ASIA
- U.S. Air Force announced Hack the Air Force 3.0, the third Bug Bounty Program
- Data Of Nearly 700,000 Amex India Customers Exposed Via Unsecured MongoDB Server
- Amex India accounts exposed by misconfigured MongoDB installation
- Data of nearly 700,000 Amex India customers exposed via unsecured MongoDB server
- Weekly Threat Briefing: Scammers Ride on Popular Vote411 Voter Info Site to Push Scareware Alerts
- Personal data of police and ministries employees leaked by Anonymous Italy
- Linux servers and IoT devices, main targets of Shellbot botnet
WORLD
- U.S. Air Force announced Hack the Air Force 3.0, the third Bug Bounty Program
- Salesforce Aims to Curb Spam With Blockchain
- Using Blockchain Technology to Solve Global Problems
- Feds get guilty plea in 'DerpTrolling' attacks on video game sites
- Half a Million People Potentially Affected by Data Breach at Bankers Life
- Security Alert: New Dharma Ransomware Strains Alarmingly Go Undetected By Antivirus Engines
- Learn About Phishing Incident Response on Nov 15
- Hacker Leaked Unpatched Virtual Box Zero-day Vulnerability and its Exploit Online
- HSBC Bank Data Breach Exposed Customer’s Account Details and More
- HSBC US Customers Hit by Data Breach
- Elon Musk Bitcoin Scammers Hijack Verified Status Accounts
- Stop us if you've heard this one: Remote code hijacking flaw in Apache Struts, patch ASAP
- Weekly Threat Briefing: Scammers Ride on Popular Vote411 Voter Info Site to Push Scareware Alerts
- HSBC suffers data breach, customer banking info exposed
- Bug bounty: Hack the US Air Force and Get Paid
- VirtualBox zero-day published by disgruntled researcher
- We recently detected an Android banking malware campaign (Anubis) actively targeting the Dutch market by #abusing the @PostNL brand. After
- Personal data of police and ministries employees leaked by Anonymous Italy
- Linux servers and IoT devices, main targets of Shellbot botnet
- AMD and TSMC outline 7nm process products to be listed next year
- Five Guys suffers employees’ data theft
- Vulnerabilities in self encrypted SSD allow attackers to bypass disk encryption
- Bitcoin Cryptojacking Attack Forces University to Disable Entire Network
- Rushed My Health Record changes still missing the point
- VirtualBox Zero-Day Vulnerability Details and Exploit Are Publicly Available
ATTACKS
- New Jersey AG Announces $200,000 Settlement with Business Associate and Permanent Ban for BA’s Owner due to 2016 Data Breach Affecting Over 1,650 Patients
- Half a Million People Potentially Affected by Data Breach at Bankers Life
- Data Of Nearly 700,000 Amex India Customers Exposed Via Unsecured MongoDB Server
- HSBC Bank Suffers Data Breach
- A Phishing Incident is Being Investigated by the Carthage Police
- Why you should use a password manager
- Amex India accounts exposed by misconfigured MongoDB installation
- They stopped a phishing attack in 10 minutes. It used to take days.
- Password Grabber Module Added to Trickbot
- Data of nearly 700,000 Amex India customers exposed via unsecured MongoDB server
- Why Password Management and Security Strategies Fall Short
- Learn About Phishing Incident Response on Nov 15
- Learn why @Google chose U2F authentication over OTP to eliminate #PhishingEmails from expert Michael Cobb of @thehairyITdog.
- Hacker Leaked Unpatched Virtual Box Zero-day Vulnerability and its Exploit Online
- HSBC Bank Data Breach Exposed Customer’s Account Details and More
- HSBC US Customers Hit by Data Breach
- What do you think is the average cost of a data breach?
- HSBC now stands for Hapless Security, Became Compromised: Thousands of customer files snatched by crims
- ICO poised to fine Leave campaign and Arron Banks’ insurance biz £135,000
- HSBC suffers data breach, customer banking info exposed
- We recently detected an Android banking malware campaign (Anubis) actively targeting the Dutch market by #abusing the @PostNL brand. After
- New dropper campaign with at least 8 droppers in #GooglePlay (30k+ installs total), found with the help of @avast_antivirus @apklabio.
- A poor password is a key for the wrong person to get in.
