ASIA
- Russia-linked APT group DustSquad targets diplomatic entities in Central Asia
- New ShadowTalk Episode 45
This week, CISO @rickhholland, @drshellface, & Simon Hall join Rafael Amado to cover the
- Hackers can use known security vulnerabilities with new technology to bypass Antivirus Software
- Line lists cryptocurrency on Bitbox exchange
WORLD
- Russia-linked APT group DustSquad targets diplomatic entities in Central Asia
- Author of LuminosityLink Remote Access Trojan Gets 30 Months Sentence
- Insurer Anthem Will Pay Record $16M for Massive Data Breach
- A Russian cyber vigilante is patching outdated MikroTik routers exposed online
- Bug in New iOS Lets Attacker Access iPhone Pics
- Sony Fixed PlayStation 4 Message Exploit Leasing to a DoS Condition
- New ShadowTalk Episode 45
This week, CISO @rickhholland, @drshellface, & Simon Hall join Rafael Amado to cover the
- Madison County computer system infected with ransomware
- Personal Records Of 30,000 US Department Of Defense Workers Swiped By Miscreants
- 2018 US voter records offered for sale on hacking forum
- Recent @Proofpoint research shows that #German-speaking regions are facing targeted #phishing, #malware, and #BEC attacks.
- 35 million US voter records available for sale in a hacking forum
- Anthem agrees to pay $16 million in data breach privacy settlement
- Dating App for Trump Supporters Exposed Members’ Information
- Dating app for Trump loners commits YUGE blunder: It leaks more than the West Wing
- Penta-gone! Personal records of 30,000 US Dept of Defense workers swiped by miscreants
- Estimated 35 Million Voter Records For Sale on Popular Hacking Forum
- Pentagon Travel Provider Data Breach Counts 30,000 Victims
- UK’s MoD Exposed in 37 Security Breaches: Report
- Report: near-400% increase in crypto-mining malware attacks against iPhones
- Hackers can use known security vulnerabilities with new technology to bypass Antivirus Software
- 35 million voter records from 19 states for sale on hacking forum
- Octopus malware wraps tentacles around former Telegram users in Central Asia
- Phishing and Facebook – a test of reputation
- Pentagon data breach puts personal details of 30,000 staff at risk
- Data breach in Pentagon’s service provider affected 30k people
- NotPetya linked to the Industroyer attack against energy infrastructure in Ukraine
- New iPhone Bug Gives Anyone Access to Your Private Photos
ATTACKS
- Chrome 70 arrives with fingerprint login for websites, extension controls, and 23 security fixes
- Chrome 70 released with revamped Google account login system
- Insurer Anthem Will Pay Record $16M for Massive Data Breach
- Pentagon data breach exposed travel data for 30,000 individuals
- A Russian cyber vigilante is patching outdated MikroTik routers exposed online
- A Pentagon #DataBreach exposed data on at least 30,000 individuals, but other details about the incident are still scarce. By
- Personal Records Of 30,000 US Department Of Defense Workers Swiped By Miscreants
- Anthem Agrees To Pay $16 Million In Data Breach Privacy Settlement
- The Donald Daters Trump Dating App Exposed Its Users Data
- Phishing Site Impersonates Financial Services Institution: https://www.digitalshadows.com/blog-and-research/phishing-site-impersonates-financial-services-institution/ … (via @mazzazone)
- 2018 US voter records offered for sale on hacking forum
- Recent @Proofpoint research shows that #German-speaking regions are facing targeted #phishing, #malware, and #BEC attacks.
- #TLBleed exploits abuse Intel's HTT chip feature to leak data. Find out how hackers could launch side-channel attacks to obtain
- 35 million US voter records available for sale in a hacking forum
- Anthem agrees to pay $16 million in data breach privacy settlement
- Dating App for Trump Supporters Exposed Members’ Information
- After originally disclosing its latest data breach last month, Facebook revealed that hackers obtained data from some 30 million users.
