decrypting GandCrab Ransomware
- Cryptomining replaces ransomware as 2018's top cybersecurity threat
- Port of San Diego Hit by a Ransomware Attack Affecting its Computer Systems
CRYPTOMINING & CRYPTOCURRENCIES
- #ISC2Congress: The Promise of Blockchain
- Cryptomining replaces ransomware as 2018's top cybersecurity threat
- Why Apple must be looking into using blockchain
- Hacker steals over $30k USD in cryptocurrency of SpankChain
MALWARE
- CCSP Domain 4: Cloud Application Security
- CCSP Domain 3: Cloud Platform and Infrastructure Security
- CCSP Domain 2: Cloud Data Security
- CCSP Domain 1: Architectural Concepts & Design Requirements
- The CAP Exam: Application Process, Rules and Eligibility, Exam Length and More
- Top 5 ThreatConnect Resources for Malware Analysis
- KeyBoy Abuses Popular Office Exploits for Malware Delivery
- Malware 101: How Malware Avoids Static Detection Techniques
- The #TLBleed vulnerability uses @Intel's HTT chip feature to leak data. Learn about how hackers could use #malware to launch
- CSEU 2018: Nato grappling with implications of cyberspace as domain of warfare
- Symantec reveals state-sponsored group that doesn’t care for malware
- New Threat Insight research: German-language threats span #phishing, BEC, #malware, and more...
- Stegware: How is #malware using #steganography techniques to avoid detection?
- The spearphishing email contained a zip folder with a custom-built remote access trojan (RAT).
Once executed, it would connect back to
- A remote access #Trojan -- dubbed #GravityRAT -- was discovered by Cisco Talos (@TalosSecurity) to be checking for #antimalware sandboxes.
- Gallmaker: New Attack Group Eschews Malware to Live off the Land
- Old-School Malware Tricks Still Work
- "Creation of complex malware and organisation of multi-layered targeted attacks has shifted from financially motivated cyber-criminals to state-sponsored threat actors"
- At the 2018 @RSAConference, researchers discussed the rise of stegware -- #malware that uses #steganography techniques to avoid detection. Learn
EXPLOIT
- Zero-day exploit (CVE-2018-8453) used in targeted attacks
VULNERABILITY
- FruityArmor APT Exploits Yet Another Windows Graphics Kernel Flaw
- Threat Actors Prey on Drupalgeddon Vulnerability to Mass-Compromise Websites and Underlying Servers
- WhatsApp Fixes Vulnerability That’s Triggered by Answering a Call.
- WhatsApp fixes video call bug that could have let hackers in, says report
- Microsoft Added Severity Levels to Feedback Hub Bug Reports for Windows 10
- Vulnerabilities found in Intel Unified Shader compiler
- The #TLBleed vulnerability uses @Intel's HTT chip feature to leak data. Learn about how hackers could use #malware to launch
- Flaw in Ghostscript sandbox allowed system compromise
- Four Critical Flaws Patched in Adobe Digital Edition
- CVE-2018-8453 Zero-Day flaw exploited by FruityArmor APT in attacks aimed at Middle East
- SAP Patches Critical Vulnerability in BusinessObjects
- A @Google #SecurityAudit uncovered privacy flaws and potential exposure of #PersonalData, leading to API changes, the shutdown of #GooglePlus and
- #Shodan can be a helpful tool for security professionals to locate #ICSsecurity vulnerabilities. Expert Ernie Hayden explains how Shodan works
- Security Vulnerabilities in US Weapons Systems
- Microsoft Patch Tuesday update covers zero-day, 12 critical issues
- Many Siemens Products Affected by Foreshadow Vulnerabilities
- Microsoft has fixed the Windows 10 October Update data deletion bug
- It's October 2018, and Exchange can be pwned by an 8 year-old... bug
