DATA BREACH & DATA LOSS
- Cathay Pacific breach leaks personal data on 9.4 million people
- Cathay Pacific data breach hits 9.4 million people
- Hacker Guccifer, who exposed Clinton private email server, ready for US prison sentence
- Democratic Fundraising Firm Leaks Voter Database, Clients, Fundraisers
- Cathay Pacific Hit by Data Leak Affecting 9.4M Passengers
- Supermarket told it must compensate 100,000 workers after payroll data deliberately leaked by rogue employee
- Information-Stealing Malware Campaign Evades Anti-Virus Detection
- Cathay Pacific Suffers Data Breach Impacting 9.4 Million Passengers
- Pocket iNet Leaves 73 GB of Sensitive Data Exposed
- Yahoo to pay up to $85m to settle data breach lawsuit
- Tim Cook Blasts Weaponization Of Personal Data And Praises GDPR
- Pocket iNet Left All Of Its Corporate Passwords, Keys, And Data Exposed
- Apple's Tim Cook: Our personal data is 'weaponized against us' by you-know-who
- A #ZeroDay in #jQuery File Upload could affect thousands of projects because the jQuery #plugin vulnerability has existed for eight
- Last year the @USAgov required agencies to implement #DMARC records and policies by October 2018. Learn just how hard DMARC
- Discover how #NetSpectre attacks leak data remotely via side-channels with Michael Cobb of @thehairyITdog.
- Yahoo Agrees to Pay $50 Million in Damages to Settle Data Breach Lawsuit
- Business Email Compromise: Gift Cards
- US government medical website was hacked that 75,000 personal data was stolen
- Morrisons supermarket: We're taking payroll leak liability fight to UK Supreme Court
- Pocket iNet ISP exposed 73GB of data including secret keys, plain text passwords
- Weekly Threat Briefing: HealthCare.gov Suffered Data Breach As Hackers Stole 75,000 Records
- Yahoo agrees to pay $50 million to settle data breach lawsuit
- My Health Record opt-outs now sit at over 1.1 million
- ISP Provider Exposed 73 Gigabytes of Highly Sensitive Data Including To The Internet
- South Korea Seems Chief Target of the ‘Operation Oceansalt’ Campaign
- Again Hacker Exposed New Microsoft Unpatched Zero-day Bug In Twitter With PoC
- Yahoo to pay at least $85m for data breach settlement
- Survey: Nearly Half of U.S. Adults Experienced a Data Breach in the Past Three Years
- A recent @HealthCareGov #breach exposed unknown types of data on 75,000 people, but a lack of information in the disclosure
DENIAL-OF-SERVICE
- This botnet snares your smart devices to perform DDoS attacks with a little help from Mirai
MALVERTISING
Nil
PHISHING
- Phishing Attack Tip 1: Beware of Unsettling Content
An email containing unsettling, startling, or urgent content that requires immediate action on
- The Enduring Password Conundrum
- Phishing for knowledge
- Phishing attacks: Why is email still such an easy target for hackers?
- Office 365 for Business - from May to September - has been Recorded Lowest Phish Miss Rate Versus Rivals
- Area 1 Security releases Pay-Per-Phish, the performance-based cybersecurity solution
WEB DEFACEMENT
Nil
BOTNET
- Poorly secured SSH servers targeted by Chalubo botnet
- This botnet snares your smart devices to perform DDoS attacks with a little help from Mirai
- "The resurgence of #VPNFilter #botnet appears to be limited to the Ukraine, but given the ease of infecting targeted systems,
- Chalubo, a new IoT botnet emerges in the threat landscape
RANSOMWARE
- ThreatList: Ransomware, EKs and Trojans lead the Way in Q3 Malware Trends
- Join us, and @SentinelOne Nov 29, as we discuss fast acting #ransomware remediation, threat hunting, and #AI that stops incongruous
- How Microsoft's Controlled Folder Access can help stop ransomware
CRYPTOMINING & CRYPTOCURRENCIES
- Australian woman arrested over AU$450,000 Ripple theft
- Warning: More iOS Devices Are Infected by Cryptocurrency Mining Malware
- Meet Cryptojacking, the (not so) new kid on the block
- FBI: Call of Duty gamers helped steal $3.3 million in cryptocurrency hacking scheme
- Crytojacking 101; why cryptojacking is bad for business
- China asks blockchain-based service providers to control user information
- A Digital Currency for Everyone: 5 Easy Way Steps to Follow for Buying Bitcoin
- Securing Blockchain with Privileged Access Management
MALWARE
- Warning: More iOS Devices Are Infected by Cryptocurrency Mining Malware
- Russia Behind Triton Malware? A Cybersecurity Consulting Firm Confirms
- Information-Stealing Malware Campaign Evades Anti-Virus Detection
- New Malware Targets Industrial Control Systems
- FlawedAmmyy Remote Access Trojan
- Meet the malware which turns your smartphone into a mobile proxy
- sLoad Banking Trojan Downloader Displays Sophisticated Recon and Targeting
- ThreatList: Ransomware, EKs and Trojans lead the Way in Q3 Malware Trends
- Beers with Talos EP40: BWT XL feat. SuperMicro, Giant Patches, and More Mobile Malware
- Mac malware intercepts encrypted web traffic for ad injection
- Russian Malware Used In An Attempt To Sabotage Saudi Petrol Plant
- Malware Targeting Brazil Uses Legitimate Windows Components WMI and CertUtil as Part of its Routine
- LuminosityLink RAT author sentenced to 2.5 years in jail
- Deadly Malware That Attacked Saudi Industrial Plant Came From Russia
- Beyond Your Bank Account: Ten Astounding Finds Uncovered by Financial Malware
- FireEye: Russian Research Lab Aided the Development of TRITON Industrial Malware
EXPLOIT
- Exploit for New Windows Zero-Day Published on Twitter
- Exploit kits: fall 2018 review
- New Windows Zero-Day Bug Helps Delete Any File, Exploit Available
- Siemens Siclock: How do threat actors exploit these devices?
