Asia
- China-linked APT10 Hackers Update Attack Techniques
- Well-known Middle Eastern hacking group keeps updating its arsenal
- Iran-Linked OilRig APT group targets high-ranking office in a Middle Eastern nation
- Illegal Patch Allows Easier Access to India's Aadhaar Biometric Database
- Chinese Cyber Espionage Group APT10 Delivers UPPERCUT Backdoor Via Malicious Word Documents
- N. Korea Calls Sony, Wannacry Hack Charges Smear Campaign
- North Korean hacker officially charged for the WannaCry attacks
World
- Evaluating the Threatscape One Year After NotPetya Ransomware Attack
- Security news: More phishing, Canada pays ransom, SMBs are a target | Avast
- Well-known Middle Eastern hacking group keeps updating its arsenal
- Iran-Linked OilRig APT group targets high-ranking office in a Middle Eastern nation
- Military, Government Users Just as Bad About Password Hygiene as Civilians
- Chinese Cyber Espionage Group APT10 Delivers UPPERCUT Backdoor Via Malicious Word Documents
- N. Korea Calls Sony, Wannacry Hack Charges Smear Campaign
- Major US mobile carriers want to be your password
- Russian man accused of running Kelihos botnet pleads guilty
- North Korean hacker officially charged for the WannaCry attacks
- Law firm begins legal action for data theft in British Airways
- Malware-as-a-Service – New Black Rose Lucy Malware Targets Android Devices With a Special Logic for Xiaomi Phones
Attacks
- Jaxx Cryptocurrency wallet phishing campaign shut down
- Cryptojacking campaign targets add-ons for popular streaming app Kodi
- How to Protect Against Phishing Attacks that Follow Natural Disasters
- Survey: Nearly one-third of breached companies reported job losses after data breach
- Survey: Nearly one-third of breached companies reported job losses after data breach
- MEGA Chrome extension compromised to steal credentials and cryptocurrency
- Security news: More phishing, Canada pays ransom, SMBs are a target | Avast
- Russians and Latvians in DOJ crosshairs for cybercrimes, including running the Kelihos botnet
- Data breaches affect stock performance in the long run, study finds
- Cobalt Gang phishing campaign targets Eastern Europeans with CobInt backdoor-downloader
- Military, Government Users Just as Bad About Password Hygiene as Civilians
- One-Third of Data Breaches Led to People Losing Jobs: Kaspersky
- DDoS attacks: Students blamed for many university cyber attacks
- Illegal Patch Allows Easier Access to India's Aadhaar Biometric Database
- N. Korea Calls Sony, Wannacry Hack Charges Smear Campaign
- Major US mobile carriers want to be your password
- Russian man accused of running Kelihos botnet pleads guilty
- Veeam Publicly Exposed 445 Million Customers Records Of its Marketing Database
- Cold Boot Attacks – Hackers Can Unlock All the Modern Computers and Steal Encryption Keys & Passwords
- Law firm begins legal action for data theft in British Airways
Threats
- Zerodium announced Tor vulnerability on Twitter -announced-tor-vulnerability-on-twitter/ …
- FragmentSmack vulnerability also affects Windows, but Microsoft patched it
- Google’s desktop update for Chrome squashes two bugs
- The Week in Ransomware - September 14th 2018 - Kraken, Dharma, & Matrix
- Evaluating the Threatscape One Year After NotPetya Ransomware Attack
- Colorado firm claims ransomware attack behind closure
- Uptick in malware designed to size up targets before launching full payload
- Fallout Exploit Kit Pushing the SAVEfiles Ransomware
- Microsoft Office 365 Customers Get Protection Against Malicious Macros
- Canadian town bows to ransomware attack, will pay attackers
- From PoC to Pwned: New Exploits Appear in Attacks Just Days After Disclosure
- Kraken Cryptor Ransomware Masquerading as SuperAntiSpyware Security Program
- Cobalt Gang phishing campaign targets Eastern Europeans with CobInt backdoor-downloader
- Honolulu-based Fetal Diagnostic Institute of the Pacific hit with ransomware
- Chinese Cyber Espionage Group APT10 Delivers UPPERCUT Backdoor Via Malicious Word Documents
- Apple’s Safari and Microsoft’s Edge browsers contain spoofing bug
- Malware-as-a-Service – New Black Rose Lucy Malware Targets Android Devices With a Special Logic for Xiaomi Phones
Crime
- Cryptojacking campaign targets add-ons for popular streaming app Kodi
- How to Protect Against Phishing Attacks that Follow Natural Disasters
- Russian man accused of running Kelihos botnet pleads guilty
- Law firm begins legal action for data theft in British Airways
Politics
- Chinese Cyber Espionage Group APT10 Delivers UPPERCUT Backdoor Via Malicious Word Documents
Asia
- OilRig APT Continues Its Ongoing Malware Evolution
- APT10 Targeting Japanese Corporations Using Updated TTPs
World
- Russian man extradited to U.S. for ‘massive’ financial hacking campaign
- Bacloud: Russia’s New Misinformation Safe Haven