- Adobe security update fixes a handful of critical bugs, ignores Flash Player
- .@FBI, @DHSgov call on users to mitigate #RemoteDesktop Protocol vulnerabilities and handle RDP exploits on their own, even as the
- October 2018 Patch Tuesday: Microsoft fixes 49 flaws, one APT-wielded zero-day
- Microsoft WindowsCodecs.dll SniffAndConvertToWideString Information Leak Vulnerability
- Adobe October Security Update fixes 20 security flaws
- Apple Released Security Updates for iOS 12.0.1 & iCloud with the Fixes for 21 Vulnerabilities
- Google+ to shut down due to lack of adoption and privacy bug
- Microsoft Fixes Zero Day and Data Deletion Bugs
- California state primaries put spotlight on election campaign vulnerabilities #cybersecurity @5ean5ullivan
- Zero-day exploit (CVE-2018-8453) used in targeted attacks
- Windows Zero-Day Exploited in Attacks Aimed at Middle East
- Bug bounties not a silver bullet, Katie Moussouris warns
- Microsoft Released Security Updates & Fixed 49 Vulnerabilities that Affected Microsoft Products
- October Patch Tuesday: Microsoft Repairs JET Database Engine Bug, Win32K EoP Zero-Day
- October Patch Tuesday: Microsoft Repairs JET Database Engine Bug, Win32K EoP Zero-Day
- WhatsApp fixes bug that let hackers take over app when answering a video call
ASIA
- KeyBoy Abuses Popular Office Exploits for Malware Delivery
- The Many Faces of Necurs: How the Botnet Spewed Millions of Spam Emails for Cyber Extortion
- Thieves and Geeks: Russian and Chinese Hacking Communities
- WTB: Phishing Attack Uses Azure Blob Storage To Impersonate Microsoft
- MuddyWater expands operations
- Group-IB: $49.4 million of damage caused to Russia’s financial sector from cyber attacks
- Leak reveals Google's Chinese search engine is months away from launch
OCEANIA
- My Health Record justifications 'kind of lame': Godwin
NORTH AMERICA
- Rapidly Evolving Ransomware GandCrab Version 5 Partners With Crypter Service for Obfuscation
- Campaign 2018: These hacking groups could target the 2018 midterm elections
- Top 5 ThreatConnect Resources for Malware Analysis
- The Many Faces of Necurs: How the Botnet Spewed Millions of Spam Emails for Cyber Extortion
- Thieves and Geeks: Russian and Chinese Hacking Communities
- CVE-2018-8453 Zero-Day flaw exploited by FruityArmor APT in attacks aimed at Middle East
- Rebound Orthopedics & Neurosurgery hacked; 2,800 records exposed
- Security Vulnerabilities in US Weapons Systems
- Don't make us pay compensation for employee data breach, Morrisons begs UK court
- WTB: Phishing Attack Uses Azure Blob Storage To Impersonate Microsoft
- MuddyWater expands operations
- Group-IB: $49.4 million of damage caused to Russia’s financial sector from cyber attacks
- Zero-day exploit (CVE-2018-8453) used in targeted attacks
- Acorus Network protects enterprises and service providers from DDoS attacks
SOUTH AMERICA
- Group-IB: $49.4 million of damage caused to Russia’s financial sector from cyber attacks
EUROPE
- Cyber Fraud Ring Used Phishing to Steal $4 Million, Alleged Leader Faces Charges
- A Google security audit uncovered a glitch in Google+ that exposed data from nearly 500,000 accounts. Ping CTO West @baber
- The Many Faces of Necurs: How the Botnet Spewed Millions of Spam Emails for Cyber Extortion
- Thieves and Geeks: Russian and Chinese Hacking Communities
- CVE-2018-8453 Zero-Day flaw exploited by FruityArmor APT in attacks aimed at Middle East
- New Threat Insight research: German-language threats span #phishing, BEC, #malware, and more...
