DATA BREACH
- What Are Honeywords? Password Protection for Database Breaches
- Snap! Microsoft database flaw, internet to split? Plus, asteroid probed
- Twitter Flaw Exposed Direct Messages To External Developers
- Twitter Flaw Exposed Direct Messages To External Developers
- Twitter API bug leaked private data to other accounts
- The @aberdeengroup analyzed the likelihood and business impact of #phishing attacks based on lost productivity of 1,000 users with a confirmed #databreach of between 100k - 1m records, for 10 different industries. Download the @cyreninc #whitepaper here
- Independence Blue Cross Breach Exposed 17K Records
- Independence Blue Cross Breach Exposed 17K Records …
- Newegg leaked credit card information for more than a month
- ZDI Shares Details of Microsoft JET Database Zero-Day
- Fully 61 percent of ASX100 exposed as email fraud gets personal
- Pegasus spyware spotted in 45 countries, many with questionable human rights records
- ICO to Fine Equifax £500,000 for 2017 Data Breach via @DMBisson #GDPR #databreach
- Adams County clerk resigns over role in data breach
- SC Media September Product Reviews: Threat Intelligence
Recorded Future l
- 0Day Windows JET Database Vulnerability disclosed by Zero Day Initiative
- Who ate all the PII? Not the blockchain, thankfully
- Tick-tock, tick-tock. Oh, that's just the sound of compromised logins waiting to ruin your day
- Equifax IT staff had to rerun hackers' database queries to work out what was nicked – audit
- Veeam holds its hands up, admits database leak was plain 'complacency'
- Back up a minute: Veeam database config snafu exposed millions of customer records
- Law firm seeking leak victims to launch £500m suit at British Airways
- #SecurityNews: The Information Commissioner’s Office (ICO) has fined #Equifax £500K after the 2017 #databreach. For the 2nd time the #ICO has issued a max fine after the credit agency exposed data on 15 million UK customers. Read more here: #
- SingHealth data breach reveals several 'inadequate' security measures
- Cisco releases fixes for remote code execution flaws in Webex Network Recording Player
- ICO Slaps Equifax with Maximum Fine for the 2017 Data Breach
- Cisco fixes Remote Code Execution flaws in Webex Network Recording Player
- MageCart Hacked Customers’ In NewEgg Credit Card Data Breach
- ZDI Exposed Unpatched Microsoft RCE Zero-day Flaw in Public After it Crossed the 120 Days Deadline
- ICO to Fine Equifax £500,000 for 2017 Data Breach via @DMBisson #databreach #GDPR
- Magecart’s Next Attack Resulted In ABS-CBN Data Breach
- £500k fine for Equifax 2017 data breach
DENIAL-OF-SERVICE
- New Virobot Ransomware and Botnet Emerges
- New Virobot ransomware will also log keystrokes, add PC to a spam botnet
- Apache Struts and SonicWall Targeted by Mirai and Gafgyt Botnets
- Virobot Ransomware with Botnet Capability Breaks Through
- No, the Mirai botnet masters aren't going to jail. Why? 'Cos they help Feds nab cyber-crims
- ZombieBoy
- The makers of the Mirai IoT-hijacking botnet are sentenced via @gcluley #DDoS #FBI
- Mirai Botnet Creators To Help Law Enforcement Agencies On Cybercrime Investigations
- The makers of the Mirai IoT-hijacking botnet are sentenced via @gcluley #botnets #Mirai
MALVERTISING
- This blog post explores how #malvertising works and identifies key defense strategies for #businesses … #malware #cyberattacks
DATA LEAK
Nothing to report
PHISHING
- What Are Honeywords? Password Protection for Database Breaches
- Spam or Phish? How to Tell the Difference Between a Marketing Email and a Malicious Spam Email
- Phishing finance apps make way back into Google Play
- The @aberdeengroup analyzed the likelihood and business impact of #phishing attacks based on lost productivity of 1,000 users with a confirmed #databreach of between 100k - 1m records, for 10 different industries. Download the @cyreninc #whitepaper here
- Securing industrial IoT passwords: For Pete's sake, engineers, don't all jump in at once