- How voting history data benefits political campaigns
- HSBC Bank Data Breach Exposed Account Numbers, Balances, Transaction History and Other Details
- Personal data of police and ministries employees leaked by Anonymous Italy
- Five Guys suffers employees’ data theft
- Rushed My Health Record changes still missing the point
- What businesses can learn from political campaigns about using big data
THREATS
- Uni cans crypto-mining CPU raid by switching off whole IT network
- U.S. Air Force announced Hack the Air Force 3.0, the third Bug Bounty Program
- Security Flaws Found in Widely Used Data Storage Devices | Avast
- Salesforce Aims to Curb Spam With Blockchain
- Using Blockchain Technology to Solve Global Problems
- Cisco removed its seventh backdoor account this year, and that's a good thing
- JavaScript attack aimed to reroute bitcoin transactions
- 3,2 Million New Android Malicious Apps Detected Until the End of Q3 2018
- A flaw in WooCommerce WordPress Plugin could be exploited to take over e-stores
- Healthcare Targeted by 37 Percent of All Ransomware Attacks in Q3 2018
- Flaw in Icecast streaming media server allows to take off online Radio Stations
- VirtualBox zero-day dumped on GitHub
- Security Researcher Drops VirtualBox Guest-to-Host Escape Zero-Day on GitHub
- WordPress Flaw Opens Millions of WooCommerce Shops to Takeover
- Rapidly Growing Router Botnet Takes Advantage of 5-Year-Old Flaw
- Flaw Leads to RCE in WordPress Plugins, WooCommerce
- Hacker education, inclusivity, and shifting perceptions of bug bounties
- Apache alerts developers of remote code execution flaw
- Evernote Flaw Allows Hackers to Steal Files, Execute Commands
- Security Alert: New Dharma Ransomware Strains Alarmingly Go Undetected By Antivirus Engines
- Top 20 application vulnerabilities in the enterprise are dominated by Adobe and Microsoft
- Equifax nemesis Apache Struts found vulnerable to 2-year old unpatched flaw; workaround available
- Rapid7 Wins Frost & Sullivan 2018 Global Vulnerability Management Market Leadership Award
- Hacker Leaked Unpatched Virtual Box Zero-day Vulnerability and its Exploit Online
- Zero-day flaw in VirtualBox details go public
- Erratic Windows 10 Bug Breaks Changing of Default File Associations
- Researcher discloses VirtualBox Zero-Day without reporting it to Oracle
- Serious XSS flaw discovered in Evernote for Windows, update now!
- Researchers say #Bleedingbit vulnerabilities could allow #RemoteCodeExecution on wireless access points, medical devices and any other products using the affected
- University shuts down network to thwart Bitcoin cryptojacking scheme
- Not sure how to tell if your Android phone has a virus?
Android malware comes in many forms, ranging from spyware
- Attackers breached Statcounter to steal cryptocurrency from gate.io users
- Enterprises Sinking Under 100+ Critical Flaws Per Day
- #SamSam #ransomware targeted 67 organizations in 2018, according to @symantec research. By @MaddieBacon11
- WordPress, WooCommerce flaws combine to allow website hijacking
- How to Remove NOBAD Ransomware
- Elon Musk Bitcoin Scammers Hijack Verified Status Accounts
- Apache Struts vulnerability would allow system take over
- #Kraken #ransomware as a service is getting more popular after being bundled into the Fallout #ExploitKit and getting more update
- Up to 4 million online merchants who use the popular @WooCommerce #WordPress plugin are vulnerable to a file deletion flaw.
- Researcher Drops Oracle VirtualBox Zero-Day
- Stop us if you've heard this one: Remote code hijacking flaw in Apache Struts, patch ASAP
- Hackers seed StatCounter with nasty JavaScript in elaborate Bitcoin theft scheme
- Weekly Threat Briefing: Scammers Ride on Popular Vote411 Voter Info Site to Push Scareware Alerts
- Blockchain: The Good, the Bad and the Legal
- Managing Third-Party Risk in the Age of Ransomware
- Bug bounty: Hack the US Air Force and Get Paid
- Microsoft, Google apps feature in the top 20 vulnerabilities in enterprise environments
- VirtualBox zero-day published by disgruntled researcher
- A fresh #botnet is rapidly growing by targeting a five-year-old #vulnerability.
So far, @360Netlab said hundreds of thousands of bot
- .@Siemens SICLOCK central plant clocks were recently found to be affected by several vulnerabilities, some of which have been rated
- New cryptocurrencies offer better anonymity, new security challenges, from @CSOonline http://0fox.co/sSmx30i8vm4 ZeroFOX CTO weighs in on the #infosec challenges
- Apache Struts users have to update FileUpload library to fix years-old flaws
- On the #blog today, we talk about how fileless malware is changing the way we as organizations treats #cyberthreats.
- Zero-Day #Vulnerability Explained
- November Android Security Update Fixes Critical Bugs, Drops Media Library
- We recently detected an Android banking malware campaign (Anubis) actively targeting the Dutch market by #abusing the @PostNL brand. After
- New dropper campaign with at least 8 droppers in #GooglePlay (30k+ installs total), found with the help of @avast_antivirus @apklabio.
- Coupa Simplifies Fragmented B2B Payments Process
- Researcher publishes new VirtualBox zero-day vulnerability
- Turning Malware Trends into Proactive Behaviors
- DHS on Election Day: No malicious cyber-activity observed
- AMD and TSMC outline 7nm process products to be listed next year
- Vulnerabilities in self encrypted SSD allow attackers to bypass disk encryption
- #Virtualbox hat eine #Zeroday Sicherheitslücke. Tipp: Ändern Sie Ihren virtuellen Netzwerkadapter auf etwas anderes als Intel PRO/1000.
- Bitcoin Cryptojacking Attack Forces University to Disable Entire Network
- Popular WooCommerce WordPress Plugin Patches Critical Vulnerability
- Google's automated fuzz bot has found over 9,000 bugs in the past two years
- VirtualBox Zero-Day Vulnerability Details and Exploit Are Publicly Available
- Researchers rank cryptocurrency exchanges by how secure they are
CRIME
- Feds get guilty plea in 'DerpTrolling' attacks on video game sites
- JavaScript attack aimed to reroute bitcoin transactions
- A Phishing Incident is Being Investigated by the Carthage Police
- They stopped a phishing attack in 10 minutes. It used to take days.