- A @Google #SecurityAudit uncovered privacy flaws and potential exposure of #PersonalData, leading to API changes, the shutdown of #GooglePlus and
- Don't make us pay compensation for employee data breach, Morrisons begs UK court
- WTB: Phishing Attack Uses Azure Blob Storage To Impersonate Microsoft
- MuddyWater expands operations
- Ubisoft Hit With DDoS Attack During The Launch of Assassin’s Creed: Odyssey
- Magecart Hits Popular Customer Review Plugin
- A #Google security audit uncovered a glitch in #GooglePlus that exposed data from nearly 500,000 accounts, causing the company to
- Group-IB: $49.4 million of damage caused to Russia’s financial sector from cyber attacks
- '5,000 UK firms' financial details exposed in data breaches' http://www.cityam.com/264491/uk-business-emails-could-represent-major-cyber-security … @CityAM Read the full research report here:
- Shopper Approved, the new victim of the Magecart hacking group
AFRICA
- MuddyWater expands operations
HEALTHCARE
- #ISC2Congress: The Promise of Blockchain
- Rebound Orthopedics & Neurosurgery hacked; 2,800 records exposed
- Acorus Network protects enterprises and service providers from DDoS attacks
TRANSPORT
- Thieves and Geeks: Russian and Chinese Hacking Communities
- Hackers can compromise your WhatsApp account by tricking you into answering a video call
- Port of San Diego Hit by a Ransomware Attack Affecting its Computer Systems
BANKING & FINANCE
- Rapidly Evolving Ransomware GandCrab Version 5 Partners With Crypter Service for Obfuscation
- #ISC2Congress: The Promise of Blockchain
- Threat Actors Prey on Drupalgeddon Vulnerability to Mass-Compromise Websites and Underlying Servers
- The Many Faces of Necurs: How the Botnet Spewed Millions of Spam Emails for Cyber Extortion
- Thieves and Geeks: Russian and Chinese Hacking Communities
- Symantec reveals state-sponsored group that doesn’t care for malware
- Rebound Orthopedics & Neurosurgery hacked; 2,800 records exposed
- Business email compromise made easy for #cybercriminals as 12.5 million company email boxes and 33,000 finance department credentials are openly
- Payment-card-skimming Magecart strikes again: Zero out of five for infecting e-retail sites
- WTB: Phishing Attack Uses Azure Blob Storage To Impersonate Microsoft
- Group-IB: $49.4 million of damage caused to Russia’s financial sector from cyber attacks
- '5,000 UK firms' financial details exposed in data breaches' http://www.cityam.com/264491/uk-business-emails-could-represent-major-cyber-security … @CityAM Read the full research report here:
- New Phishing Campaign Drops Ursnif into Conversation Threads
- Old-School Malware Tricks Still Work
- Hacker steals over $30k USD in cryptocurrency of SpankChain
- Shopper Approved, the new victim of the Magecart hacking group
- Acorus Network protects enterprises and service providers from DDoS attacks
INFORMATION & TELECOMMUNICATION
- Rapidly Evolving Ransomware GandCrab Version 5 Partners With Crypter Service for Obfuscation
- Top 5 ThreatConnect Resources for Malware Analysis
- Threat Actors Prey on Drupalgeddon Vulnerability to Mass-Compromise Websites and Underlying Servers
- WhatsApp Fixes Vulnerability That’s Triggered by Answering a Call.
- WhatsApp fixes video call bug that could have let hackers in, says report
- Follow @PhishingAi to stay up to date on #phishing attacks and trends!
- Thieves and Geeks: Russian and Chinese Hacking Communities
- New Threat Insight research: German-language threats span #phishing, BEC, #malware, and more...
- Business email compromise made easy for #cybercriminals as 12.5 million company email boxes and 33,000 finance department credentials are openly
- Hackers can compromise your WhatsApp account by tricking you into answering a video call
- WTB: Phishing Attack Uses Azure Blob Storage To Impersonate Microsoft
- A $12 million case of business email compromise.