Here’s
- Dating app for Trump loners commits YUGE blunder: It leaks more than the West Wing
- Penta-gone! Personal records of 30,000 US Dept of Defense workers swiped by miscreants
- Estimated 35 Million Voter Records For Sale on Popular Hacking Forum
- Pentagon Travel Provider Data Breach Counts 30,000 Victims
- UK’s MoD Exposed in 37 Security Breaches: Report
- 35 million voter records from 19 states for sale on hacking forum
- Pentagon data breach puts personal details of 30,000 staff at risk
- Facebook says fewer users affected by data breach
- Phishing and Facebook – a test of reputation
- Pentagon data breach puts personal details of 30,000 staff at risk
- Data breach in Pentagon’s service provider affected 30k people
THREATS
- SAP Boosts Blockchain Integration and Customer Flexibility
- Author of LuminosityLink Remote Access Trojan Gets 30 Months Sentence
- [SingCERT] Alert on Multiple Vulnerabilities in PHP
- Multiple Vulnerabilities Allow Attackers to Take Full Control of Linksys Routers
- In County Crippled by Hurricane, Water Utility Targeted in Ransomware Attack
- 7 Useful Android Vulnerability Scanners
- Vulnerability Spotlight: Linksys ESeries Multiple OS Command Injection Vulnerabilities
- .@Trustlook Labs discovered an #Android #Trojan stealing data from messaging apps. Learn what #mobilesecurity programs should look for to detect
- Bug in New iOS Lets Attacker Access iPhone Pics
- Malicious RTF Documents Deliver Information Stealers
- Info of 685 Million Users at Risk Because of Multiple Branch.io XSS Flaws
- Madison County computer system infected with ransomware
- CVE-2018-8453 Zero-Day Flaw Exploited by FruityArmor APT
- How to Create Blockchain Applications
- NC Water Utility Fights Post-Hurricane Ransomware
- Learn about the #NetSpectre vulnerability and the benefits of #ThreatModeling for cloud deployments from expert Ed Moyle of @securitycurve.
- Recent @Proofpoint research shows that #German-speaking regions are facing targeted #phishing, #malware, and #BEC attacks.
- Tinder profiles were 'at risk' due to XSS vulnerability
- 685 million users may be affected by the Branch.io service XSS vulnerability
- A “critical water utility” in a county crippled by Hurricane #Florence was hit by a #ransomware attack.
The #cyberattack has
- #Stegware: it's #Malware that uses #steganography techniques to avoid detection
- Vulnerability Spotlight: Linksys ESeries Multiple OS Command Injection Vulnerabilities
- Report: near-400% increase in crypto-mining malware attacks against iPhones
- Hackers can use known security vulnerabilities with new technology to bypass Antivirus Software
- RiskSense cloud service protects against cyber threats and vulnerabilities ahead of midterm elections
- #Shodan, a device search engine, can help identify #ICS security vulnerabilities. Learn more about how Shodan works and how it
- Octopus malware wraps tentacles around former Telegram users in Central Asia
- Mikko didn't put Brain -- the first PC virus -- on his list but he did track down its authors
- Line lists cryptocurrency on Bitbox exchange
- "It is no secret that the #RemoteDesktop Protocol has long been a source of exploitable vulnerabilities, and it is well
- You are who you say you are: Establishing digital trust with the blockchain
- Now Surfing about your Favourite Celebrities can make you Vulnerable to Virus Attack
- Malware Attack Popular Amongst the Hackers, Even though it Dips in Q2 in 2018
- Cryptomining attacks against Apple devices increase sharply
- APT group called #TeleBots linked to #Industroyer #malware and #NotPetya #ransomware, according to @ESET researchers. By @MaddieBacon11
- Cybercriminals Advertising Godzilla Loader Malware On Dark Web Forums
- 685 million users may be affected by the Branch.io service XSS vulnerability
- Cryptojacking attacks against iPhone devices increase
- Juniper Networks launches multiple solutions for Junos OS vulnerabilities
- Most Important Considerations with Malware Analysis Cheats And Tools list
- New iPhone Bug Gives Anyone Access to Your Private Photos
- Leveraging Falcon Sandbox to Detect and Analyze Malicious PDFs Containing Zero-Day Exploits
CRIME
- Author of LuminosityLink Remote Access Trojan Gets 30 Months Sentence
- A Russian cyber vigilante is patching outdated MikroTik routers exposed online
- How to Create Blockchain Applications
- Recent @Proofpoint research shows that #German-speaking regions are facing targeted #phishing, #malware, and #BEC attacks.