- Magecart Attackers Exploit Magento Zero-Days
- Hacker Discloses New Windows Zero-Day Exploit On Twitter
VULNERABILITY
- Windows ‘Deletebug’ Zero-Day Allows Privilege Escalation, Destruction
- Vulnerabilities in Linksys Routers May Grant Attackers Full Control
- Exploit for New Windows Zero-Day Published on Twitter
- Cisco Patches Local WebEx Vulnerability, Remotely Exploitable in AD Deployments
- CVE-2018-4338: Triggering an Information Disclosure on macOS Through a Broadcom AirPort Kext
- Another Windows 0-day flaw has been published on Twitter
- .@Siemens disclosed six SICLOCK flaws that were found within its central plant clocks. Discover why three flaws have been rated
- SandboxEscaper expert is back and disclosed a new Windows Zero-Day
- Pentagon Launches Continuous Bug Bounty Program
- [SingCERT] Alert on Drupal Critical Vulnerabilities
- A Windows 0day vulnerability was made public on Twitter
- Organizations with strong DevSecOps find flaws 11x faster than those without
- New Microsoft Windows Zero-Day Dropped on Twitter, Micropatch Available
- A #ZeroDay in #jQuery File Upload could affect thousands of projects because the jQuery #plugin vulnerability has existed for eight
- Most enterprise vulnerabilities remain unpatched a month after discovery
- WizCase Found Critical Firmware Vulnerabilities In Leading NAS Devices
- New Windows Zero-Day Bug Helps Delete Any File, Exploit Available
- Twitter User Discloses Second Microsoft Zero-Day
- Firefox 63 Released with Enhanced Tracking Protection and Fixes 14 Security Vulnerabilities
- Most applications 'suffer from information leakage bugs'
- DoD bug bounty program to expand to more sensitive systems
- 3-year-old jQuery plugin vulnerability finally patched
- US Department of Defense Expands Bug Bounty Efforts
- The Qihoo @360CoreSec team found a @Microsoft vulnerability -- named Double Kill -- that affects applications through #MicrosoftOffice documents. Learn
- Good initiative. Would be even better if you would pay bounties for the bugs, too.
- Learn about the #NetSpectre vulnerability and the benefits of #ThreatModeling for cloud deployments from expert Ed Moyle of @securitycurve.
- A summer intern took a look at tinc VPN, they found some nice authentication bypass and message tampering flaws
- Again Hacker Exposed New Microsoft Unpatched Zero-day Bug In Twitter With PoC
- Marine diesel engines software developed by Auto Maskin has serious vulnerabilities
- Drupal Remote Code Execution Vulnerability Threat Alert
- Hacker Discloses New Windows Zero-Day Exploit On Twitter
ASIA
- Cathay Pacific breach leaks personal data on 9.4 million people
- Democratic Fundraising Firm Leaks Voter Database, Clients, Fundraisers
- Cathay Pacific Hit by Data Leak Affecting 9.4M Passengers
- Russia Behind Triton Malware? A Cybersecurity Consulting Firm Confirms
- Exploit kits: fall 2018 review
- Russian Malware Used In An Attempt To Sabotage Saudi Petrol Plant
- Weekly Threat Briefing: HealthCare.gov Suffered Data Breach As Hackers Stole 75,000 Records
- Phishing for knowledge
- Deadly Malware That Attacked Saudi Industrial Plant Came From Russia
- Researchers: Russia is the initiator of ICS Attack Framework “TRITON” and Trisis
- South Korea Seems Chief Target of the ‘Operation Oceansalt’ Campaign
- Russian Government-owned research institute linked to Triton attacks
- FireEye: Russian Research Lab Aided the Development of TRITON Industrial Malware
- Drupal Remote Code Execution Vulnerability Threat Alert
- China asks blockchain-based service providers to control user information
OCEANIA
- Australian woman arrested over AU$450,000 Ripple theft
- Phishing for knowledge
NORTH AMERICA
- Warning: More iOS Devices Are Infected by Cryptocurrency Mining Malware
- Hacker Guccifer, who exposed Clinton private email server, ready for US prison sentence
- Meet Cryptojacking, the (not so) new kid on the block
- Exploit kits: fall 2018 review
- Pocket iNet Leaves 73 GB of Sensitive Data Exposed
- Beers with Talos EP40: BWT XL feat. SuperMicro, Giant Patches, and More Mobile Malware
- Yahoo to pay up to $85m to settle data breach lawsuit
- Apple's Tim Cook: Our personal data is 'weaponized against us' by you-know-who
- US government medical website was hacked that 75,000 personal data was stolen
- Pocket iNet ISP exposed 73GB of data including secret keys, plain text passwords
- Weekly Threat Briefing: HealthCare.gov Suffered Data Breach As Hackers Stole 75,000 Records
- Phishing for knowledge
- US Department of Defense Expands Bug Bounty Efforts