- Kelihos Botnet Operator Pleads Guilty in Federal Court
- Scareware scheme operator thrown behind bars for targeting US media
- Cobalt crime gang is using again CobInt malware in attacks on former soviet states
- Russian Hacker Pleads Guilty to Operating Kelihos Botnet
- Kelihos Botnet Author Pleads Guilty in U.S. Court
- New PyLocky Ransomware Attack on Various Organization that Encrypt More than 100 File Extensions
- Smashing Security : British Airways hack, Mac apps steal browser history, and one person has 285,000 texts leaked
Attacks
- Russian man extradited to U.S. for ‘massive’ financial hacking campaign
- Sly malware author hides cryptomining botnet behind ever-shifting proxy service
- Park by Phone data breach affects 5000 customers
- Cobalt Gang phishing campaign targets Eastern Europeans with CobInt backdoor-downloader
- Cold-Boot Attack Steals Passwords In Under Two Minutes
- Security flaw can leak Intel ME encryption keys
- New Necurs Spam Campaign Targets Banks with Malicious .Wiz Files
- Veeam leaves MongoDB database wide open, exposes 445m records
- Kelihos Botnet Operator Pleads Guilty in Federal Court
- Kodi add-ons launch cryptomining campaign
- Jaxx wallet phishing campaign aimed to steal user cryptocurrency
- Kelihos botnet operator jailed for account theft, ID trading in the Dark Web
- Files With 42 Million Emails and Passwords Found On Free Hosting Service
- Raise of IoT Botnets Responsible for Massive DDoS Attacks – Q2 2018 Threat Report
- Russian Hacker Pleads Guilty to Operating Kelihos Botnet
- Kelihos Botnet Author Pleads Guilty in U.S. Court
- Mongo Lock: The attack that deletes MongoDB databases
- Mongo Lock: The attack that deletes MongoDB databases
- Smashing Security : British Airways hack, Mac apps steal browser history, and one person has 285,000 texts leaked
Threats
- Domestic Kitten spyware targets ISIS supporters
- September Patch Tuesday: Adobe patches seven critical vulnerabilities
- Sly malware author hides cryptomining botnet behind ever-shifting proxy service
- Apple store apps are not all safe: Malwarebytes, Tripwire
- Uptick in malware designed to size up targets before launching full payload
- Honolulu-based Fetal Diagnostic Institute of the Pacific hit with ransomware
- Cobalt Gang phishing campaign targets Eastern Europeans with CobInt backdoor-downloader
- Apple’s Safari and Microsoft’s Edge browsers contain spoofing bug
- OilRig APT Continues Its Ongoing Malware Evolution
- Apache Struts exploit found in Mirai variant may signify shift in attack strategy
- Flaws in firmware expose almost any modern PC to Cold Boot Attacks
- ThreatList: Microsoft Macros Remain Top Vector for Malware Delivery
- Security flaw can leak Intel ME encryption keys
- How to Perform Manual SQL Injection With Integer Based Method
- [SingCERT] Alert on Critical Microsoft Vulnerabilities CVE-2018-8440, CVE-2018-8475, CVE-2018-0965, CVE-2018-8439 & CVE-2018-8449
- 2 Billion Bluetooth Devices Remain Exposed to Airborne Attack Vulnerabilities
- Really old computer viruses are still infecting new machines
- New Necurs Spam Campaign Targets Banks with Malicious .Wiz Files
- ICS CERT warns of several flaws in Fuji Electric V-Server
- Two billion devices still vulnerable to Blueborne flaws a year after discovery
- Prison for man who assisted scareware scheme that targeted newspaper website
- Microsoft Office Macros: Still Your Leader in Malware Delivery
- Windows and Linux Kodi users infected with cryptomining malware
- Kodi add-ons launch cryptomining campaign
- Ransomware attack shuts down small Canadian town; officials pay ransom
- New Firmware Flaws Resurrect Cold Boot Attacks
- New Gartner Report Recommends a Vulnerability Management Process Based on Weaponization and Asset Value
- Kernel exploit discovered in macOS Webroot SecureAnywhere antivirus software
- Malicious Kodi Add-ons Install Windows & Linux Coin Mining Trojans
- Scareware scheme operator thrown behind bars for targeting US media
- Cobalt crime gang is using again CobInt malware in attacks on former soviet states
- New PyLocky Ransomware stands out for anti-machine learning capability
- New PyLocky Ransomware Attack on Various Organization that Encrypt More than 100 File Extensions
- Smashing Security : British Airways hack, Mac apps steal browser history, and one person has 285,000 texts leaked
Crime
- Sly malware author hides cryptomining botnet behind ever-shifting proxy service
- Prison for man who assisted scareware scheme that targeted newspaper website
- Bacloud: Russia’s New Misinformation Safe Haven
- Windows and Linux Kodi users infected with cryptomining malware
- Kelihos Botnet Operator Pleads Guilty in Federal Court
- Kodi add-ons launch cryptomining campaign
- Ransomware attack shuts down small Canadian town; officials pay ransom