- 35 million US voter records available for sale in a hacking forum
- Dating app for Trump loners commits YUGE blunder: It leaks more than the West Wing
- Estimated 35 Million Voter Records For Sale on Popular Hacking Forum
- UK’s MoD Exposed in 37 Security Breaches: Report
- Report: near-400% increase in crypto-mining malware attacks against iPhones
- Facebook says fewer users affected by data breach
- Pentagon data breach puts personal details of 30,000 staff at risk
POLITICS
- Russia-linked APT group DustSquad targets diplomatic entities in Central Asia
- A Russian cyber vigilante is patching outdated MikroTik routers exposed online
- Estimated 35 Million Voter Records For Sale on Popular Hacking Forum
- UK’s MoD Exposed in 37 Security Breaches: Report
- RiskSense cloud service protects against cyber threats and vulnerabilities ahead of midterm elections
- Octopus malware wraps tentacles around former Telegram users in Central Asia
- "It is no secret that the #RemoteDesktop Protocol has long been a source of exploitable vulnerabilities, and it is well
DATA BREACH & DATA LOSS
- Facebook Hack Update – 30 Million Affected; More Details Exposed; No ID Protection
- Malware Campaign Distributes Data Stealer Trojan/RAT, Circumvents Anti-Malware
- Up to 35 Million 2018 Voter Records For Sale on Hacking Forum
- US voter records from 19 states sold on hacking forum
- Tens of Millions of U.S. Voter Records for Sale
- Pentagon Defense Department travel records data breach
- Did Jamal Khashoggi’s Apple Watch record his murder at Saudi consulate? Probably not
- New Gallmaker APT group eschews malware in cyber espionage campaigns
- Microsoft Incompletely Patches JET Database Vulnerability
- Old dog, new tricks – Analysing new RTF-based campaign distributing Agent Tesla, Loki with PyREbox
- Millions of Voter Records Found for Sale on the Dark Web
- Pentagon reveals cyber breach of travel records
- Pentagon Employee Data Breach, An Eye-Opener
- Facebook opens up about data breach details
- Facebook data breach: Victims will not be offered free identity theft protection
- A flaw in @Google Firebase #DatabaseSecurity allowed hackers to bypass security and leak data. Learn more about this #SecurityFlaw and
- Iceland hit by Biggest Cyber Attack on Record
- Scottish Ambulance Service Exposed Employees’ Data Online
- Pentagon Staff Hit by Major Data Breach
- FitMetrix data exposed on unprotected Elasticsearch servers
- Pentagon Data Breach Exposes up to 30,000 Travel Records
- Iceland's largest phishing campaign imitated police
- #Nymaim and #BankBot #Anubis PL campaign
hxxp://przelewy24[.]ml/
hxxp://faktura24[.]cf/
SHA256: 4cb0b471a2132a747abf78214fbdbf0e8d7f44857996117bdbb266d42a277970
C2: bilagoong[.]tk
@ThreatFabric @virqdroid @LukasStefanko
- Old dog, new tricks - Analysing new RTF-based campaign distributing Agent Tesla, Loki with PyREbox
- A Russian cyber vigilante is patching outdated MikroTik routers exposed online
- FitMetrix Unprotected Passwordless Database Exposed Millions of User Data
- Stringent password rules lower risk of personal data breaches
- Branch.io Flaws Exposed Tinder, Shopify, Yelp Users to XSS Attacks
DENIAL-OF-SERVICE
Nil
MALVERTISING
Nil
PHISHING
- Create an email phishing test to minimize attack vectors
- Learn how we are using #MachineLearning to detect mobile #phishing attacks with @thepacketrat and @dyngnosis: https://okt.to/W29vsS @PhishingAi @arstechnica
- Learn how hackers launched #phishing attacks against @netflix users with expert Michael Cobb of @thehairyITdog
- Hackers could use emoji domains to spread phishing attacks
- Iceland's largest phishing campaign imitated police
- Stringent password rules lower risk of personal data breaches
- According to #GroupIB experts, online market for counterfeit goods in Russia has reached $1,5 billion, while the number of phishing
- Google to Encrypt Android Cloud Backups With Your Lock Screen Password
WEB DEFACEMENT
Nil
BOTNET
Nil
RANSOMWARE
- Small businesses repeatedly falling victim to ransomware - Kaspersky
- Ransomware hits computer networks of North Carolina water utility
- Un nouveau rapport montre que les attaques par ransomware ont diminué au premier semestre 2018. Les pirates se tournent vers
CRYPTOMINING & CRYPTOCURRENCIES
- 400 Percent Increase in Cryptocurrency Mining Attacks Against iOS Devices
- Flash Updater Adds Cryptocurrency Miner
- iPhone a Growing Target of Crypto-Mining Attacks
- Economist Nouriel Roubini: Blockchain and bitcoin are the world’s biggest scams
- Fake Adobe update really *does* update Flash (while also installing cryptominer)
- Cryptomining Malware Infects Computers via Fake Adobe Updates
- September 2018’s Most Wanted Malware: Cryptomining Attacks Against Apple Devices On The Rise