- Join us, and @SentinelOne Nov 29, as we discuss fast acting #ransomware remediation, threat hunting, and #AI that stops incongruous
- Deadly Malware That Attacked Saudi Industrial Plant Came From Russia
- Researchers: Russia is the initiator of ICS Attack Framework “TRITON” and Trisis
- ISP Provider Exposed 73 Gigabytes of Highly Sensitive Data Including To The Internet
- South Korea Seems Chief Target of the ‘Operation Oceansalt’ Campaign
- Survey: Nearly Half of U.S. Adults Experienced a Data Breach in the Past Three Years
- China asks blockchain-based service providers to control user information
SOUTH AMERICA
- Malware Targeting Brazil Uses Legitimate Windows Components WMI and CertUtil as Part of its Routine
- Phishing for knowledge
EUROPE
- Hacker Guccifer, who exposed Clinton private email server, ready for US prison sentence
- Magecart hackers change tactic and target vulnerable Magento extensions
- Russia Behind Triton Malware? A Cybersecurity Consulting Firm Confirms
- Supermarket told it must compensate 100,000 workers after payroll data deliberately leaked by rogue employee
- New Malware Targets Industrial Control Systems
- Yahoo to pay up to $85m to settle data breach lawsuit
- Russian Malware Used In An Attempt To Sabotage Saudi Petrol Plant
- Malware Targeting Brazil Uses Legitimate Windows Components WMI and CertUtil as Part of its Routine
- "The resurgence of #VPNFilter #botnet appears to be limited to the Ukraine, but given the ease of infecting targeted systems,
- Morrisons supermarket: We're taking payroll leak liability fight to UK Supreme Court
- Weekly Threat Briefing: HealthCare.gov Suffered Data Breach As Hackers Stole 75,000 Records
- Phishing for knowledge
- Magecart Attackers Exploit Magento Zero-Days
- Deadly Malware That Attacked Saudi Industrial Plant Came From Russia
- Researchers: Russia is the initiator of ICS Attack Framework “TRITON” and Trisis
- Russian Government-owned research institute linked to Triton attacks
- FireEye: Russian Research Lab Aided the Development of TRITON Industrial Malware
- Marine diesel engines software developed by Auto Maskin has serious vulnerabilities
AFRICA
- Phishing for knowledge
HEALTHCARE
- US government medical website was hacked that 75,000 personal data was stolen
- Weekly Threat Briefing: HealthCare.gov Suffered Data Breach As Hackers Stole 75,000 Records
- Drupal Remote Code Execution Vulnerability Threat Alert
TRANSPORT
- CVE-2018-4338: Triggering an Information Disclosure on macOS Through a Broadcom AirPort Kext
- Weekly Threat Briefing: HealthCare.gov Suffered Data Breach As Hackers Stole 75,000 Records
- Securing Blockchain with Privileged Access Management
BANKING & FINANCE
- Warning: More iOS Devices Are Infected by Cryptocurrency Mining Malware
- Magecart hackers change tactic and target vulnerable Magento extensions
- Cathay Pacific Hit by Data Leak Affecting 9.4M Passengers
- FlawedAmmyy Remote Access Trojan
- Meet Cryptojacking, the (not so) new kid on the block
- Magecart Hackers Now Targeting Vulnerable Magento Extensions
- sLoad Banking Trojan Downloader Displays Sophisticated Recon and Targeting
- Exploit kits: fall 2018 review
- Mac malware intercepts encrypted web traffic for ad injection
- Malware Targeting Brazil Uses Legitimate Windows Components WMI and CertUtil as Part of its Routine
- Phishing for knowledge
- Magecart Attackers Exploit Magento Zero-Days
- The risk to OT networks is real, and it’s dangerous for business leaders to ignore
- Beyond Your Bank Account: Ten Astounding Finds Uncovered by Financial Malware
- Russian Government-owned research institute linked to Triton attacks
- Drupal Remote Code Execution Vulnerability Threat Alert
- China asks blockchain-based service providers to control user information
- A Digital Currency for Everyone: 5 Easy Way Steps to Follow for Buying Bitcoin
INFORMATION & TELECOMMUNICATION
- Warning: More iOS Devices Are Infected by Cryptocurrency Mining Malware
- Exploit for New Windows Zero-Day Published on Twitter
- Meet Cryptojacking, the (not so) new kid on the block
- Another Windows 0-day flaw has been published on Twitter
- Beers with Talos EP40: BWT XL feat. SuperMicro, Giant Patches, and More Mobile Malware
- SandboxEscaper expert is back and disclosed a new Windows Zero-Day
- [SingCERT] Alert on Drupal Critical Vulnerabilities
- A Windows 0day vulnerability was made public on Twitter
- New Microsoft Windows Zero-Day Dropped on Twitter, Micropatch Available
- Twitter User Discloses Second Microsoft Zero-Day
- Malware Targeting Brazil Uses Legitimate Windows Components WMI and CertUtil as Part of its Routine
- Need help managing supply chain risks?