- Tick-tock, tick-tock. Oh, that's just the sound of compromised logins waiting to ruin your day
- Solid password practice on Capital One's site? Don't bank on it
- When is a patch not a patch? When it's for this McAfee password bug
- Warning issued as Netflix subscribers hit by phishing attack
- Security data reveals worldwide malicious login attempts are on the rise
- AD FS 2016 Password Change from non workplace joined devices
- The most used email subjects used in phishing attacks
- AdGuard resets all user passwords after credential stuffing attack
WEB DEFACEMENT
Nothing to report
MALWARE
- Brewery breach: Not even beer is safe from ransomware
- The Week in Ransomware – September 21st 2018 – Beer, Airports, & Dharma
- PMP®️ Domain Information & Overview
- Gamma, Bkp, & Monro Dharma Ransomware Variants Released in One Week
- Spam or Phish? How to Tell the Difference Between a Marketing Email and a Malicious Spam Email
- Romanian Citizen Admits Guilt in Police Department Ransomware Attack via @DMBisson #police #ransomware
- Malware Disguised as Job Offers Distributed on Freelance Sites
- Romanian Hacker Pleads Guilty for Role in Inauguration Surveillance Ransomware
- Proofpoint: One month out from deadline, half of agency domains are #DMARC compliant via CyberScoopNews #FinSec
- Delphi Packer Looks for Human Behavior Before Deploying Payload
- Delphi Packer Looks for Human Behavior Before Deploying Payload
- The Week in Ransomware - September 21st 2018 - Beer, Airports, & Dharma
- Operator of 'VirusTotal for criminals' gets 14-year prison sentence
- Gamma, Bkp, & Monro Dharma Ransomware Variants Released in One Week
- New Virobot Ransomware and Botnet Emerges
- Staying King Krab: GandCrab Malware Keeps a Step Ahead of Network Defenses
- Malware Disguised as Job Offers Distributed on Freelance Sites
- New Virobot ransomware will also log keystrokes, add PC to a spam botnet
- Security news: All-in-one malware out, GovPayNow drops the ball on security, and Newegg suffers a crack | Avast
- Romanian Hacker Pleads Guilty for Role in Inauguration Surveillance Ransomware
- Pegasus spyware spotted in 45 countries, many with questionable human rights records
- Discover how Tripwire Malware Detection...
- Protects against zero-day exploits and other known threats.
- Offers an enterprise view of suspicious malware objects across all monitored systems.
- Protects from repeat #malware attacks.
Learn more here:
- Legitimate RATs Pose Serious Risk to Industrial Systems
- Crooks turn to Delphi packers to evade malware detection
- This blog post explores how #malvertising works and identifies key defense strategies for #businesses … #malware #cyberattacks
- Malware Businesses Blending the Legitimate and the Illegitimate
- Avoidable mistakes lead to iOS cryptomining attacks
- Romanian Citizen Admits Guilt in Police Department Ransomware Attack via @DMBisson #ransomware #police
- Thousands of WordPress sites backdoored with malicious code
- Virobot Ransomware with Botnet Capability Breaks Through
- DMARC Fully Implemented on Two Thirds of U.S. Government Domains
- Guilty: The Romanian ransomware mastermind who infected Trump inauguration CCTV cams
- FDIC: Supervisory Approach to Payment Processing Relationships with Merchant Customers
- MassMiner Malware Targeting Web Servers
- Malware Analysis using Osquery Part 2
- Off-the-shelf RATs Targeting Pakistan
- Malware Analysis using Osquery Part 1
- Malicious Documents from Lazarus Group Targeting South Korea
- GZipDe: An Encrypted Downloader Serving Metasploit
- Satan Ransomware Spawns New Methods to Spread
- Woman Pleads Guilty to DC CCTV Ransomware Blitz
- Woman Pleads Guilty to DC CCTV Ransomware Blitz …
- Report: Cryptomining malware detections up more than 459 percent since 2017
- The most dangerous mobile spyware, Pegasus that has infected 45 countries
- Security data reveals worldwide malicious login attempts are on the rise
- Why voice fraud rates continue to rise with no signs of slowing down
EXPLOIT
- Discover how Tripwire Malware Detection...