- MuddyWater expands operations
- '5,000 UK firms' financial details exposed in data breaches' http://www.cityam.com/264491/uk-business-emails-could-represent-major-cyber-security … @CityAM Read the full research report here:
- Researchers have recently observed an alarming trend:
#DDoS attacks are multiplying in size, often far exceeding what many service providers
- Old-School Malware Tricks Still Work
- Just Answering A Video Call Could Compromise Your WhatsApp Account
- WhatsApp fixes bug that let hackers take over app when answering a video call
FOOD
Nil
WATER
Nil
ENERGY
- WTB: Phishing Attack Uses Azure Blob Storage To Impersonate Microsoft
- Zero trust security: 5 reasons it’s not just about passwords
GOVERNMENT & PUBLIC SERVICE
- Campaign 2018: These hacking groups could target the 2018 midterm elections
- MuddyWater expands operations
- California state primaries put spotlight on election campaign vulnerabilities #cybersecurity @5ean5ullivan
ASIA
- KeyBoy Abuses Popular Office Exploits for Malware Delivery
- The Many Faces of Necurs: How the Botnet Spewed Millions of Spam Emails for Cyber Extortion
- Thieves and Geeks: Russian and Chinese Hacking Communities
- WTB: Phishing Attack Uses Azure Blob Storage To Impersonate Microsoft
- MuddyWater expands operations
- Group-IB: $49.4 million of damage caused to Russia’s financial sector from cyber attacks
- Leak reveals Google's Chinese search engine is months away from launch
WORLD
- Rapidly Evolving Ransomware GandCrab Version 5 Partners With Crypter Service for Obfuscation
- Campaign 2018: These hacking groups could target the 2018 midterm elections
- Top 5 ThreatConnect Resources for Malware Analysis
- Cyber Fraud Ring Used Phishing to Steal $4 Million, Alleged Leader Faces Charges
- A Google security audit uncovered a glitch in Google+ that exposed data from nearly 500,000 accounts. Ping CTO West @baber
- The Many Faces of Necurs: How the Botnet Spewed Millions of Spam Emails for Cyber Extortion
- Thieves and Geeks: Russian and Chinese Hacking Communities
- CVE-2018-8453 Zero-Day flaw exploited by FruityArmor APT in attacks aimed at Middle East
- New Threat Insight research: German-language threats span #phishing, BEC, #malware, and more...
- Rebound Orthopedics & Neurosurgery hacked; 2,800 records exposed
- A @Google #SecurityAudit uncovered privacy flaws and potential exposure of #PersonalData, leading to API changes, the shutdown of #GooglePlus and
- Security Vulnerabilities in US Weapons Systems
- Don't make us pay compensation for employee data breach, Morrisons begs UK court
- WTB: Phishing Attack Uses Azure Blob Storage To Impersonate Microsoft
- MuddyWater expands operations
- Ubisoft Hit With DDoS Attack During The Launch of Assassin’s Creed: Odyssey
- Magecart Hits Popular Customer Review Plugin
- A #Google security audit uncovered a glitch in #GooglePlus that exposed data from nearly 500,000 accounts, causing the company to
- Group-IB: $49.4 million of damage caused to Russia’s financial sector from cyber attacks
- '5,000 UK firms' financial details exposed in data breaches' http://www.cityam.com/264491/uk-business-emails-could-represent-major-cyber-security … @CityAM Read the full research report here:
- Zero-day exploit (CVE-2018-8453) used in targeted attacks
- My Health Record justifications 'kind of lame': Godwin
- Shopper Approved, the new victim of the Magecart hacking group
- Acorus Network protects enterprises and service providers from DDoS attacks
ATTACKS
- Campaign 2018: These hacking groups could target the 2018 midterm elections
- 4.5 Billion Records Stolen in Data Breaches in the First Six Months of 2018
- “You have 48 hours after reading this letter”– How to Identify the Latest Phishing Scam
- Threat Actors Prey on Drupalgeddon Vulnerability to Mass-Compromise Websites and Underlying Servers
- Google Restricts Android Apps From Accessing Your Personal Data
- Triangulating Beyond the Hack: Stolen Records Just One Tool in a Comprehensive Kit
- Cyber Fraud Ring Used Phishing to Steal $4 Million, Alleged Leader Faces Charges
- #NetSpectre exploits leak data remotely via side-channel attacks. Learn how to use #ThreatModeling to stop speculative execution from expert Ed
- A Google security audit uncovered a glitch in Google+ that exposed data from nearly 500,000 accounts. Ping CTO West @baber
- Innovative Phishing Tactic Makes Inroads Using Azure Blob
- Razer Phone 2 leaks hours before announcement: wireless charging and IP67 water resistance
- Goodbye Google Plus – Google Plans Google+ Shut Down After Data Breach
- The #TLBleed vulnerability uses @Intel's HTT chip feature to leak data. Learn about how hackers could use #malware to launch
- New state-backed espionage campaign targets military and government using freely available hacking tools
- Follow @PhishingAi to stay up to date on #phishing attacks and trends!
- Flaw in Ghostscript sandbox allowed system compromise
- Emerging threat: password stuffing explained
- New Threat Insight research: German-language threats span #phishing, BEC, #malware, and more...