In this week's ShadowTalk episode, the team breaks it down into hardware, software
- Pocket iNet ISP exposed 73GB of data including secret keys, plain text passwords
- Phishing for knowledge
- Magecart Attackers Exploit Magento Zero-Days
- Join us, and @SentinelOne Nov 29, as we discuss fast acting #ransomware remediation, threat hunting, and #AI that stops incongruous
- Good initiative. Would be even better if you would pay bounties for the bugs, too.
- ISP Provider Exposed 73 Gigabytes of Highly Sensitive Data Including To The Internet
- Office 365 for Business - from May to September - has been Recorded Lowest Phish Miss Rate Versus Rivals
- Again Hacker Exposed New Microsoft Unpatched Zero-day Bug In Twitter With PoC
- China asks blockchain-based service providers to control user information
- Hacker Discloses New Windows Zero-Day Exploit On Twitter
- NETSCOUT Takes Internet Scale Threat Protection to the Edge
FOOD
Nil
WATER
Nil
ENERGY
- New Malware Targets Industrial Control Systems
- Weekly Threat Briefing: HealthCare.gov Suffered Data Breach As Hackers Stole 75,000 Records
- Deadly Malware That Attacked Saudi Industrial Plant Came From Russia
- Drupal Remote Code Execution Vulnerability Threat Alert
GOVERNMENT & PUBLIC SERVICE
- Russia Behind Triton Malware? A Cybersecurity Consulting Firm Confirms
- Federal Legislation Enables Consumers to Obtain Security Freezes on Credit Reports Free of Charge
- Yahoo to pay up to $85m to settle data breach lawsuit
- Malware Targeting Brazil Uses Legitimate Windows Components WMI and CertUtil as Part of its Routine
- US government medical website was hacked that 75,000 personal data was stolen
- Weekly Threat Briefing: HealthCare.gov Suffered Data Breach As Hackers Stole 75,000 Records
- Deadly Malware That Attacked Saudi Industrial Plant Came From Russia
- Researchers: Russia is the initiator of ICS Attack Framework “TRITON” and Trisis
- Russian Government-owned research institute linked to Triton attacks
- Survey: Nearly Half of U.S. Adults Experienced a Data Breach in the Past Three Years
- China asks blockchain-based service providers to control user information
ASIA
- Cathay Pacific breach leaks personal data on 9.4 million people
- Democratic Fundraising Firm Leaks Voter Database, Clients, Fundraisers
- Cathay Pacific Hit by Data Leak Affecting 9.4M Passengers
- Russia Behind Triton Malware? A Cybersecurity Consulting Firm Confirms
- Exploit kits: fall 2018 review
- Russian Malware Used In An Attempt To Sabotage Saudi Petrol Plant
- Weekly Threat Briefing: HealthCare.gov Suffered Data Breach As Hackers Stole 75,000 Records
- Phishing for knowledge
- Deadly Malware That Attacked Saudi Industrial Plant Came From Russia
- Researchers: Russia is the initiator of ICS Attack Framework “TRITON” and Trisis
- South Korea Seems Chief Target of the ‘Operation Oceansalt’ Campaign
- Russian Government-owned research institute linked to Triton attacks
- FireEye: Russian Research Lab Aided the Development of TRITON Industrial Malware
- Drupal Remote Code Execution Vulnerability Threat Alert
- China asks blockchain-based service providers to control user information
WORLD
- Australian woman arrested over AU$450,000 Ripple theft
- Warning: More iOS Devices Are Infected by Cryptocurrency Mining Malware
- Hacker Guccifer, who exposed Clinton private email server, ready for US prison sentence
- Magecart hackers change tactic and target vulnerable Magento extensions
- Russia Behind Triton Malware? A Cybersecurity Consulting Firm Confirms
- Supermarket told it must compensate 100,000 workers after payroll data deliberately leaked by rogue employee
- New Malware Targets Industrial Control Systems
- Meet Cryptojacking, the (not so) new kid on the block
- Exploit kits: fall 2018 review
- Pocket iNet Leaves 73 GB of Sensitive Data Exposed