- HSBC Bank Data Breach Exposed Customer’s Account Details and More
- University shuts down network to thwart Bitcoin cryptojacking scheme
- Attackers breached Statcounter to steal cryptocurrency from gate.io users
- HSBC US Customers Hit by Data Breach
- Elon Musk Bitcoin Scammers Hijack Verified Status Accounts
- Hackers seed StatCounter with nasty JavaScript in elaborate Bitcoin theft scheme
- Weekly Threat Briefing: Scammers Ride on Popular Vote411 Voter Info Site to Push Scareware Alerts
- Blockchain: The Good, the Bad and the Legal
- Coupa Simplifies Fragmented B2B Payments Process
- Five Guys suffers employees’ data theft
POLITICS
- Weekly Threat Briefing: Scammers Ride on Popular Vote411 Voter Info Site to Push Scareware Alerts
- DHS on Election Day: No malicious cyber-activity observed
- Personal data of police and ministries employees leaked by Anonymous Italy
- Vulnerabilities in self encrypted SSD allow attackers to bypass disk encryption
DATA BREACH & DATA LOSS
- HSBC Data Breach Hits Online Banking Customers
- My Health Record data misuse penalties raised
- Holiday Suppliers Already Under Assault by Fileless Malware Campaign
- Election Day: Five Security Experts Conclude that Georgia’s Online Voter Database is Easily Hackable
- HSBC Bank Confirms US Data Breach
- UK Regulator Calls for Tougher Rules on Personal Data Use
- HSBC Bank USA Warns Customers of Data Breach
- HSBC Bank Data Breach Exposed Account Numbers, Balances, and More
- Samsung, Crucial’s Flawed Storage Drive Encryption Leaves Data Exposed
- Why business can't keep the public safe from data breaches
- It’s thought that the private message data was obtained via a malicious browser extension that scraped the data from users’
- Alert: Emotet is Back with Major Spam Campaign, Email Exfiltration Module
- Azorult Malware Spread by New Ramnit Campaign
- Pocket iNet ISP Exposed 73GB of Corporate Data Online
- HSBC Bank Notifies Customers of Data Breach
- Business email compromise made easy for cybercriminals as 12.5 million company email inboxes and 33,000 finance department credentials openly accessible
- Wealthy Moscow residents' data leaked in Akado Telecom incident
- New attack by Anonymous Italy: personal data from ministries and police have been released online
DENIAL-OF-SERVICE
Nil
MALVERTISING
Nil
PHISHING
- ThreatList: Despite Fraud Awareness, Password Reuse Persists for Half of U.S. Consumers
- Zombie Phish
- Login VSI announces Release 3 of Login PI for proactive monitoring
- Spam and phishing in Q3 2018
- GPU side channel attacks can enable spying on web activity, password stealing
- Our crucible SoC OTP fusing tool now support graphical mapping of fusemap definition files.
This, other than being very pretty, facilitates
- Social Media Brand Impersonators Go #Phishing: 3 Emerging Tactics from ZeroFOX Research
- Gift Card Phishing Scam Using Email Addresses of Bosses’ is Latest Trend Adopted by Scammers
- Samsung & Crucial Storage Device Vulnerability Allow Attackers to Break the Password & Access the Entire Device Data
- Just half of Fortune 500 companies have installed DMARC, a tool that guards against email phishing scams, according to new
WEB DEFACEMENT
- Anonymous Hackers Syndicate Defaces Huge Number of Websites of Gabon Government
BOTNET
- Zombie Phish
- VB2018 paper: Uncovering the wholesale industry of social media fraud: from botnet to bulk reseller panels
- Shellbot Botnet Targets IoT devices and Linux servers
RANSOMWARE
- Ransomware Keeps Ringing in Profits for Cybercrime Rings
- New ransomware spotted using DiskCryptor
- We're hosting a lunch and learn event geared towards endpoint #security and #ransomware, with technology partner @SentinelOne.
Please join us on
CRYPTOMINING & CRYPTOCURRENCIES
- Group-IB and CryptoIns introduce the world’s first insurance against cyber threats for cryptocurrency exchanges
- Hackers Breach StatCounter To Hijack Bitcoin Transactions
- StatCounter Hacked to Inject Malicious Script in gate.io Cryptocurrency Exchange
- VMware Unveils New Blockchain Service
- Hackers breach StatCounter to hijack Bitcoin transactions on Gate.io exchange
- Backdoors Installed via macOS Cryptocurrency App
- Supply-chain attack on cryptocurrency exchange
- Supply-chain attack on cryptocurrency exchange
- Why are fake Elon Musk bitcoin scams running rife on Twitter right now?