- Leaks suggest Samsung is working on a mid-range smartphone with four cameras
- Rebound Orthopedics & Neurosurgery hacked; 2,800 records exposed
- Business email compromise made easy for #cybercriminals as 12.5 million company email boxes and 33,000 finance department credentials are openly
- The spearphishing email contained a zip folder with a custom-built remote access trojan (RAT).
Once executed, it would connect back to
- Hackers can compromise your WhatsApp account by tricking you into answering a video call
- Google+ API glitch exposed user profile data to developers
- 291 records breached per second in first half of 2018
- Hackers can use legitimate #AdminTools to compromise networks. Learn more about "living off the land" attacks from expert Michael Cobb
- Don't make us pay compensation for employee data breach, Morrisons begs UK court
- WTB: Phishing Attack Uses Azure Blob Storage To Impersonate Microsoft
- A $12 million case of business email compromise.
- Microsoft WindowsCodecs.dll SniffAndConvertToWideString Information Leak Vulnerability
- A #Google security audit uncovered a glitch in #GooglePlus that exposed data from nearly 500,000 accounts, causing the company to
- California state primaries put spotlight on election campaign vulnerabilities #cybersecurity @5ean5ullivan
- '5,000 UK firms' financial details exposed in data breaches' http://www.cityam.com/264491/uk-business-emails-could-represent-major-cyber-security … @CityAM Read the full research report here:
- New Phishing Campaign Drops Ursnif into Conversation Threads
- October Patch Tuesday: Microsoft Repairs JET Database Engine Bug, Win32K EoP Zero-Day
- October Patch Tuesday: Microsoft Repairs JET Database Engine Bug, Win32K EoP Zero-Day
- Leak reveals Google's Chinese search engine is months away from launch
- PHASE 2 - INITIAL INTRUSION
Number One decides it is time to launch a targeted spearphishing campaign.
Through the newsletter, he learns
- My Health Record justifications 'kind of lame': Godwin
- Just Answering A Video Call Could Compromise Your WhatsApp Account
- Acorus Network protects enterprises and service providers from DDoS attacks
- Zero trust security: 5 reasons it’s not just about passwords
- .@Google Firebase #DatabaseSecurity proved insufficient when bypassed by hackers to leak data. Learn more about this #SecurityFlaw from expert Michael
THREATS
- Rapidly Evolving Ransomware GandCrab Version 5 Partners With Crypter Service for Obfuscation
- Decrypting GandCrab Ransomware
- CCSP Domain 4: Cloud Application Security
- CCSP Domain 3: Cloud Platform and Infrastructure Security
- FruityArmor APT Exploits Yet Another Windows Graphics Kernel Flaw
- CCSP Domain 2: Cloud Data Security
- CCSP Domain 1: Architectural Concepts & Design Requirements
- The CAP Exam: Application Process, Rules and Eligibility, Exam Length and More
- #ISC2Congress: The Promise of Blockchain
- Top 5 ThreatConnect Resources for Malware Analysis
- Threat Actors Prey on Drupalgeddon Vulnerability to Mass-Compromise Websites and Underlying Servers
- WhatsApp Fixes Vulnerability That’s Triggered by Answering a Call.
- Cryptomining replaces ransomware as 2018's top cybersecurity threat
- WhatsApp fixes video call bug that could have let hackers in, says report
- KeyBoy Abuses Popular Office Exploits for Malware Delivery
- Microsoft Added Severity Levels to Feedback Hub Bug Reports for Windows 10
- Vulnerabilities found in Intel Unified Shader compiler
- Malware 101: How Malware Avoids Static Detection Techniques
- The #TLBleed vulnerability uses @Intel's HTT chip feature to leak data. Learn about how hackers could use #malware to launch
- CSEU 2018: Nato grappling with implications of cyberspace as domain of warfare
- Flaw in Ghostscript sandbox allowed system compromise
- Four Critical Flaws Patched in Adobe Digital Edition
- CVE-2018-8453 Zero-Day flaw exploited by FruityArmor APT in attacks aimed at Middle East
- SAP Patches Critical Vulnerability in BusinessObjects
- Symantec reveals state-sponsored group that doesn’t care for malware
- New Threat Insight research: German-language threats span #phishing, BEC, #malware, and more...
- Stegware: How is #malware using #steganography techniques to avoid detection?