- Protects against zero-day exploits and other known threats.
- Offers an enterprise view of suspicious malware objects across all monitored systems.
- Protects from repeat #malware attacks.
Learn more here:
- Docker fave Alpine Linux suffers bug miscreants can exploit to poison containers
- New Hacker Exploits and How to Fight Them
VULNERABILITY
- Western Digital Releases Hotfix for My Cloud Auth Bypass Vulnerability
- Critical Vulnerability Found in Cisco Video Surveillance Manager
- Critical Vulnerability Found in Cisco Video Surveillance Manager
- Expert disclosed an unpatched zero-day flaw in all supported versions of Microsoft Windows
- Snap! Microsoft database flaw, internet to split? Plus, asteroid probed
- Bug allowing unlimited spiceups in "Answer Question" section
- Optional Cumulative Update KB4457139 for Windows 7 Released With Bug Fixes
- Twitter Flaw Exposed Direct Messages To External Developers
- Twitter Flaw Exposed Direct Messages To External Developers
- Twitter API bug leaked private data to other accounts
- Western Digital Releases Hotfix for My Cloud Auth Bypass Vulnerability
- Twitter notifies users about API bug that shared DMs with wrong devs
- Optional Cumulative Update KB4457139 for Windows 7 Released With Bug Fixes
- ZDI Shares Details of Microsoft JET Database Zero-Day
- Flaw in Western Digital My Cloud exposes the content to hackers
- Twitter Bug May Have Sent your Direct Messages to Twitter Developers As Well
- Unpatched Microsoft Zero-Day in JET Allows Remote Code-Execution
- Discover how Tripwire Malware Detection...
- Protects against zero-day exploits and other known threats.
- Offers an enterprise view of suspicious malware objects across all monitored systems.
- Protects from repeat #malware attacks.
Learn more here:
- Bitcoin flaw could have allowed dreaded 51% takeover
- 0Day Windows JET Database Vulnerability disclosed by Zero Day Initiative
- Microsoft's Jet crash: Zero-day flaw drops after deadline passes
- Patch for EE's 4G Wi-Fi mini modem nails local privilege escalation flaw
- 'I am admin' bug turns WD's My Cloud boxes into Everyone's Cloud
- Docker fave Alpine Linux suffers bug miscreants can exploit to poison containers
- When is a patch not a patch? When it's for this McAfee password bug
- More Details on an ActiveX Vulnerability Recently Used to Target Users in South Korea
- Researcher Discloses New Zero-Day Affecting All Versions of Windows
- Rockwell Automation Patches Severe Flaws in Communications Software
- Cisco releases fixes for remote code execution flaws in Webex Network Recording Player
- Google Cloud Service launches automatic scanning of container vulnerabilities to enhance cloud environment security
- CVE-2018-14829: Rockwell Automation Stack Overflow High Risk Vulnerability
- Adobe Addresses a Number of Critical Remote Execution Vulnerabilities
- Trend Micro Zero Day team discloses unpatched Microsoft Jet RCE vulnerability
- Singapore to offer bug bounty, set up Asean cybersecurity centre
- Cisco fixes Remote Code Execution flaws in Webex Network Recording Player
- ZDI Exposed Unpatched Microsoft RCE Zero-day Flaw in Public After it Crossed the 120 Days Deadline
- iOS Webkit flaw found that forces iPhone restart
- Flaw in 4GEE WiFi Modem Could Leave Your Computer Vulnerable
- Authentication Bypass Vulnerability Disclosed in Western Digital My Cloud NAS Devices
ASIA
- Off-the-shelf RATs Targeting Pakistan
- Malicious Documents from Lazarus Group Targeting South Korea
- GZipDe: An Encrypted Downloader Serving Metasploit
- More Details on an ActiveX Vulnerability Recently Used to Target Users in South Korea
- The most dangerous mobile spyware, Pegasus that has infected 45 countries
- Singapore to offer bug bounty, set up Asean cybersecurity centre
WORLD
- Operator of 'VirusTotal for criminals' gets 14-year prison sentence
- Newegg leaked credit card information for more than a month
- Fully 61 percent of ASX100 exposed as email fraud gets personal
- Virobot Ransomware with Botnet Capability Breaks Through