- How IAM is Evolving in the Blockchain Era
- A Blockchain Solution for Data Provenance Using Hyperledger Fabric
- Watch Out for the “Programmer Who Cracked Your Email” Bitcoin Scam
MALWARE
- US DoD’s first malware submissions to Google-bought VirusTotal is Russia-linked LoJack
- Holiday Suppliers Already Under Assault by Fileless Malware Campaign
- StatCounter Hacked to Inject Malicious Script in gate.io Cryptocurrency Exchange
- It’s thought that the private message data was obtained via a malicious browser extension that scraped the data from users’
- Malware Execution via Microsoft Word Embedded Video
- Azorult Malware Spread by New Ramnit Campaign
- Private messages from 81,000 hacked Facebook accounts were for sale online.
The information was obtained through malicious browser extensions, such as
- Worst malware and threat actors of 2018 so far
- #ThreatFabric discovers #NeoBot Android Banking Trojan (#Exobot spawn) in #GooglePlay with 10,000+ installs
Please contact us if your interested in
EXPLOIT
- Exploit Developer Discovers Zero-Day Microsoft Edge Vulnerability Triggering RCE Attacks
VULNERABILITY
- Apache Struts Vulnerability Would Allow System Takeover
- Hack the Air Force 3.0 Bug Bounty Announced by USAF
- Android November update fixes flaws galore
- Zero-Day Vulnerability Explained
- WordPress Design Flaw + WooCommerce Vulnerability Leads to Site Takeover
- Flaws in several self-encrypting SSDs allows attackers to decrypt data they contain
- Side-Channel Vulnerability PortSmash Steals Keys
- Apache Struts Warns Users of Two-Year-Old Vulnerability
- Apache Struts Warns Users of Two-Year-Old Vulnerability
- Apache Struts 2.3.x vulnerable to two year old RCE flaw
- IBM Watson will be used by NIST to assign CVSS scores to vulnerabilities
- Security firm Armis has discovered two vulnerabilities in Bluetooth Chips from several networking industry leaders.
- Hidden Costs of IoT Vulnerabilities
- Evernote for Windows patch resolves stored XSS vulnerability
- Exploit Developer Discovers Zero-Day Microsoft Edge Vulnerability Triggering RCE Attacks
- How testing perspectives helps find application security flaws
- PortSmash Side-Channel Vulnerability – Another Threat For Intel CPUs
- U.S. Air Force Announces Third Bug Bounty Program
- CVE-2018-11759: Apache mod_jk Access Control Bypass Vulnerability
- High risk vulnerability discovered in Sauter CASE Suite building automation software
- Apache Struts Team Urges Users for Library Update to Plug Years-Old Bugs
- Samsung & Crucial Storage Device Vulnerability Allow Attackers to Break the Password & Access the Entire Device Data
- Flaws in Popular Self-Encrypting SSDs Let Attackers Decrypt Data
- Apple Patches Critical iOS, macOS and watchOS Flaws
- Multiple Cisco Vulnerabilities Threat Alert
- Vulnerability in Icecast can collapse online radio stations
- Two zero-day vulnerabilities expose millions of access points
- Gitlab v11.4.5 release: fix bugs
- Symantec acquires Appthority to enhance protection from mobile application vulnerabilities
HEALTHCARE
- Ransomware Keeps Ringing in Profits for Cybercrime Rings
TRANSPORT
- Compromising vital infrastructure: transport and logistics
- Zero-Day Vulnerability Explained
- Nation states sponsoring increasingly sophisticated cyber attacks
BANKING & FINANCE
- HSBC Data Breach Hits Online Banking Customers
- HSBC Bank Confirms US Data Breach
- HSBC Bank USA Warns Customers of Data Breach
- HSBC Bank Data Breach Exposed Account Numbers, Balances, and More
- Zero-Day Vulnerability Explained
- Supply-chain attack on cryptocurrency exchange
- Supply-chain attack on cryptocurrency exchange
- HSBC Bank Notifies Customers of Data Breach
- Business email compromise made easy for cybercriminals as 12.5 million company email inboxes and 33,000 finance department credentials openly accessible
- Spam and phishing in Q3 2018
- Worst malware and threat actors of 2018 so far
- Nation states sponsoring increasingly sophisticated cyber attacks
- #ThreatFabric discovers #NeoBot Android Banking Trojan (#Exobot spawn) in #GooglePlay with 10,000+ installs
Please contact us if your interested in
INFORMATION & TELECOMMUNICATION
- Compromising vital infrastructure: transport and logistics
- Zero-Day Vulnerability Explained
- It’s thought that the private message data was obtained via a malicious browser extension that scraped the data from users’
- Pocket iNet ISP Exposed 73GB of Corporate Data Online
- Why are fake Elon Musk bitcoin scams running rife on Twitter right now?
- Intel responds to the Epyc server threat from AMD
- Fake Telegram Apps Used to Spy on Iranian Users
- Business email compromise made easy for cybercriminals as 12.5 million company email inboxes and 33,000 finance department credentials openly accessible
- Security firm Armis has discovered two vulnerabilities in Bluetooth Chips from several networking industry leaders.
- Spam and phishing in Q3 2018
- Private messages from 81,000 hacked Facebook accounts were for sale online.
The information was obtained through malicious browser extensions, such as
- Our crucible SoC OTP fusing tool now support graphical mapping of fusemap definition files.