- A @Google #SecurityAudit uncovered privacy flaws and potential exposure of #PersonalData, leading to API changes, the shutdown of #GooglePlus and
- The spearphishing email contained a zip folder with a custom-built remote access trojan (RAT).
Once executed, it would connect back to
- #Shodan can be a helpful tool for security professionals to locate #ICSsecurity vulnerabilities. Expert Ernie Hayden explains how Shodan works
- Security Vulnerabilities in US Weapons Systems
- Microsoft Patch Tuesday update covers zero-day, 12 critical issues
- Many Siemens Products Affected by Foreshadow Vulnerabilities
- A remote access #Trojan -- dubbed #GravityRAT -- was discovered by Cisco Talos (@TalosSecurity) to be checking for #antimalware sandboxes.
- Microsoft has fixed the Windows 10 October Update data deletion bug
- Gallmaker: New Attack Group Eschews Malware to Live off the Land
- It's October 2018, and Exchange can be pwned by an 8 year-old... bug
- Adobe security update fixes a handful of critical bugs, ignores Flash Player
- .@FBI, @DHSgov call on users to mitigate #RemoteDesktop Protocol vulnerabilities and handle RDP exploits on their own, even as the
- October 2018 Patch Tuesday: Microsoft fixes 49 flaws, one APT-wielded zero-day
- Microsoft WindowsCodecs.dll SniffAndConvertToWideString Information Leak Vulnerability
- Adobe October Security Update fixes 20 security flaws
- Apple Released Security Updates for iOS 12.0.1 & iCloud with the Fixes for 21 Vulnerabilities
- Google+ to shut down due to lack of adoption and privacy bug
- Microsoft Fixes Zero Day and Data Deletion Bugs
- Why Apple must be looking into using blockchain
- California state primaries put spotlight on election campaign vulnerabilities #cybersecurity @5ean5ullivan
- Zero-day exploit (CVE-2018-8453) used in targeted attacks
- Windows Zero-Day Exploited in Attacks Aimed at Middle East
- Bug bounties not a silver bullet, Katie Moussouris warns
- Microsoft Released Security Updates & Fixed 49 Vulnerabilities that Affected Microsoft Products
- October Patch Tuesday: Microsoft Repairs JET Database Engine Bug, Win32K EoP Zero-Day
- October Patch Tuesday: Microsoft Repairs JET Database Engine Bug, Win32K EoP Zero-Day
- Port of San Diego Hit by a Ransomware Attack Affecting its Computer Systems
- Old-School Malware Tricks Still Work
- "Creation of complex malware and organisation of multi-layered targeted attacks has shifted from financially motivated cyber-criminals to state-sponsored threat actors"
- Hacker steals over $30k USD in cryptocurrency of SpankChain
- WhatsApp fixes bug that let hackers take over app when answering a video call
- At the 2018 @RSAConference, researchers discussed the rise of stegware -- #malware that uses #steganography techniques to avoid detection. Learn
CRIME
- Rapidly Evolving Ransomware GandCrab Version 5 Partners With Crypter Service for Obfuscation
- #ISC2Congress: The Promise of Blockchain
- 4.5 Billion Records Stolen in Data Breaches in the First Six Months of 2018
- “You have 48 hours after reading this letter”– How to Identify the Latest Phishing Scam
- Threat Actors Prey on Drupalgeddon Vulnerability to Mass-Compromise Websites and Underlying Servers
- Triangulating Beyond the Hack: Stolen Records Just One Tool in a Comprehensive Kit
- The Many Faces of Necurs: How the Botnet Spewed Millions of Spam Emails for Cyber Extortion
- Thieves and Geeks: Russian and Chinese Hacking Communities
- New Threat Insight research: German-language threats span #phishing, BEC, #malware, and more...
- Business email compromise made easy for #cybercriminals as 12.5 million company email boxes and 33,000 finance department credentials are openly
- Payment-card-skimming Magecart strikes again: Zero out of five for infecting e-retail sites
- Don't make us pay compensation for employee data breach, Morrisons begs UK court
- WTB: Phishing Attack Uses Azure Blob Storage To Impersonate Microsoft
- A $12 million case of business email compromise.