- Beers with Talos EP40: BWT XL feat. SuperMicro, Giant Patches, and More Mobile Malware
- Yahoo to pay up to $85m to settle data breach lawsuit
- Russian Malware Used In An Attempt To Sabotage Saudi Petrol Plant
- Apple's Tim Cook: Our personal data is 'weaponized against us' by you-know-who
- Malware Targeting Brazil Uses Legitimate Windows Components WMI and CertUtil as Part of its Routine
- US government medical website was hacked that 75,000 personal data was stolen
- "The resurgence of #VPNFilter #botnet appears to be limited to the Ukraine, but given the ease of infecting targeted systems,
- Morrisons supermarket: We're taking payroll leak liability fight to UK Supreme Court
- Pocket iNet ISP exposed 73GB of data including secret keys, plain text passwords
- Weekly Threat Briefing: HealthCare.gov Suffered Data Breach As Hackers Stole 75,000 Records
- Phishing for knowledge
- US Department of Defense Expands Bug Bounty Efforts
- Magecart Attackers Exploit Magento Zero-Days
- Join us, and @SentinelOne Nov 29, as we discuss fast acting #ransomware remediation, threat hunting, and #AI that stops incongruous
- Deadly Malware That Attacked Saudi Industrial Plant Came From Russia
- Researchers: Russia is the initiator of ICS Attack Framework “TRITON” and Trisis
- ISP Provider Exposed 73 Gigabytes of Highly Sensitive Data Including To The Internet
- South Korea Seems Chief Target of the ‘Operation Oceansalt’ Campaign
- Russian Government-owned research institute linked to Triton attacks
- FireEye: Russian Research Lab Aided the Development of TRITON Industrial Malware
- Survey: Nearly Half of U.S. Adults Experienced a Data Breach in the Past Three Years
- Marine diesel engines software developed by Auto Maskin has serious vulnerabilities
- China asks blockchain-based service providers to control user information
ATTACKS
- Cathay Pacific breach leaks personal data on 9.4 million people
- Cathay Pacific data breach hits 9.4 million people
- Hacker Guccifer, who exposed Clinton private email server, ready for US prison sentence
- Democratic Fundraising Firm Leaks Voter Database, Clients, Fundraisers
- Cathay Pacific Hit by Data Leak Affecting 9.4M Passengers
- Supermarket told it must compensate 100,000 workers after payroll data deliberately leaked by rogue employee
- Information-Stealing Malware Campaign Evades Anti-Virus Detection
- Cathay Pacific Suffers Data Breach Impacting 9.4 Million Passengers
- Pocket iNet Leaves 73 GB of Sensitive Data Exposed
- Yahoo to pay up to $85m to settle data breach lawsuit
- Tim Cook Blasts Weaponization Of Personal Data And Praises GDPR
- Pocket iNet Left All Of Its Corporate Passwords, Keys, And Data Exposed
- Apple's Tim Cook: Our personal data is 'weaponized against us' by you-know-who
- A #ZeroDay in #jQuery File Upload could affect thousands of projects because the jQuery #plugin vulnerability has existed for eight
- Phishing Attack Tip 1: Beware of Unsettling Content
An email containing unsettling, startling, or urgent content that requires immediate action on
- Last year the @USAgov required agencies to implement #DMARC records and policies by October 2018. Learn just how hard DMARC
- Discover how #NetSpectre attacks leak data remotely via side-channels with Michael Cobb of @thehairyITdog.
- Yahoo Agrees to Pay $50 Million in Damages to Settle Data Breach Lawsuit
- Business Email Compromise: Gift Cards
- The Enduring Password Conundrum
- US government medical website was hacked that 75,000 personal data was stolen
- Morrisons supermarket: We're taking payroll leak liability fight to UK Supreme Court
- Pocket iNet ISP exposed 73GB of data including secret keys, plain text passwords
- Weekly Threat Briefing: HealthCare.gov Suffered Data Breach As Hackers Stole 75,000 Records
- Phishing for knowledge
- Phishing attacks: Why is email still such an easy target for hackers?