- Fake Adobe update really *does* update Flash (while also installing cryptominer)
- 'Flash update' scam serves up legit software, but with a side of cryptominer
- How a #cryptocurrency mining #malware infects systems
- What are blockchain’s smart contracts? And how to secure them
- Android Apps Pretend to Mine Unmineable CryptoCurrencies to Just Show Ads
- SpankChain hacker steals the virtual currency and returns stolen ethereum
MALWARE
- Malware Campaign Distributes Data Stealer Trojan/RAT, Circumvents Anti-Malware
- New Gallmaker APT group eschews malware in cyber espionage campaigns
- Octopus Trojan exploits Telegram ban fears to snag diplomatic targets across Asia
- At the 2018 @RSAConference, researchers discussed the rise of stegware -- #malware that uses #steganography techniques to avoid detection. Learn
- Cryptomining Malware Infects Computers via Fake Adobe Updates
- September 2018’s Most Wanted Malware: Cryptomining Attacks Against Apple Devices On The Rise
- #Mobile #malware is on the rise. With mobile devices, hackers are able to access data far more sensitive than what
- .@TrendMicro researchers discovered #FacexWorm, a #malware that uses a #ChromeExtension and @Facebook Messenger to spread. Learn which users are at
- How does the MnuBot banking Trojan use unusual C&C servers?
- How a #cryptocurrency mining #malware infects systems
- @ThreatFabric Gaetan van Diemen showed us the actual situation and future predictions of Mobile Banking Malware. Thx for that awesome
- Godzilla Loader and the Long Tail of Malware
- Sony PS4 encounters malicious code attack and receives malicious messages
EXPLOIT
- New Technique Recycles Exploit Chain to Keep Antivirus Silent
VULNERABILITY
- FDA Warns of Flaws in Medtronic Programmers
- Microsoft Incompletely Patches JET Database Vulnerability
- Apple VoiceOver iOS Vulnerability Permits Hacker Access To User Photos
- .@TenableSecurity research finds new exploits of an already patched #MikroTik router vulnerability that could enable hackers to launch remote code
- Sony working on a fix for bug that's crashing PlayStation 4 consoles
- Apple VoiceOver iOS vulnerability permits hacker access to user photos
- Multiple Vulnerabilities Discovered in PHP Lead to Arbitrary Code Execution, DoS
- Details of Vulnerability in Google PDFium’s JBIG2 Revealed
- A flaw in @Google Firebase #DatabaseSecurity allowed hackers to bypass security and leak data. Learn more about this #SecurityFlaw and
- Branch.io Flaws may have affected as many as 685 million individuals
- Branch.io Flaws Exposed Tinder, Shopify, Yelp Users to XSS Attacks
ASIA
- Did Jamal Khashoggi’s Apple Watch record his murder at Saudi consulate? Probably not
- Octopus-infested seas of Central Asia
WORLD
- US voter records from 19 states sold on hacking forum
- Tens of Millions of U.S. Voter Records for Sale
- Pentagon Defense Department travel records data breach
- FDA Warns of Flaws in Medtronic Programmers
- New Gallmaker APT group eschews malware in cyber espionage campaigns
- Millions of Voter Records Found for Sale on the Dark Web
- Pentagon Employee Data Breach, An Eye-Opener
- Economist Nouriel Roubini: Blockchain and bitcoin are the world’s biggest scams
- TeleBots APT Group - Links to Industroyer, NotPetya and BlackEnergy
- September 2018’s Most Wanted Malware: Cryptomining Attacks Against Apple Devices On The Rise
- Iceland hit by Biggest Cyber Attack on Record
- Scottish Ambulance Service Exposed Employees’ Data Online
- Pentagon Staff Hit by Major Data Breach
- Russia-linked BlackEnergy backed new cyber attacks on Ukraine’s state bodies
- Pentagon Data Breach Exposes up to 30,000 Travel Records
- Un nouveau rapport montre que les attaques par ransomware ont diminué au premier semestre 2018. Les pirates se tournent vers
- Octopus-infested seas of Central Asia
- Iceland's largest phishing campaign imitated police
- Old dog, new tricks - Analysing new RTF-based campaign distributing Agent Tesla, Loki with PyREbox
- @ThreatFabric Gaetan van Diemen showed us the actual situation and future predictions of Mobile Banking Malware. Thx for that awesome
- Branch.io Flaws may have affected as many as 685 million individuals
- A Russian cyber vigilante is patching outdated MikroTik routers exposed online
- According to #GroupIB experts, online market for counterfeit goods in Russia has reached $1,5 billion, while the number of phishing
- Stopping Hidden Threats: How to Defend Against Fileless Attacks
- SpankChain hacker steals the virtual currency and returns stolen ethereum
ATTACKS
- Create an email phishing test to minimize attack vectors
- Facebook Hack Update – 30 Million Affected; More Details Exposed; No ID Protection
- Malware Campaign Distributes Data Stealer Trojan/RAT, Circumvents Anti-Malware
- Up to 35 Million 2018 Voter Records For Sale on Hacking Forum