- DMARC Fully Implemented on Two Thirds of U.S. Government Domains
- Guilty: The Romanian ransomware mastermind who infected Trump inauguration CCTV cams
- What's that smell? Oh, it's Newegg cracked open by card slurpers
- Who ate all the PII? Not the blockchain, thankfully
- Card-stealing code that pwned British Airways, Ticketmaster pops up on more sites via hacked JS
- Law firm seeking leak victims to launch £500m suit at British Airways
- 'Magecart' Card-Sniffing Gang Cracks Newegg
- MassMiner Malware Targeting Web Servers
- Malware Analysis using Osquery Part 1
- The most dangerous mobile spyware, Pegasus that has infected 45 countries
- #SecurityNews: The Information Commissioner’s Office (ICO) has fined #Equifax £500K after the 2017 #databreach. For the 2nd time the #ICO has issued a max fine after the credit agency exposed data on 15 million UK customers. Read more here: #
- CVE-2018-14829: Rockwell Automation Stack Overflow High Risk Vulnerability
- ICO Slaps Equifax with Maximum Fine for the 2017 Data Breach
- Magecart’s Next Attack Resulted In ABS-CBN Data Breach
- The most used email subjects used in phishing attacks
- £500k fine for Equifax 2017 data breach
ATTACKS
- What Are Honeywords? Password Protection for Database Breaches
- Snap! Microsoft database flaw, internet to split? Plus, asteroid probed
- Spam or Phish? How to Tell the Difference Between a Marketing Email and a Malicious Spam Email
- Twitter Flaw Exposed Direct Messages To External Developers
- Twitter Flaw Exposed Direct Messages To External Developers
- Phishing finance apps make way back into Google Play
- Twitter API bug leaked private data to other accounts
- The @aberdeengroup analyzed the likelihood and business impact of #phishing attacks based on lost productivity of 1,000 users with a confirmed #databreach of between 100k - 1m records, for 10 different industries. Download the @cyreninc #whitepaper here
- Independence Blue Cross Breach Exposed 17K Records
- Independence Blue Cross Breach Exposed 17K Records …
- New Virobot Ransomware and Botnet Emerges
- Newegg leaked credit card information for more than a month
- ZDI Shares Details of Microsoft JET Database Zero-Day
- New Virobot ransomware will also log keystrokes, add PC to a spam botnet
- Fully 61 percent of ASX100 exposed as email fraud gets personal
- Pegasus spyware spotted in 45 countries, many with questionable human rights records
- ICO to Fine Equifax £500,000 for 2017 Data Breach via @DMBisson #GDPR #databreach
- Adams County clerk resigns over role in data breach
- This blog post explores how #malvertising works and identifies key defense strategies for #businesses … #malware #cyberattacks
- SC Media September Product Reviews: Threat Intelligence
Recorded Future l
- Apache Struts and SonicWall Targeted by Mirai and Gafgyt Botnets
- Virobot Ransomware with Botnet Capability Breaks Through
- 0Day Windows JET Database Vulnerability disclosed by Zero Day Initiative
- Securing industrial IoT passwords: For Pete's sake, engineers, don't all jump in at once
- No, the Mirai botnet masters aren't going to jail. Why? 'Cos they help Feds nab cyber-crims
- Who ate all the PII? Not the blockchain, thankfully
- Tick-tock, tick-tock. Oh, that's just the sound of compromised logins waiting to ruin your day
- Equifax IT staff had to rerun hackers' database queries to work out what was nicked – audit
- Veeam holds its hands up, admits database leak was plain 'complacency'
- Solid password practice on Capital One's site? Don't bank on it
- Back up a minute: Veeam database config snafu exposed millions of customer records
- When is a patch not a patch? When it's for this McAfee password bug
- Law firm seeking leak victims to launch £500m suit at British Airways
- ZombieBoy
- Warning issued as Netflix subscribers hit by phishing attack
- The makers of the Mirai IoT-hijacking botnet are sentenced via @gcluley #DDoS #FBI