- Yahoo agrees to pay $50 million to settle data breach lawsuit
- My Health Record opt-outs now sit at over 1.1 million
- ISP Provider Exposed 73 Gigabytes of Highly Sensitive Data Including To The Internet
- South Korea Seems Chief Target of the ‘Operation Oceansalt’ Campaign
- Office 365 for Business - from May to September - has been Recorded Lowest Phish Miss Rate Versus Rivals
- Again Hacker Exposed New Microsoft Unpatched Zero-day Bug In Twitter With PoC
- Yahoo to pay at least $85m for data breach settlement
- Area 1 Security releases Pay-Per-Phish, the performance-based cybersecurity solution
- Survey: Nearly Half of U.S. Adults Experienced a Data Breach in the Past Three Years
- A recent @HealthCareGov #breach exposed unknown types of data on 75,000 people, but a lack of information in the disclosure
THREATS
- Australian woman arrested over AU$450,000 Ripple theft
- Warning: More iOS Devices Are Infected by Cryptocurrency Mining Malware
- Windows ‘Deletebug’ Zero-Day Allows Privilege Escalation, Destruction
- Russia Behind Triton Malware? A Cybersecurity Consulting Firm Confirms
- Vulnerabilities in Linksys Routers May Grant Attackers Full Control
- Information-Stealing Malware Campaign Evades Anti-Virus Detection
- New Malware Targets Industrial Control Systems
- FlawedAmmyy Remote Access Trojan
- Exploit for New Windows Zero-Day Published on Twitter
- Cisco Patches Local WebEx Vulnerability, Remotely Exploitable in AD Deployments
- Meet the malware which turns your smartphone into a mobile proxy
- CVE-2018-4338: Triggering an Information Disclosure on macOS Through a Broadcom AirPort Kext
- Meet Cryptojacking, the (not so) new kid on the block
- sLoad Banking Trojan Downloader Displays Sophisticated Recon and Targeting
- ThreatList: Ransomware, EKs and Trojans lead the Way in Q3 Malware Trends
- Another Windows 0-day flaw has been published on Twitter
- .@Siemens disclosed six SICLOCK flaws that were found within its central plant clocks. Discover why three flaws have been rated
- Beers with Talos EP40: BWT XL feat. SuperMicro, Giant Patches, and More Mobile Malware
- Mac malware intercepts encrypted web traffic for ad injection
- SandboxEscaper expert is back and disclosed a new Windows Zero-Day
- Pentagon Launches Continuous Bug Bounty Program
- Russian Malware Used In An Attempt To Sabotage Saudi Petrol Plant
- [SingCERT] Alert on Drupal Critical Vulnerabilities
- A Windows 0day vulnerability was made public on Twitter
- Organizations with strong DevSecOps find flaws 11x faster than those without
- New Microsoft Windows Zero-Day Dropped on Twitter, Micropatch Available
- A #ZeroDay in #jQuery File Upload could affect thousands of projects because the jQuery #plugin vulnerability has existed for eight
- Most enterprise vulnerabilities remain unpatched a month after discovery
- WizCase Found Critical Firmware Vulnerabilities In Leading NAS Devices
- New Windows Zero-Day Bug Helps Delete Any File, Exploit Available
- Twitter User Discloses Second Microsoft Zero-Day
- Malware Targeting Brazil Uses Legitimate Windows Components WMI and CertUtil as Part of its Routine
- Firefox 63 Released with Enhanced Tracking Protection and Fixes 14 Security Vulnerabilities
- Most applications 'suffer from information leakage bugs'
- DoD bug bounty program to expand to more sensitive systems
- LuminosityLink RAT author sentenced to 2.5 years in jail
- 3-year-old jQuery plugin vulnerability finally patched
- US Department of Defense Expands Bug Bounty Efforts
- The Qihoo @360CoreSec team found a @Microsoft vulnerability -- named Double Kill -- that affects applications through #MicrosoftOffice documents. Learn
- Join us, and @SentinelOne Nov 29, as we discuss fast acting #ransomware remediation, threat hunting, and #AI that stops incongruous
- Deadly Malware That Attacked Saudi Industrial Plant Came From Russia
- FBI: Call of Duty gamers helped steal $3.3 million in cryptocurrency hacking scheme
- Good initiative. Would be even better if you would pay bounties for the bugs, too.
- Learn about the #NetSpectre vulnerability and the benefits of #ThreatModeling for cloud deployments from expert Ed Moyle of @securitycurve.