- Group-IB: $49.4 million of damage caused to Russia’s financial sector from cyber attacks
- Old-School Malware Tricks Still Work
- "Creation of complex malware and organisation of multi-layered targeted attacks has shifted from financially motivated cyber-criminals to state-sponsored threat actors"
- Hacker steals over $30k USD in cryptocurrency of SpankChain
- Shopper Approved, the new victim of the Magecart hacking group
- Acorus Network protects enterprises and service providers from DDoS attacks
POLITICS
- Campaign 2018: These hacking groups could target the 2018 midterm elections
- MuddyWater Threat Actor Expands Targets List
- New state-backed espionage campaign targets military and government using freely available hacking tools
- CSEU 2018: Nato grappling with implications of cyberspace as domain of warfare
- The Many Faces of Necurs: How the Botnet Spewed Millions of Spam Emails for Cyber Extortion
- Thieves and Geeks: Russian and Chinese Hacking Communities
- CVE-2018-8453 Zero-Day flaw exploited by FruityArmor APT in attacks aimed at Middle East
- Symantec reveals state-sponsored group that doesn’t care for malware
- Hackers can compromise your WhatsApp account by tricking you into answering a video call
- Gallmaker: New Attack Group Eschews Malware to Live off the Land
- WTB: Phishing Attack Uses Azure Blob Storage To Impersonate Microsoft
- MuddyWater expands operations
- Group-IB: $49.4 million of damage caused to Russia’s financial sector from cyber attacks
- California state primaries put spotlight on election campaign vulnerabilities #cybersecurity @5ean5ullivan
DATA BREACH
- URSNIF Phishing Campaign Spreads Malware by Replying to Existing E-mail Threads
- Heathrow Fined For USB Stick Data Breach
- Google+ Users, Upset Over Data Leak, Sue Google
- Google+ will shut down after leaking info of 500k accounts
- Amazon acknowledges that the company’s employees leaked user information to the seller
- Upgrade Your Threat Intelligence Program Part 5: Take Down Fraud Campaigns & Cyber Scams
- Magecart group compromises customer ratings tool, affecting 'hundreds' of online stores
- Google: We're giving you more control over what personal data apps can use
- Garmin's Navionics exposed data belonging to thousands of customers
- Phishing Campaign uses Hijacked Emails to Deliver URSNIF by Replying to Ongoing Threads
- Google+ shut down after bug exposed user data
- Over 4.5 Billion Records Breached in H1 2018, Finds Report
- Google+ Shuts Down Following Undisclosed Data Breach
- The end of Google+: Low usage and an API bug that exposed user data
- 33,000 Accounting Inbox Credentials Exposed Online: BEC Made Easy. Read the full blog here:
- Magecart Group Compromises Plugin Used in Thousands of Stores, Makes Rookie Mistake
- Heathrow Airport fined £120,000 over USB data breach debacle
- "Application control bypass techniques are a big thing that is happening right now - - 80% to 85% of compromises
- For @5ean5ullivan, a security adviser at cyber firm F-Secure, a campaign’s cyber protections boil down to education — making sure
- Google has made the decision to shut down much of its #GooglePlus social network following the disclosure of vulnerable data.
- Gemalto reports 4.6 billion record breaches in the first half of 2018
- Hackers Targeting Instagram Accounts of Influential Profiles for Ransom in a Recent Campaign
- Sunsets for Google Plus after Reports of Data Breach
- Google Announced Google+ Shut down, Following Security Breach That Exposed 500,000 Users Accounts
- Oh no, looks like we can't trust our data with Google either
"Google hid major Google+ security flaw that exposed
- Cryptojacking campaign targets add-ons for popular streaming app Kodi
DENIAL-OF-SERVICE
- New Cloud VPS Provider with Built-In DDoS Protection and Anti-Virus | SkySilk Cloud Services
- Over nine million cameras and DVRs open to APTs, botnet herders, and voyeurs
- New IoT botnet “hide and seek” variants target Android devices
- Hacked #Fortnite accounts and rent-a-botnet being pushed on
MALVERTISING
Nil
PHISHING
- How to Evade Expensive Phishing Filters with One Simple Trick
- URSNIF Phishing Campaign Spreads Malware by Replying to Existing E-mail Threads
- With a few keystrokes, Number One used the admin/admin login to siphon all the email addresses, names and titles of
- As a way to inch forward in the battle of default passwords, California has passed a law that will make
- Phishing Campaign uses Hijacked Emails to Deliver URSNIF by Replying to Ongoing Threads
- Phishing attacks use Azure Blob storage to simulate Microsoft
- Weak IOT passwords outlawed in California
- California’s ban on weak default passwords isn’t going to fix IoT security
- Police Warned that Phishing Text Messages are Used to Target the Bank Customers
- one more reason to not use Facebook login everywhere, no matter how convenient it is.