- #SecurityNews: The Information Commissioner’s Office (ICO) has fined #Equifax £500K after the 2017 #databreach. For the 2nd time the #ICO has issued a max fine after the credit agency exposed data on 15 million UK customers. Read more here: #
- SingHealth data breach reveals several 'inadequate' security measures
- Cisco releases fixes for remote code execution flaws in Webex Network Recording Player
- Mirai Botnet Creators To Help Law Enforcement Agencies On Cybercrime Investigations
- ICO Slaps Equifax with Maximum Fine for the 2017 Data Breach
- Cisco fixes Remote Code Execution flaws in Webex Network Recording Player
- MageCart Hacked Customers’ In NewEgg Credit Card Data Breach
- ZDI Exposed Unpatched Microsoft RCE Zero-day Flaw in Public After it Crossed the 120 Days Deadline
- Security data reveals worldwide malicious login attempts are on the rise
- AD FS 2016 Password Change from non workplace joined devices
- ICO to Fine Equifax £500,000 for 2017 Data Breach via @DMBisson #databreach #GDPR
- Magecart’s Next Attack Resulted In ABS-CBN Data Breach
- The most used email subjects used in phishing attacks
- £500k fine for Equifax 2017 data breach
- AdGuard resets all user passwords after credential stuffing attack
- The makers of the Mirai IoT-hijacking botnet are sentenced via @gcluley #botnets #Mirai
THREATS
- Brewery breach: Not even beer is safe from ransomware
- Western Digital Releases Hotfix for My Cloud Auth Bypass Vulnerability
- The Week in Ransomware – September 21st 2018 – Beer, Airports, & Dharma
- PMP®️ Domain Information & Overview
- Critical Vulnerability Found in Cisco Video Surveillance Manager
- Critical Vulnerability Found in Cisco Video Surveillance Manager
- Expert disclosed an unpatched zero-day flaw in all supported versions of Microsoft Windows
- Gamma, Bkp, & Monro Dharma Ransomware Variants Released in One Week
- Snap! Microsoft database flaw, internet to split? Plus, asteroid probed
- Bug allowing unlimited spiceups in "Answer Question" section
- Optional Cumulative Update KB4457139 for Windows 7 Released With Bug Fixes
- Spam or Phish? How to Tell the Difference Between a Marketing Email and a Malicious Spam Email
- Romanian Citizen Admits Guilt in Police Department Ransomware Attack via @DMBisson #police #ransomware
- Twitter Flaw Exposed Direct Messages To External Developers
- Malware Disguised as Job Offers Distributed on Freelance Sites
- Twitter Flaw Exposed Direct Messages To External Developers
- Romanian Hacker Pleads Guilty for Role in Inauguration Surveillance Ransomware
- Proofpoint: One month out from deadline, half of agency domains are #DMARC compliant via CyberScoopNews #FinSec
- Twitter API bug leaked private data to other accounts
- Delphi Packer Looks for Human Behavior Before Deploying Payload
- Delphi Packer Looks for Human Behavior Before Deploying Payload
- Western Digital Releases Hotfix for My Cloud Auth Bypass Vulnerability
- Twitter notifies users about API bug that shared DMs with wrong devs
- The Week in Ransomware - September 21st 2018 - Beer, Airports, & Dharma
- Operator of 'VirusTotal for criminals' gets 14-year prison sentence
- Gamma, Bkp, & Monro Dharma Ransomware Variants Released in One Week
- New Virobot Ransomware and Botnet Emerges
- Optional Cumulative Update KB4457139 for Windows 7 Released With Bug Fixes
- Staying King Krab: GandCrab Malware Keeps a Step Ahead of Network Defenses
- Malware Disguised as Job Offers Distributed on Freelance Sites
- ZDI Shares Details of Microsoft JET Database Zero-Day
- New Virobot ransomware will also log keystrokes, add PC to a spam botnet
- Security news: All-in-one malware out, GovPayNow drops the ball on security, and Newegg suffers a crack | Avast
- Romanian Hacker Pleads Guilty for Role in Inauguration Surveillance Ransomware
- Flaw in Western Digital My Cloud exposes the content to hackers
- Twitter Bug May Have Sent your Direct Messages to Twitter Developers As Well
- Unpatched Microsoft Zero-Day in JET Allows Remote Code-Execution
- Pegasus spyware spotted in 45 countries, many with questionable human rights records
- Discover how Tripwire Malware Detection...