This, other than being very pretty, facilitates
- Shellbot Botnet Targets IoT devices and Linux servers
- Vulnerability in Icecast can collapse online radio stations
- #ThreatFabric discovers #NeoBot Android Banking Trojan (#Exobot spawn) in #GooglePlay with 10,000+ installs
Please contact us if your interested in
- Just half of Fortune 500 companies have installed DMARC, a tool that guards against email phishing scams, according to new
FOOD
Nil
WATER
- Spam and phishing in Q3 2018
ENERGY
- High risk vulnerability discovered in Sauter CASE Suite building automation software
- Multiple Cisco Vulnerabilities Threat Alert
- Two zero-day vulnerabilities expose millions of access points
GOVERNMENT & PUBLIC SERVICE
- US DoD’s first malware submissions to Google-bought VirusTotal is Russia-linked LoJack
- Election Day: Five Security Experts Conclude that Georgia’s Online Voter Database is Easily Hackable
- UK Regulator Calls for Tougher Rules on Personal Data Use
- Compromising vital infrastructure: transport and logistics
- Fake Telegram Apps Used to Spy on Iranian Users
- Tech companies offered free products to help secure the election. Now what?
- A Blockchain Solution for Data Provenance Using Hyperledger Fabric
- Shellbot Botnet Targets IoT devices and Linux servers
- U.S. Air Force Announces Third Bug Bounty Program
- Nation states sponsoring increasingly sophisticated cyber attacks
- Anonymous Hackers Syndicate Defaces Huge Number of Websites of Gabon Government
- New attack by Anonymous Italy: personal data from ministries and police have been released online
ASIA
- Group-IB and CryptoIns introduce the world’s first insurance against cyber threats for cryptocurrency exchanges
- Fake Telegram Apps Used to Spy on Iranian Users
- Spam and phishing in Q3 2018
- Worst malware and threat actors of 2018 so far
- Shellbot Botnet Targets IoT devices and Linux servers
- Nation states sponsoring increasingly sophisticated cyber attacks
- New attack by Anonymous Italy: personal data from ministries and police have been released online
- Multiple Cisco Vulnerabilities Threat Alert
WORLD
- US DoD’s first malware submissions to Google-bought VirusTotal is Russia-linked LoJack
- Hack the Air Force 3.0 Bug Bounty Announced by USAF
- ThreatList: Despite Fraud Awareness, Password Reuse Persists for Half of U.S. Consumers
- Election Day: Five Security Experts Conclude that Georgia’s Online Voter Database is Easily Hackable
- Group-IB and CryptoIns introduce the world’s first insurance against cyber threats for cryptocurrency exchanges
- HSBC Bank Confirms US Data Breach
- UK Regulator Calls for Tougher Rules on Personal Data Use
- Compromising vital infrastructure: transport and logistics
- HSBC Bank USA Warns Customers of Data Breach
- Flaws in several self-encrypting SSDs allows attackers to decrypt data they contain
- Side-Channel Vulnerability PortSmash Steals Keys
- Pocket iNet ISP Exposed 73GB of Corporate Data Online
- Tech companies offered free products to help secure the election. Now what?
- Magecart infiltrates UK online retailer Kitronik payment system
- Spam and phishing in Q3 2018
- Worst malware and threat actors of 2018 so far
- Wealthy Moscow residents' data leaked in Akado Telecom incident
- We're hosting a lunch and learn event geared towards endpoint #security and #ransomware, with technology partner @SentinelOne.
Please join us on
- Shellbot Botnet Targets IoT devices and Linux servers
- U.S. Air Force Announces Third Bug Bounty Program
- Nation states sponsoring increasingly sophisticated cyber attacks
- Anonymous Hackers Syndicate Defaces Huge Number of Websites of Gabon Government
- New attack by Anonymous Italy: personal data from ministries and police have been released online
- Two zero-day vulnerabilities expose millions of access points
- #ThreatFabric discovers #NeoBot Android Banking Trojan (#Exobot spawn) in #GooglePlay with 10,000+ installs
Please contact us if your interested in
ATTACKS
- HSBC Data Breach Hits Online Banking Customers
- My Health Record data misuse penalties raised
- Holiday Suppliers Already Under Assault by Fileless Malware Campaign
- ThreatList: Despite Fraud Awareness, Password Reuse Persists for Half of U.S. Consumers
- Election Day: Five Security Experts Conclude that Georgia’s Online Voter Database is Easily Hackable
- HSBC Bank Confirms US Data Breach
- UK Regulator Calls for Tougher Rules on Personal Data Use
- HSBC Bank USA Warns Customers of Data Breach
- HSBC Bank Data Breach Exposed Account Numbers, Balances, and More
- Samsung, Crucial’s Flawed Storage Drive Encryption Leaves Data Exposed
- Why business can't keep the public safe from data breaches
- It’s thought that the private message data was obtained via a malicious browser extension that scraped the data from users’
- Alert: Emotet is Back with Major Spam Campaign, Email Exfiltration Module
- Zombie Phish
- Azorult Malware Spread by New Ramnit Campaign
- Login VSI announces Release 3 of Login PI for proactive monitoring
- Pocket iNet ISP Exposed 73GB of Corporate Data Online
- HSBC Bank Notifies Customers of Data Breach
- Business email compromise made easy for cybercriminals as 12.5 million company email inboxes and 33,000 finance department credentials openly accessible
- Spam and phishing in Q3 2018
- Wealthy Moscow residents' data leaked in Akado Telecom incident
- GPU side channel attacks can enable spying on web activity, password stealing
- Our crucible SoC OTP fusing tool now support graphical mapping of fusemap definition files.