- Using web phishing, criminals have managed to steal $3.7 million (251 million rubles), which is 6% more than in the
WEB DEFACEMENT
Nil
MALWARE
- Cryptomining dethrones ransomware as 2018’s top threat - Webroot
- Slideshow: Intel from Virus Bulletin 2018
- Block puzzle games laced with malware | Avast
- How does #FacexWorm #malware use @Facebook Messenger to spread? Learn more about this new malware with expert @lewisnic.
- URSNIF Phishing Campaign Spreads Malware by Replying to Existing E-mail Threads
- The @USAgov is rolling out #2FA authentication for officers managing .gov domains, but experts say #GoogleAuthenticator might not be the
- Panda Banker Trojan becomes part of Emotet threat distribution platform
- New Cloud VPS Provider with Built-In DDoS Protection and Anti-Virus | SkySilk Cloud Services
- How does #MassMiner #malware infect systems across the web?
- Hackers breach customer rating tool used on over 7,000 websites
- The government domain registrar -- DotGov -- began rolling out two-factor #authentication for officials managing .gov domains in order to
- Magecart group compromises customer ratings tool, affecting 'hundreds' of online stores
- Proofpoint: One month out from deadline, half of agency domains are #DMARC compliant http://ow.ly/3SRI50iYi41 via CyberScoopNews
- New Domains: A Wide-Open Playing Field for Cybercrime
- #Ransomware Survival Guide: 10 things to know before, during, and after an attack:
EXPLOIT
- Microsoft Patches Windows Zero-Day Exploited by 'FruityArmor' Group
- Microsoft October 2018 Patch Tuesday fixes zero-day exploited by FruityArmor APT
- Sophos recently discovered a #Samsam extortion code that performs whole-company attacks through a variety of vulnerability exploits. Discover how this
- Active Workload Protection on Amazon EKS and AWS Fargate
VULNERABILITY
- Microsoft patches 0-day Windows flaw under attack
- Microsoft Patches Zero-Day Under Active Attack by APT
- VMware Workstation, Fusion, and ESXi Affected by DoS Vulnerability, No Patch Yet
- Microsoft Patches Windows Zero-Day Exploited by 'FruityArmor' Group
- Microsoft October 2018 Patch Tuesday fixes zero-day exploited by FruityArmor APT
- Vulnerability Spotlight: VMWare Workstation DoS Vulnerability
- Microsoft Patch Tuesday — October 18: Vulnerability disclosures and Snort coverage
- Vulnerability in the Intel Unified Shader compiler for the Intel Graphics Accelerator
- Git Gets Patched for Newly Found Flaw
- Microsoft October 2018 Patch Tuesday Fixes 12 Critical Vulnerabilities
- Sony Bravia Smart TVs affected by a critical vulnerability
- Apple fixes iOS 12 passcode bypass vulnerabilities
- Vulnerability Spotlight: VMWare Workstation DoS Vulnerability
- Microsoft October Patch Tuesday Fixes 12 Critical Vulnerabilities
- Microsoft Patch Tuesday — October 18: Vulnerability disclosures and Snort coverage
- Sophos recently discovered a #Samsam extortion code that performs whole-company attacks through a variety of vulnerability exploits. Discover how this
- Google+ shut down after bug exposed user data
- Vulnerability in the Intel Unified Shader compiler for the Intel Graphics Accelerator
- Adobe Releases Security Patch Updates for 11 Vulnerabilities
- The end of Google+: Low usage and an API bug that exposed user data
- TOP 10 PHP Vulnerability Scanners
- RIP Google Plus: Shutdown announced after API bug exposes 500,000 users' details
- On our new #CyberSauna podcast:
Find out how F-Secure's @nxsolle and Pasi Saarinen discovered a flaw that allows attackers to get
- Critical vulnerability in Sony Bravia Smart TV
- Oh no, looks like we can't trust our data with Google either
"Google hid major Google+ security flaw that exposed