- Protects against zero-day exploits and other known threats.
- Offers an enterprise view of suspicious malware objects across all monitored systems.
- Protects from repeat #malware attacks.
Learn more here:
- Legitimate RATs Pose Serious Risk to Industrial Systems
- Crooks turn to Delphi packers to evade malware detection
- This blog post explores how #malvertising works and identifies key defense strategies for #businesses … #malware #cyberattacks
- Malware Businesses Blending the Legitimate and the Illegitimate
- Bitcoin flaw could have allowed dreaded 51% takeover
- Avoidable mistakes lead to iOS cryptomining attacks
- Romanian Citizen Admits Guilt in Police Department Ransomware Attack via @DMBisson #ransomware #police
- Thousands of WordPress sites backdoored with malicious code
- Virobot Ransomware with Botnet Capability Breaks Through
- DMARC Fully Implemented on Two Thirds of U.S. Government Domains
- 0Day Windows JET Database Vulnerability disclosed by Zero Day Initiative
- Guilty: The Romanian ransomware mastermind who infected Trump inauguration CCTV cams
- Microsoft's Jet crash: Zero-day flaw drops after deadline passes
- Sealed with an XSS: IT pros urge Lloyds Group to avoid web cross talk
- Patch for EE's 4G Wi-Fi mini modem nails local privilege escalation flaw
- 'I am admin' bug turns WD's My Cloud boxes into Everyone's Cloud
- Docker fave Alpine Linux suffers bug miscreants can exploit to poison containers
- When is a patch not a patch? When it's for this McAfee password bug
- New Hacker Exploits and How to Fight Them
- FDIC: Supervisory Approach to Payment Processing Relationships with Merchant Customers
- MassMiner Malware Targeting Web Servers
- Malware Analysis using Osquery Part 2
- Off-the-shelf RATs Targeting Pakistan
- Malware Analysis using Osquery Part 1
- Malicious Documents from Lazarus Group Targeting South Korea
- GZipDe: An Encrypted Downloader Serving Metasploit
- More Details on an ActiveX Vulnerability Recently Used to Target Users in South Korea
- Satan Ransomware Spawns New Methods to Spread
- Woman Pleads Guilty to DC CCTV Ransomware Blitz
- Woman Pleads Guilty to DC CCTV Ransomware Blitz …
- Report: Cryptomining malware detections up more than 459 percent since 2017
- Researcher Discloses New Zero-Day Affecting All Versions of Windows
- The most dangerous mobile spyware, Pegasus that has infected 45 countries
- Rockwell Automation Patches Severe Flaws in Communications Software
- Cisco releases fixes for remote code execution flaws in Webex Network Recording Player
- Google Cloud Service launches automatic scanning of container vulnerabilities to enhance cloud environment security
- CVE-2018-14829: Rockwell Automation Stack Overflow High Risk Vulnerability
- Adobe Addresses a Number of Critical Remote Execution Vulnerabilities
- Trend Micro Zero Day team discloses unpatched Microsoft Jet RCE vulnerability
- Singapore to offer bug bounty, set up Asean cybersecurity centre
- Cisco fixes Remote Code Execution flaws in Webex Network Recording Player
- ZDI Exposed Unpatched Microsoft RCE Zero-day Flaw in Public After it Crossed the 120 Days Deadline
- Security data reveals worldwide malicious login attempts are on the rise
- Why voice fraud rates continue to rise with no signs of slowing down
- iOS Webkit flaw found that forces iPhone restart
- Flaw in 4GEE WiFi Modem Could Leave Your Computer Vulnerable
- Authentication Bypass Vulnerability Disclosed in Western Digital My Cloud NAS Devices
CRIME
- Spam or Phish? How to Tell the Difference Between a Marketing Email and a Malicious Spam Email
- Romanian Hacker Pleads Guilty for Role in Inauguration Surveillance Ransomware
- Operator of 'VirusTotal for criminals' gets 14-year prison sentence
- Newegg leaked credit card information for more than a month