This, other than being very pretty, facilitates
- Social Media Brand Impersonators Go #Phishing: 3 Emerging Tactics from ZeroFOX Research
- Gift Card Phishing Scam Using Email Addresses of Bosses’ is Latest Trend Adopted by Scammers
- New attack by Anonymous Italy: personal data from ministries and police have been released online
- Samsung & Crucial Storage Device Vulnerability Allow Attackers to Break the Password & Access the Entire Device Data
- Just half of Fortune 500 companies have installed DMARC, a tool that guards against email phishing scams, according to new
THREATS
- US DoD’s first malware submissions to Google-bought VirusTotal is Russia-linked LoJack
- Apache Struts Vulnerability Would Allow System Takeover
- Hack the Air Force 3.0 Bug Bounty Announced by USAF
- Android November update fixes flaws galore
- Holiday Suppliers Already Under Assault by Fileless Malware Campaign
- Group-IB and CryptoIns introduce the world’s first insurance against cyber threats for cryptocurrency exchanges
- Hackers Breach StatCounter To Hijack Bitcoin Transactions
- StatCounter Hacked to Inject Malicious Script in gate.io Cryptocurrency Exchange
- VMware Unveils New Blockchain Service
- Hackers breach StatCounter to hijack Bitcoin transactions on Gate.io exchange
- Zero-Day Vulnerability Explained
- WordPress Design Flaw + WooCommerce Vulnerability Leads to Site Takeover
- Flaws in several self-encrypting SSDs allows attackers to decrypt data they contain
- It’s thought that the private message data was obtained via a malicious browser extension that scraped the data from users’
- Backdoors Installed via macOS Cryptocurrency App
- Malware Execution via Microsoft Word Embedded Video
- Azorult Malware Spread by New Ramnit Campaign
- Supply-chain attack on cryptocurrency exchange
- Supply-chain attack on cryptocurrency exchange
- Side-Channel Vulnerability PortSmash Steals Keys
- Apache Struts Warns Users of Two-Year-Old Vulnerability
- Why are fake Elon Musk bitcoin scams running rife on Twitter right now?
- Apache Struts Warns Users of Two-Year-Old Vulnerability
- Apache Struts 2.3.x vulnerable to two year old RCE flaw
- IBM Watson will be used by NIST to assign CVSS scores to vulnerabilities
- Security firm Armis has discovered two vulnerabilities in Bluetooth Chips from several networking industry leaders.
- Hidden Costs of IoT Vulnerabilities
- Evernote for Windows patch resolves stored XSS vulnerability
- Ransomware Keeps Ringing in Profits for Cybercrime Rings
- How IAM is Evolving in the Blockchain Era
- A Blockchain Solution for Data Provenance Using Hyperledger Fabric
- Private messages from 81,000 hacked Facebook accounts were for sale online.
The information was obtained through malicious browser extensions, such as
- New ransomware spotted using DiskCryptor
- Exploit Developer Discovers Zero-Day Microsoft Edge Vulnerability Triggering RCE Attacks
- How testing perspectives helps find application security flaws
- Worst malware and threat actors of 2018 so far
- We're hosting a lunch and learn event geared towards endpoint #security and #ransomware, with technology partner @SentinelOne.
Please join us on
- PortSmash Side-Channel Vulnerability – Another Threat For Intel CPUs
- U.S. Air Force Announces Third Bug Bounty Program
- CVE-2018-11759: Apache mod_jk Access Control Bypass Vulnerability
- High risk vulnerability discovered in Sauter CASE Suite building automation software
- Apache Struts Team Urges Users for Library Update to Plug Years-Old Bugs
- Samsung & Crucial Storage Device Vulnerability Allow Attackers to Break the Password & Access the Entire Device Data
- Flaws in Popular Self-Encrypting SSDs Let Attackers Decrypt Data
- Apple Patches Critical iOS, macOS and watchOS Flaws
- Watch Out for the “Programmer Who Cracked Your Email” Bitcoin Scam
- Multiple Cisco Vulnerabilities Threat Alert
- Vulnerability in Icecast can collapse online radio stations
- Two zero-day vulnerabilities expose millions of access points
- Gitlab v11.4.5 release: fix bugs
- #ThreatFabric discovers #NeoBot Android Banking Trojan (#Exobot spawn) in #GooglePlay with 10,000+ installs
Please contact us if your interested in
- Symantec acquires Appthority to enhance protection from mobile application vulnerabilities
CRIME
- ThreatList: Despite Fraud Awareness, Password Reuse Persists for Half of U.S. Consumers
- Hackers Breach StatCounter To Hijack Bitcoin Transactions
- Hackers breach StatCounter to hijack Bitcoin transactions on Gate.io exchange
- Zero-Day Vulnerability Explained
- Tech companies offered free products to help secure the election. Now what?