- Crytojacking 101; why cryptojacking is bad for business
- A summer intern took a look at tinc VPN, they found some nice authentication bypass and message tampering flaws
- Beyond Your Bank Account: Ten Astounding Finds Uncovered by Financial Malware
- FireEye: Russian Research Lab Aided the Development of TRITON Industrial Malware
- Again Hacker Exposed New Microsoft Unpatched Zero-day Bug In Twitter With PoC
- How Microsoft's Controlled Folder Access can help stop ransomware
- Marine diesel engines software developed by Auto Maskin has serious vulnerabilities
- Drupal Remote Code Execution Vulnerability Threat Alert
- China asks blockchain-based service providers to control user information
- A Digital Currency for Everyone: 5 Easy Way Steps to Follow for Buying Bitcoin
- Hacker Discloses New Windows Zero-Day Exploit On Twitter
- Securing Blockchain with Privileged Access Management
CRIME
- Australian woman arrested over AU$450,000 Ripple theft
- Warning: More iOS Devices Are Infected by Cryptocurrency Mining Malware
- Hacker Guccifer, who exposed Clinton private email server, ready for US prison sentence
- Magecart hackers change tactic and target vulnerable Magento extensions
- Federal Legislation Enables Consumers to Obtain Security Freezes on Credit Reports Free of Charge
- Yahoo to pay up to $85m to settle data breach lawsuit
- Business Email Compromise: Gift Cards
- US government medical website was hacked that 75,000 personal data was stolen
- Morrisons supermarket: We're taking payroll leak liability fight to UK Supreme Court
- Weekly Threat Briefing: HealthCare.gov Suffered Data Breach As Hackers Stole 75,000 Records
- LuminosityLink RAT author sentenced to 2.5 years in jail
- Phishing for knowledge
- FBI: Call of Duty gamers helped steal $3.3 million in cryptocurrency hacking scheme
- Beyond Your Bank Account: Ten Astounding Finds Uncovered by Financial Malware
- Survey: Nearly Half of U.S. Adults Experienced a Data Breach in the Past Three Years
- China asks blockchain-based service providers to control user information
- Securing Blockchain with Privileged Access Management
POLITICS
- New Malware Targets Industrial Control Systems
- Meet Cryptojacking, the (not so) new kid on the block
- Russian Malware Used In An Attempt To Sabotage Saudi Petrol Plant
- Pocket iNet ISP exposed 73GB of data including secret keys, plain text passwords
- Weekly Threat Briefing: HealthCare.gov Suffered Data Breach As Hackers Stole 75,000 Records
- Phishing for knowledge
- Deadly Malware That Attacked Saudi Industrial Plant Came From Russia
- ISP Provider Exposed 73 Gigabytes of Highly Sensitive Data Including To The Internet
- South Korea Seems Chief Target of the ‘Operation Oceansalt’ Campaign
- Russian Government-owned research institute linked to Triton attacks
DATA BREACH & DATA LOSS
- Case Study: Protecting PII
- An ISP Left Corporate Passwords, Keys, and All its Data Exposed on the Internet
- Top 10 security steps in Microsoft 365 that political campaigns can take today
- Critical vulnerabilities in FreeRTOS allowed for IoT device compromise
- Thousands of applications affected by a zero-day issue injQuery File Upload plugin
- Malicious actors attacked a back-end insurance system and the resulting @HealthCareGov #breach exposed an unknown amount of data on 75,000
- Identify when your data is exposed, your brand is abused, or your company is mentioned on the dark web. Test
- Thousands of Applications Vulnerable to RCE via jQuery File Upload
- Facebook has seen several data breaches in the last few months, leading the company to look into acquiring a
- Police have issued a fresh warning concerning Fortnite and players giving out their personal details online.
Cheshire Police posted on Facebook,
- Adult websites shuttered after 1.2 million user details exposed
- #sLoad and #Ramnit pairing in sustained personalized campaigns against UK and Italy
- jQuery? More like preyQuery: File upload tool can be exploited to hijack at-risk websites
- "Advanced attacks, spear-phishing and data breaches are the norm, instead of the exception. We need to address these issues with
- “We’re less likely to be caught up in a massive breach of highly available PII or financial data that gets
- A flaw in @Google Firebase #DatabaseSecurity allowed hackers to bypass security and leak data. Learn more about this #SecurityFlaw and
- Morrisons loses appeal over data breach
- Morrisons loses appeal against data breach liability ruling
- A #ZeroDay in the popular #jQuery File Upload plugin could affect thousands of projects and the jQuery #plugin vulnerability may
DENIAL-OF-SERVICE
- DDoS-Capable IoT Botnet 'Chalubo' Rises
- Chalubo DDoS Botnet Compromises Linux SSH Servers Using Brute-Force Attacks
- Netscout Launches Arbor Edge Defense for Enterprise DDoS Security
- Oracle Doubles Down on Cloud Security With CASB, WAF, DDoS Protection
MALVERTISING
Nil
PHISHING
- Phishing is still the most commonly used attack on organizations, survey says
- New Phishing Attack That Uses Multiple Replica Sign-In Pages
- How sophisticated phishing grants attackers total control of your computer
- How sophisticated phishing grants attackers total control of your computer
- 5 Ways #Cybercriminals Can Access Your Emails Without Phishing [Infographic]:
- Phishing attacks becoming more targeted, phishers love Microsoft the most
- Learn how hackers launched #phishing attacks against @netflix users with expert Michael Cobb of @thehairyITdog
- "Advanced attacks, spear-phishing and data breaches are the norm, instead of the exception. We need to address these issues with
- Phishing Report Shows Microsoft, Paypal, & Netflix as Top Targets
- 4 suggerimenti per utilizzare al meglio il vostro #password manager e generare password davvero efficaci. Ebbene sì, repetita juvant :)
WEB DEFACEMENT
- Hackers Defaced Davos In The Desert To Show Image Of Murdered Journalist
- Saudi Investment Site Defaced After Journalist’s Murder
BOTNET
- DDoS-Capable IoT Botnet 'Chalubo' Rises
- Chalubo DDoS Botnet Compromises Linux SSH Servers Using Brute-Force Attacks
- Battling Bots: How to Find Fake Twitter Followers
- Bots Targeting SSH Servers and Brute-Forcing Entry
RANSOMWARE
- When Ransomware Stopped Working Harder and Started Working Smarter
- City Pays $2K in Ransomware, Stirs ‘Never Pay’ Debate
- Case Study: Ransomware
- Indiana National Guard Suffers Ransomware Attack
- Indiana National Guard hit by ransomware
- Have you ever wondered why #ransomware attacks happen on the Friday before a long weekend? We've teamed up with @SentinelOne
CRYPTOMINING & CRYPTOCURRENCIES
- Why the blockchain is not secure
- Trade.io Cold Wallet Hacked Losing 50 Million TIO Tokens – TIO Coin To Be Forked
- Why is Elon Musk promoting this Bitcoin scam? (He’s not)
- Report: Cryptocurrency hackers earned $20M with 51-percent attacks in 2018
- Apple has launched its university ID Cards feature in Wallet. Students at three universities can now access their student ID
- Can Cybercriminals Hack Blockchain?