- US voter records from 19 states sold on hacking forum
- Tens of Millions of U.S. Voter Records for Sale
- Pentagon Defense Department travel records data breach
- Did Jamal Khashoggi’s Apple Watch record his murder at Saudi consulate? Probably not
- New Gallmaker APT group eschews malware in cyber espionage campaigns
- Microsoft Incompletely Patches JET Database Vulnerability
- Old dog, new tricks – Analysing new RTF-based campaign distributing Agent Tesla, Loki with PyREbox
- Millions of Voter Records Found for Sale on the Dark Web
- Learn how we are using #MachineLearning to detect mobile #phishing attacks with @thepacketrat and @dyngnosis: https://okt.to/W29vsS @PhishingAi @arstechnica
- Learn how hackers launched #phishing attacks against @netflix users with expert Michael Cobb of @thehairyITdog
- Hackers could use emoji domains to spread phishing attacks
- Pentagon reveals cyber breach of travel records
- Pentagon Employee Data Breach, An Eye-Opener
- Facebook opens up about data breach details
- Facebook data breach: Victims will not be offered free identity theft protection
- A flaw in @Google Firebase #DatabaseSecurity allowed hackers to bypass security and leak data. Learn more about this #SecurityFlaw and
- Iceland hit by Biggest Cyber Attack on Record
- Scottish Ambulance Service Exposed Employees’ Data Online
- Pentagon Staff Hit by Major Data Breach
- FitMetrix data exposed on unprotected Elasticsearch servers
- Pentagon Data Breach Exposes up to 30,000 Travel Records
- Iceland's largest phishing campaign imitated police
- #Nymaim and #BankBot #Anubis PL campaign
hxxp://przelewy24[.]ml/
hxxp://faktura24[.]cf/
SHA256: 4cb0b471a2132a747abf78214fbdbf0e8d7f44857996117bdbb266d42a277970
C2: bilagoong[.]tk
@ThreatFabric @virqdroid @LukasStefanko
- Old dog, new tricks - Analysing new RTF-based campaign distributing Agent Tesla, Loki with PyREbox
- A Russian cyber vigilante is patching outdated MikroTik routers exposed online
- FitMetrix Unprotected Passwordless Database Exposed Millions of User Data
- Stringent password rules lower risk of personal data breaches
- Branch.io Flaws Exposed Tinder, Shopify, Yelp Users to XSS Attacks
- According to #GroupIB experts, online market for counterfeit goods in Russia has reached $1,5 billion, while the number of phishing
- Google to Encrypt Android Cloud Backups With Your Lock Screen Password
THREATS
- Small businesses repeatedly falling victim to ransomware - Kaspersky
- 400 Percent Increase in Cryptocurrency Mining Attacks Against iOS Devices
- Flash Updater Adds Cryptocurrency Miner
- Ransomware hits computer networks of North Carolina water utility
- Malware Campaign Distributes Data Stealer Trojan/RAT, Circumvents Anti-Malware
- FDA Warns of Flaws in Medtronic Programmers
- New Gallmaker APT group eschews malware in cyber espionage campaigns
- Microsoft Incompletely Patches JET Database Vulnerability
- Apple VoiceOver iOS Vulnerability Permits Hacker Access To User Photos
- .@TenableSecurity research finds new exploits of an already patched #MikroTik router vulnerability that could enable hackers to launch remote code
- iPhone a Growing Target of Crypto-Mining Attacks
- Octopus Trojan exploits Telegram ban fears to snag diplomatic targets across Asia
- Sony working on a fix for bug that's crashing PlayStation 4 consoles
- Economist Nouriel Roubini: Blockchain and bitcoin are the world’s biggest scams
- At the 2018 @RSAConference, researchers discussed the rise of stegware -- #malware that uses #steganography techniques to avoid detection. Learn
- Fake Adobe update really *does* update Flash (while also installing cryptominer)
- Apple VoiceOver iOS vulnerability permits hacker access to user photos
- Cryptomining Malware Infects Computers via Fake Adobe Updates
- September 2018’s Most Wanted Malware: Cryptomining Attacks Against Apple Devices On The Rise
- Fake Adobe update really *does* update Flash (while also installing cryptominer)
- Multiple Vulnerabilities Discovered in PHP Lead to Arbitrary Code Execution, DoS
- Details of Vulnerability in Google PDFium’s JBIG2 Revealed
- A flaw in @Google Firebase #DatabaseSecurity allowed hackers to bypass security and leak data. Learn more about this #SecurityFlaw and
- #Mobile #malware is on the rise. With mobile devices, hackers are able to access data far more sensitive than what
- Un nouveau rapport montre que les attaques par ransomware ont diminué au premier semestre 2018. Les pirates se tournent vers
- .@TrendMicro researchers discovered #FacexWorm, a #malware that uses a #ChromeExtension and @Facebook Messenger to spread. Learn which users are at
- 'Flash update' scam serves up legit software, but with a side of cryptominer
- How does the MnuBot banking Trojan use unusual C&C servers?