- Business email compromise made easy for cybercriminals as 12.5 million company email inboxes and 33,000 finance department credentials openly accessible
- Magecart infiltrates UK online retailer Kitronik payment system
- Ransomware Keeps Ringing in Profits for Cybercrime Rings
- Spam and phishing in Q3 2018
- A Blockchain Solution for Data Provenance Using Hyperledger Fabric
- Nation states sponsoring increasingly sophisticated cyber attacks
- Gift Card Phishing Scam Using Email Addresses of Bosses’ is Latest Trend Adopted by Scammers
- Watch Out for the “Programmer Who Cracked Your Email” Bitcoin Scam
POLITICS
- Election Day: Five Security Experts Conclude that Georgia’s Online Voter Database is Easily Hackable
- Compromising vital infrastructure: transport and logistics
- Flaws in several self-encrypting SSDs allows attackers to decrypt data they contain
- Pocket iNet ISP Exposed 73GB of Corporate Data Online
- Fake Telegram Apps Used to Spy on Iranian Users
- Tech companies offered free products to help secure the election. Now what?
- Spam and phishing in Q3 2018
- GPU side channel attacks can enable spying on web activity, password stealing
- Nation states sponsoring increasingly sophisticated cyber attacks
- New attack by Anonymous Italy: personal data from ministries and police have been released online
DATA BREACH & DATA LOSS
- Week in review: Volume of Australian data breaches continues unabated
- Google dorks were the root cause of a catastrophic compromise of CIA’s communications
- Your personal data is widely available to hackers
- This Tool Shows Exposed Cameras Around Your Neighborhood
- New Side-Channel Vulnerability Leaks Sensitive Data From Intel Chips
- Akado Telecom Accidentally Leaks Customers' Names, Phone Numbers, And Addresses
- Australian shipbuilder Austal hit by data breach
- Equifax Set to Share More PII with Experian
- #SamSam #ransomware continues to be a thorn in the side of organizations in the U.S. with targeted ransomware campaigns continuing,
- National biometric database could be on the way (and in private hands)
- Over 80,000 Facebook User Accounts Compromised
- "If an organization created #DMARC records for the first time, it would encounter syntax and content issues -- one of
- Kemp Cites Voter Database Hacking Attempt, Gives No Evidence
- "A lot of people in Congress are concerned that the Facebook influence campaigns are about the midterms, but to me
- "Shipbuilder Austal Ltd said on Thursday its Australian business had detected and responded to a data breach"
DENIAL-OF-SERVICE
- What were the DDoS numbers for Q2 & Q3 2018?
- A cybersecurity lesson: educational sites suffer rise in DDoS attacks in Q3
MALVERTISING
Nil
PHISHING
- Almost 300 Percent Increase in eCommerce Phishing Attacks in Q3 2018
- Inception Group Uses POWERSHOWER Backdoor in Two-Stage Spear Phishing Attacks
- How to use Firefox Master Password.
- Why you should be using a password manager
- How did @Google eliminate successful #PhishingAttacks? Learn how employees used U2F authentication and physical #SecurityKeys to defend against phishing from
- Password Constraints and Their Unintended Security Consequences
- Cybercriminals Using SMS Phishing Attack to Rob Cardless ATM
- How can U2F authentication end phishing attacks?
- Phishing attacks up by 297 percent across eCommerce in Q3 2018
WEB DEFACEMENT
Nil
BOTNET
- Shellbot Botnet Targets Linux, Android Devices
- Original Mirai botnet creator hit with hefty financial sentence
RANSOMWARE
- #SamSam #ransomware continues to be a thorn in the side of organizations in the U.S. with targeted ransomware campaigns continuing,
- Researchers found #Kraken #ransomware has become more popular after being packaged in the Fallout #ExploitKit and becoming part of an
CRYPTOMINING & CRYPTOCURRENCIES
- No, blockchain isn't the answer to our voting system woes
- Fake Elon Musk Twitter Bitcoin Scam Earned 180K in One Day
- Another wave of Elon Musk bitcoin scams spread by verified Twitter accounts
- Researchers found #Kraken #ransomware has become more popular after being packaged in the Fallout #ExploitKit and becoming part of an
- Blockhead makes blockchain easy for developers
- The building blocks of blockchain-based digital identity
MALWARE
- Inception Group Uses POWERSHOWER Backdoor in Two-Stage Spear Phishing Attacks
- Inside SearchPageInstaller | macOS Malware Deploys a MITM Attack
- Malware of the 1980s: Looking back at the Brain Virus and the Morris Worm
- Why malware attacks should no longer be a problem for businesses
- Android Rat – TheFatRat to Hack and Gain access to Targeted Android Phone
- Scammers Ride on Popular Vote411 Voter Info Site to Push Scareware Alerts
- How to Get Rid of Cortana Runtime Broker CPU Miner Virus
- Fake malicious @RSAsecurity #SecurID malware in pre-release state on @GooglePlay:
- Currently gathering information (profiling) the mobile device it is installed
- Video analysis of Android banking Trojan found on Google Play (Red Alert 2)
- Recently there have been a lot of packed Android malware around, so I decided to write a blog-post on how
EXPLOIT
- PoC Available for Microsoft Edge Zero-Day RCE, Exploit Under Development
- Security researchers exploit Intel hyperthreading flaw to break encryption
VULNERABILITY
- Apache warns Struts 2.3 is using a library with a two year old critical flaw
- Online Radio Stations at Risk from Icecast Flaw
- PoC Available for Microsoft Edge Zero-Day RCE, Exploit Under Development
- Flaws In Self-Encrypting SSDs Let Attackers Bypass Encryption
- New Side-Channel Vulnerability Leaks Sensitive Data From Intel Chips
- Why Are Deserialization Vulnerabilities So Popular?