- New Gartner Report Recommends a Vulnerability Management Process Based on Weaponization and Asset Value
- Kelihos botnet operator jailed for account theft, ID trading in the Dark Web
- Files With 42 Million Emails and Passwords Found On Free Hosting Service
- Scareware scheme operator thrown behind bars for targeting US media
- Cobalt crime gang is using again CobInt malware in attacks on former soviet states
- Russian Hacker Pleads Guilty to Operating Kelihos Botnet
- Kelihos Botnet Author Pleads Guilty in U.S. Court
Politics
- APT10 Targeting Japanese Corporations Using Updated TTPs
- Bacloud: Russia’s New Misinformation Safe Haven
Asia
- WTB: Apple Removes Top Security Tool for Secretly Stealing Data
World
- Multi-Stage Malware Heavily Used in Recent Cobalt Attacks
- Latvian hacker sentenced to 33 months in prison for scareware scheme
- Russian hacker pleads guilty for role in massive botnet schemes
- Modular Malware Brings Stealthy Attacks to Former Soviet States
- Data breach — 380,000 British Airways transactions compromised | Avast
- Researchers implicate online card-skimming group in British Airways hack
- British Airways reveals details about data breach
Attacks
- OilRig Uses Updated BONDUPDATER to Target Middle Eastern Government
- Russian hacker pleads guilty for role in massive botnet schemes
- Jaxx Cryptocurrency wallet phishing campaign shut down
- Modular Malware Brings Stealthy Attacks to Former Soviet States
- Data breach — 380,000 British Airways transactions compromised | Avast
- Veeam Leaks 200 GB Customer Database, Goldmine for Phishers
- Park by Phone data breach affects 5000 customers
- Feeling the Pulse of Cyber Security in Healthcare
- Phishing warning: One in every one hundred emails is now a hacking attempt
- Cybercriminals Go Phishing For Jaxx Wallet Users
- Dramatic Increase of DDoS Attack Sizes Attributed to IoT Devices
- Data management firm Veeam mismanages own data, leaks 445m records
- Crooks Combine Phishing and Impersonation For Higher Success Rate
- Beware! Unpatched Safari Browser Hack Lets Attackers Spoof URLs
- British Airways reveals details about data breach
Threats
- Multi-Stage Malware Heavily Used in Recent Cobalt Attacks
- OilRig Uses Updated BONDUPDATER to Target Middle Eastern Government
- Latvian hacker sentenced to 33 months in prison for scareware scheme
- Canadian town bows to ransomware attack, will pay attackers
- Russian hacker pleads guilty for role in massive botnet schemes
- PowerShell Obfuscation Ups the Ante on Antivirus
- New Python-based Ransomware Poses as Locky
- Modular Malware Brings Stealthy Attacks to Former Soviet States
- Uproar after Adobe winds down Magento rewards-based bug bounty program
- Malware Campaign Targeting Jaxx Wallet Holders Shut Down
- Osiris Banking Trojan Displays Modern Malware Innovation
- September Patch Tuesday: Adobe patches seven critical vulnerabilities
- Office VBA + AMSI: Parting the veil on malicious macros
- A question of security: What is obfuscation and how does it work?
- Feedify becomes latest victim of the Magecart malware campaign
- Flaws Found in Fuji Electric Tool That Links Corporate PCs to ICS
- Researchers implicate online card-skimming group in British Airways hack
- Veeam Leaks 200 GB Customer Database, Goldmine for Phishers
- September 2018 Security Notes address a total of 14 flaws in SAP products
- Domestic Kitten spyware targets ISIS supporters
- Six Critical Vulnerabilities in Adobe ColdFusion Get Patches
- Microsoft purges 3,000 tech support scams hiding on TechNet
- Faster Prod at the Expense of Security? 2018 ‘Under the Hoodie’ Reveals Gaps in Applications
- Feedify Hacked with Magecart Information Stealing Script
- Cybercriminals Go Phishing For Jaxx Wallet Users
- Adobe patch update tackles six critical vulnerabilities in ColdFusion
- Crooks Combine Phishing and Impersonation For Higher Success Rate
- Microsoft Patch Tuesday updates for September 2018 also address recently disclosed Windows zero-day
- September Patch Tuesday: Windows Fixes ALPC Elevation of Privilege, Remote Code Execution Vulnerabilities
- Address Bar Spoofing Flaw Found in Edge, Safari
- Beware! Unpatched Safari Browser Hack Lets Attackers Spoof URLs
- Microsoft Released Security Updates with the Patch for Recent Windows Zero-day Flow
Crime
- Russian hacker pleads guilty for role in massive botnet schemes
- Osiris Banking Trojan Displays Modern Malware Innovation
- Data breach — 380,000 British Airways transactions compromised | Avast
- Researchers implicate online card-skimming group in British Airways hack
- Veeam Leaks 200 GB Customer Database, Goldmine for Phishers
- Feedify Hacked with Magecart Information Stealing Script
- WTB: Apple Removes Top Security Tool for Secretly Stealing Data
- British Airways reveals details about data breach
Politics
- Nothing to report