- How a #cryptocurrency mining #malware infects systems
- @ThreatFabric Gaetan van Diemen showed us the actual situation and future predictions of Mobile Banking Malware. Thx for that awesome
- Branch.io Flaws may have affected as many as 685 million individuals
- Godzilla Loader and the Long Tail of Malware
- Branch.io Flaws Exposed Tinder, Shopify, Yelp Users to XSS Attacks
- What are blockchain’s smart contracts? And how to secure them
- Android Apps Pretend to Mine Unmineable CryptoCurrencies to Just Show Ads
- SpankChain hacker steals the virtual currency and returns stolen ethereum
- Sony PS4 encounters malicious code attack and receives malicious messages
CRIME
- Online ads: a potential way in for XSS attacks
- Facebook data breach: Victims will not be offered free identity theft protection
- September 2018’s Most Wanted Malware: Cryptomining Attacks Against Apple Devices On The Rise
- Octopus-infested seas of Central Asia
- Iceland's largest phishing campaign imitated police
- 'Flash update' scam serves up legit software, but with a side of cryptominer
- Old dog, new tricks - Analysing new RTF-based campaign distributing Agent Tesla, Loki with PyREbox
- A Russian cyber vigilante is patching outdated MikroTik routers exposed online
- SpankChain hacker steals the virtual currency and returns stolen ethereum
POLITICS
- Pentagon Defense Department travel records data breach
- New Gallmaker APT group eschews malware in cyber espionage campaigns
- A week in security (October 8 – 14)
- Gallmaker - Threat Group Targeting Governments and Militaries
- Octopus-infested seas of Central Asia
- Old dog, new tricks - Analysing new RTF-based campaign distributing Agent Tesla, Loki with PyREbox
- A Russian cyber vigilante is patching outdated MikroTik routers exposed online
TRANSNATIONAL / UNKNOWN
- DDoS Attacks Hit Games Like Assassin’s Creed and Final Fantasy XIV
- Security Affairs newsletter Round 184 – News of the week
CHINA
Nil
INDIA
Nil
NORTH KOREA
Nil
PAKISTAN
Nil
VIETNAM
Nil
IRAN
Nil
IRAQ
Nil
LEBANON
Nil
PALESTINE
Nil
SAUDI ARABIA
Nil
SYRIA
Nil
TURKEY
Nil
UNITED ARAB EMIRATES
Nil
YEMEN
Nil
RUSSIA
- Security Affairs newsletter Round 184 – News of the week
SERBIA
Nil
UKRAINE
Nil
DATA BREACH & DATA LOSS
- My Health Record privacy amendments 'woefully inadequate': Labor
- #NetSpectre exploits speculative execution to leak data remotely via side-channel attacks. Learn how this #SecurityVulnerability affects the #cloud from expert
- Web Hosting Provider Suffers Data Breach Second Time in a Year
- Find out how #TLBleed abuses @Intel's HTT chip feature to leak data via TLB
- Microsoft still has not completely solved the Microsoft JET database engine vulnerability
- See how SearchLight identifies when your data is exposed, your brand is abused, or your company is mentioned on the
- Pentagon Discloses Data Breach, More Than 30,000 Workers Have Affected
- A @Google security audit uncovered a glitch in #GooglePlus that exposed data from nearly 500,000 accounts, causing the company to
- PHASE 4 – INFORMATION GATHERING AND PLANNING
Meet Eric, a control systems engineer working for a third-party integrator.