- Flaws in self-encrypting SSDs let attackers bypass disk encryption
- [SingCERT] Technical Advisory on Vulnerabilities in Bluetooth Low Energy Chips by Texas Instruments (CVE-2018-16986 and CVE-2018-7080)
- Inception Attackers Target Europe with Year-old Office Vulnerability
- Kemp Investigates Dems, Not the Reported Vulnerability
- Flaws in Popular SSD Drives Bypass Hardware Disk Encryption
- Flaw in Icecast streaming media server allows to take off online Radio Stations
- Security researchers exploit Intel hyperthreading flaw to break encryption
- .@ArmisSecurity researchers discovered two chip-level #Bluetooth vulnerabilities -- dubbed #Bleedingbit -- that could allow pseudo #RemoteCodeExecution on wireless access points.
- Vulnerabilities’ CVSS scores soon to be assigned by AI
- Cisco Products Affected By A Zero-Day SIP Inspection Vulnerability Exploited In The Wild
- High severity XML external entity flaw affects Sauter building automation product
- Security firm Armis has discovered two vulnerabilities in Bluetooth Chips from several networking industry leaders.
- Critical 'Bleedingbit' flaws found in microcontrollers used by Wi-Fi access points
- Mozilla Patched Multiple Security Vulnerabilities in Thunderbird 60.3
- Apple Patched Multiple XNU Kernel Vulnerabilities In MacOS And iOS
- Companies implementing DevSecOps address vulnerabilities faster than others
- The Ultimate Guide to Bug Bounty Platforms
- PortSmash – A New Side Channel Vulnerability in SMT/Hyper-Threading That Allows Attackers To Steal Sensitive Data
- Security Think Tank: Three ways to safeguard against application layer vulnerabilities
- Security Bug in Icecast Puts Online Radio Stations At Risk
- Researchers discover new zero-day vulnerability in EDGE browser
ASIA
- Google dorks were the root cause of a catastrophic compromise of CIA’s communications
- Cyber-Attacks: How to Stop a Multibillion-Dollar Problem
- Persian Stalker pillages Iranian users of Instagram and Telegram
- A cybersecurity lesson: educational sites suffer rise in DDoS attacks in Q3
OCEANIA
- Week in review: Volume of Australian data breaches continues unabated
- Australian shipbuilder Austal hit by data breach
- Persian Stalker pillages Iranian users of Instagram and Telegram
- A cybersecurity lesson: educational sites suffer rise in DDoS attacks in Q3
- "Shipbuilder Austal Ltd said on Thursday its Australian business had detected and responded to a data breach"
NORTH AMERICA
- What were the DDoS numbers for Q2 & Q3 2018?
- Google dorks were the root cause of a catastrophic compromise of CIA’s communications
- Your personal data is widely available to hackers
- Inside SearchPageInstaller | macOS Malware Deploys a MITM Attack
- Magecart Strikes Again, and Kitronik Is Latest Victim
- Cyber-Attacks: How to Stop a Multibillion-Dollar Problem
- Equifax Set to Share More PII with Experian
- #SamSam #ransomware continues to be a thorn in the side of organizations in the U.S. with targeted ransomware campaigns continuing,
- Over 80,000 Facebook User Accounts Compromised
- Why malware attacks should no longer be a problem for businesses
- Critical 'Bleedingbit' flaws found in microcontrollers used by Wi-Fi access points
- Persian Stalker pillages Iranian users of Instagram and Telegram
- A cybersecurity lesson: educational sites suffer rise in DDoS attacks in Q3
- "A lot of people in Congress are concerned that the Facebook influence campaigns are about the midterms, but to me
- "Shipbuilder Austal Ltd said on Thursday its Australian business had detected and responded to a data breach"
SOUTH AMERICA
- Over 80,000 Facebook User Accounts Compromised
EUROPE
- Inception Group Uses POWERSHOWER Backdoor in Two-Stage Spear Phishing Attacks
- Google dorks were the root cause of a catastrophic compromise of CIA’s communications
- Magecart Infiltrates U.K. Online Retailer Kitronik POS
- Akado Telecom Accidentally Leaks Customers' Names, Phone Numbers, And Addresses
- Magecart Strikes Again, and Kitronik Is Latest Victim
- Inception Attackers Target Europe with Year-old Office Vulnerability
- Kemp Investigates Dems, Not the Reported Vulnerability
- Over 80,000 Facebook User Accounts Compromised
- Persian Stalker pillages Iranian users of Instagram and Telegram
- Kemp Cites Voter Database Hacking Attempt, Gives No Evidence
- A cybersecurity lesson: educational sites suffer rise in DDoS attacks in Q3
AFRICA
- Cyber-Attacks: How to Stop a Multibillion-Dollar Problem