- A Beginner’s Guide to Bitcoin Mining (Bitcoin Mining 101)
MALWARE
- Burned malware returns, according to Cylance: is Hacking Team responsible?
- Status of Today’s Email as a Malware Vector
- Case Study: Destructive Malware
- Banking Trojan Infections Persist Throughout the State
- Triton Malware Linked to Russian Government Research Institute
- FireEye links Russian research lab to Triton ICS malware attacks
- Securing Government Operations with Cloud-based Malware Analysis
- How RATs infect computers with malicious software
- This is how government spyware StrongPity uses security researchers' work against them
- Russian Malware Was Apparently Used in an Attempt to Sabotage a Saudi Petrol Plant
- Inside Safari Extensions | Malicious Plugins Remain on Mojave
- Malicious actors attacked a back-end insurance system and the resulting @HealthCareGov #breach exposed an unknown amount of data on 75,000
- H-Worm and jRAT Malware: Two RATs are Better than One
- How RATs infect computers with malicious software
- What do you think the combination of the #TrickBot banking Trojan to #IcedID means for the future of banking #Trojans?
- Updated Azorult malware for sale on the Dark Web
- UK and US sign military Cyber Accord to dominate cyber domain - with help from business
- Chinese Cyber Espionage Group using Datper Trojan
- Burned malware returns, says Cylance report: Is Hacking Team responsible?
EXPLOIT
Nil
VULNERABILITY
- DHS warns of another dangerous flaw in Advantech WebAccess SCADA software
- Microsoft Windows zero-day disclosed on Twitter, again
- AWS FreeRTOS Riddled with Security Vulnerabilities | Avast
- Critical vulnerabilities in FreeRTOS allowed for IoT device compromise
- Thousands of applications affected by a zero-day issue injQuery File Upload plugin
- Grave TCP/IP Flaws In FreeRTOS Leave IoT Gear Open To Mass Hijacking
- Patch now! Multiple serious flaws found in Drupal
- Quantifying Vulnerability Risk: How to Quickly Calculate and Prioritize Risk
- Amazon Patched Multiple IoT Vulnerabilities Affecting Its Smart Devices
- Amazon patches IoT and critical infrastructure security flaws
- Patch me, if you can: Grave TCP/IP flaws in FreeRTOS leave IoT gear open to mass hijacking
- Several vulnerabilities were found in controllers made by @Universal_Robot. Discover what these #robot controllers are used for and how
- How do newly found flaws affect robot controllers?
- Firmware zero-day leaves 2m storage devices open to RCE
- A flaw in @Google Firebase #DatabaseSecurity allowed hackers to bypass security and leak data. Learn more about this #SecurityFlaw and
- CyberSecurity Asean security alert on Multiple Vulnerabilities in Cisco WebEx Network Recording Player for Advanced Recording Format Files Could Allow for Arbitrary Code Execution
- Bug Spells Doom for Nearly-Vacant Google+ Network
- The fix for the DOM-based XSS in Branch.io introduced a new XSS flaw
- libssh Server-Side Identity Authentication Bypass Vulnerability (CVE-2018-10933)Threat Alert
- WebLogic Remote Code Execution Vulnerability(CVE-2018-3191)Threat Alert
- Different Vendors Confirm The Impact Of LibSSH Flaw On Their Products
- FreeRTOS IoT OS Critical Vulnerabilities Affected Million of Smart Home & Critical Infrastructure Based IoT Devices
- LIVE555 Streaming library affected by remote code execution vulnerability
- Windows 10 1809 Zip Extraction Bug Overwrites Files without Confirmation
- A #ZeroDay in the popular #jQuery File Upload plugin could affect thousands of projects and the jQuery #plugin vulnerability may