He’s guy who uploaded
DENIAL-OF-SERVICE
- DDoS Attacks Hit Games Like Assassin’s Creed and Final Fantasy XIV
MALVERTISING
Nil
PHISHING
Nil
WEB DEFACEMENT
Nil
BOTNET
Nil
RANSOMWARE
- New @ESET research finds APT group dubbed #TeleBots was behind #Industroyer #malware attacks, #NotPetya #ransomware outbreaks, and a recent Exaramel
CRYPTOMINING & CRYPTOCURRENCIES
- Fake Flash Updates pushing Malware to Inject XMRig Cryptocurrency Miners
MALWARE
- Week in review: Enterprise cybersecurity PKIs, keeping your cloud malware-free
- New @ESET research finds APT group dubbed #TeleBots was behind #Industroyer #malware attacks, #NotPetya #ransomware outbreaks, and a recent Exaramel
- .@ThreatFabric researchers uncovered a #malware that uses overlay techniques to avoid detection. Learn from @lewisnic how this new #Androidmalware --
- At the 2018 @RSAConference, researchers discussed the rise of stegware -- #malware that uses #steganography techniques to avoid detection. Learn
- How a remote access #Trojan checks for
- Fake Flash Updates pushing Malware to Inject XMRig Cryptocurrency Miners
EXPLOIT
- Expert released PoC Code Microsoft Edge Remote Code Execution flaw
- Exploiting Windows Using Microsoft Office DDE Exploit (MACROLESS)
VULNERABILITY
- Microsoft fixed the Zero-Day for JET flaw, but the fix is incomplete
- A2SV – SSL Vulnerability Analysis Tool
- Microsoft patch for JET flaw zero-day is ‘incomplete,’ Windows still vulnerable
- Microsoft still has not completely solved the Microsoft JET database engine vulnerability
- Expert released PoC Code Microsoft Edge Remote Code Execution flaw
ASIA
Nil
WORLD
- My Health Record privacy amendments 'woefully inadequate': Labor
- Week in review: Enterprise cybersecurity PKIs, keeping your cloud malware-free
- Web Hosting Provider Suffers Data Breach Second Time in a Year
- Security Affairs newsletter Round 184 – News of the week
- Expert released PoC Code Microsoft Edge Remote Code Execution flaw
- Pentagon Discloses Data Breach, More Than 30,000 Workers Have Affected
- A @Google security audit uncovered a glitch in #GooglePlus that exposed data from nearly 500,000 accounts, causing the company to
ATTACKS
- My Health Record privacy amendments 'woefully inadequate': Labor
- #NetSpectre exploits speculative execution to leak data remotely via side-channel attacks. Learn how this #SecurityVulnerability affects the #cloud from expert
- Web Hosting Provider Suffers Data Breach Second Time in a Year
- Find out how #TLBleed abuses @Intel's HTT chip feature to leak data via TLB
- Microsoft still has not completely solved the Microsoft JET database engine vulnerability
- See how SearchLight identifies when your data is exposed, your brand is abused, or your company is mentioned on the
- Pentagon Discloses Data Breach, More Than 30,000 Workers Have Affected
- A @Google security audit uncovered a glitch in #GooglePlus that exposed data from nearly 500,000 accounts, causing the company to
- PHASE 4 – INFORMATION GATHERING AND PLANNING
Meet Eric, a control systems engineer working for a third-party integrator.
He’s guy who uploaded
THREATS
- Microsoft fixed the Zero-Day for JET flaw, but the fix is incomplete
- Week in review: Enterprise cybersecurity PKIs, keeping your cloud malware-free
- A2SV – SSL Vulnerability Analysis Tool
- New @ESET research finds APT group dubbed #TeleBots was behind #Industroyer #malware attacks, #NotPetya #ransomware outbreaks, and a recent Exaramel
- .@ThreatFabric researchers uncovered a #malware that uses overlay techniques to avoid detection. Learn from @lewisnic how this new #Androidmalware --
- Microsoft patch for JET flaw zero-day is ‘incomplete,’ Windows still vulnerable
- At the 2018 @RSAConference, researchers discussed the rise of stegware -- #malware that uses #steganography techniques to avoid detection. Learn
- Microsoft still has not completely solved the Microsoft JET database engine vulnerability
- Expert released PoC Code Microsoft Edge Remote Code Execution flaw
- How a remote access #Trojan checks for
- Fake Flash Updates pushing Malware to Inject XMRig Cryptocurrency Miners
CRIME
- Security Affairs newsletter Round 184 – News of the week
- Expert released PoC Code Microsoft Edge Remote Code Execution flaw
POLITICS
- Security Affairs newsletter Round 184 – News of the week
- Pentagon Discloses Data Breach, More Than 30,000 Workers Have Affected
TRANSNATIONAL / UNKNOWN
Nil
CHINA
Nil
INDIA
Nil
NORTH KOREA
Nil
PAKISTAN
Nil
VIETNAM
Nil
IRAN
Nil
IRAQ
Nil
LEBANON
Nil
PALESTINE
Nil
SAUDI ARABIA
Nil
SYRIA
Nil
TURKEY
Nil
UNITED ARAB EMIRATES
Nil
YEMEN
Nil
RUSSIA
- Security researchers found that Industroyer and NotPetya belong to the Russian hacker group
SERBIA
Nil
UKRAINE
Nil
DATA BREACH & DATA LOSS
- Pentagon Defense Department travel records data breach
- A combination of #SecurityFlaws and inadequate back-end development of the @Google Firebase database led to #DataLeaks and #SecurityVulnerabilities including HospitalGown.
- 'Only' 30 million accounts were compromised in Facebook hack
- Researchers @proofpoint have been tracking a downloader dubbed #AdvisorsBot as a first-stage payload in campaigns since May 2018.
- Facebook Clarifies Extent of Data Breach
- An Assessment of Google's Data Leak
- ArangoDB v3.3.18 releases: native multi-model database
- Facebook Now Revealed Hackers Stolen 29 Million Facebook Users Personal Data
- Microsoft Fix for Windows JET Database Bug Not Perfect, Micropatch Available
- Breach of Pentagon travel records exposes defense personnel PII
DENIAL-OF-SERVICE
Nil
MALVERTISING
Nil
PHISHING
- Hackers launched @netflix #phishing attacks by obtaining TLS certificates. Learn how hackers mimic popular websites to spoof users and steal
- This skyscraper reminds me of those really long ANSI art BBS login screens.
Cc: @sixteencolors @blocktronics @velikani
WEB DEFACEMENT
Nil
BOTNET
Nil
RANSOMWARE
- [SingCERT] Updated Advisory on Ransomware
- APT group called #TeleBots linked to #Industroyer #malware and #NotPetya #ransomware, according to @ESET researchers. By @MaddieBacon11
CRYPTOMINING & CRYPTOCURRENCIES
- Criminals' Cryptocurrency Addiction Continues
- .@alienvault researchers recently discovered #MassMiner, a #cryptocurrency mining #malware that has the ability to infect systems across the web. Discover
- Cryptocurrency Miners trick the user through Fake Flash Updates
- Blockchain and Healthcare in Today’s World
MALWARE
- GPlayed – New Malware Posed as Google Play App to Spy & Steal Data From Your Entire Android Phone
- Researchers @proofpoint have been tracking a downloader dubbed #AdvisorsBot as a first-stage payload in campaigns since May 2018.
- .@alienvault researchers recently discovered #MassMiner, a #cryptocurrency mining #malware that has the ability to infect systems across the web. Discover
- Hackers use Googlebot in mining malware attacks
- Researchers at @TrendMicro found a new strain of #malware -- dubbed #FacexWorm -- that targets users through a malicious #ChromeExtension.
- APT group called #TeleBots linked to #Industroyer #malware and #NotPetya #ransomware, according to @ESET researchers. By @MaddieBacon11
EXPLOIT
Nil
VULNERABILITY
- Now this might be going out on a limb, but here's how a branch.io bug left '685 million' netizens open to website hacks
- Review Shows Glaring Flaws In Xiongmai IoT Devices
- Microsoft JET vulnerability still open to attacks, despite recent patch
- DOM-based XSS Vulnerability Affected 685 Million Users of Tinder, Shopify, Western Union, and Imgur
- A patched #MikroTik router vulnerability amps up severity rating as @TenableSecurity researchers find new potential exploits with more critical consequences.
- Microsoft Fix for Windows JET Database Bug Not Perfect, Micropatch Available
- Vulnerabilities affect Shopify, Tinder and many other sites