- Fully 61 percent of ASX100 exposed as email fraud gets personal
- Romanian Hacker Pleads Guilty for Role in Inauguration Surveillance Ransomware
- Bitcoin flaw could have allowed dreaded 51% takeover
- Avoidable mistakes lead to iOS cryptomining attacks
- Guilty: The Romanian ransomware mastermind who infected Trump inauguration CCTV cams
- Sealed with an XSS: IT pros urge Lloyds Group to avoid web cross talk
- What's that smell? Oh, it's Newegg cracked open by card slurpers
- Solid password practice on Capital One's site? Don't bank on it
- Card-stealing code that pwned British Airways, Ticketmaster pops up on more sites via hacked JS
- Law firm seeking leak victims to launch £500m suit at British Airways
- 'Magecart' Card-Sniffing Gang Cracks Newegg
- FDIC: Supervisory Approach to Payment Processing Relationships with Merchant Customers
- MassMiner Malware Targeting Web Servers
- Malware Analysis using Osquery Part 2
- Malware Analysis using Osquery Part 1
- ZombieBoy
- Malicious Documents from Lazarus Group Targeting South Korea
- Woman Pleads Guilty to DC CCTV Ransomware Blitz
- Woman Pleads Guilty to DC CCTV Ransomware Blitz …
- Report: Cryptomining malware detections up more than 459 percent since 2017
- The makers of the Mirai IoT-hijacking botnet are sentenced via @gcluley #DDoS #FBI
- Mirai Botnet Creators To Help Law Enforcement Agencies On Cybercrime Investigations
- MageCart Hacked Customers’ In NewEgg Credit Card Data Breach
- The makers of the Mirai IoT-hijacking botnet are sentenced via @gcluley #botnets #Mirai
POLITICS
Nothing to report
DATA BREACH
- 14 million customer records exposed in GovPayNow leak
- State Department email breach leaks employee PII
- Magecart data breach possibly avoidable -magecart-data-breach-possibly-avoidable/ …
- Adams County clerk resigns over role in data breach
- ICO to Fine Equifax £500,000 for 2017 Data Breach via
- Pegasus spyware spotted in 45 countries, many with questionable human rights records
- State Department: Some Employee Info Possibly Exposed in Security Incident via
- This breach is a great example of how CT logs can be useful as an early indicator of an ongoing attack campaign. Orgs should be monitoring CT for certificates issued to look-alike domains to improve their situational awareness. -magazine.com/news/magecart-skimmed-newegg-cards/ …
- Data commissioner fines Equifax £500,000 for US data breach affecting UK customers
- Newegg Electronic Retailers Suffered a Data Breach and Hackers Stole Customers Credit Card Data
- LG V40 ThinQ Alleged Specifications Sheet Leaked; Reveals 8GB RAM Model With a 6.4-Inch Display, but No Triple-Rear-Camera
- ICO to Fine Equifax £500,000 for 2017 Data Breach via
- UK organisations’ email accounts used in mass phishing campaigns
- Threat Spotlight: Barracuda study finds account takeover incidents widespread, most commonly used for phishing campaigns
- 7GB of Medical Data Publicly Exposed Thanks to Misconfigured AWS S3 Bucket
- The public's trust, politics and race, and dignity for the LGBT community: MP Murali Pillai goes On the Record
- US State Department confirms data breach to unclassified email system
- Researcher discovers buffer overflow vulnerability in Microsoft's JET Database Engine
- HMRC Tax Refund Scam via Phishing Campaign
- China Arrests Suspect for Customer Data Leak at Accor Partner
- State Department Email Breach Exposed Personal Data Of Employees
- Equifax fined £500,000 over customer data breach
- Privacy advocates have failed to engage on My Health Record
- UK Regulator Fines Equifax £500,000 Over 2017 Data Breach
- GovPayNow Leak of 14M+ Records The All Time Low in Processing
- State Department: Some Employee Info Possibly Exposed in Security Incident via
DENIAL-OF-SERVICE
- Snap! Adobe patches, sneaky Android botnets, Alexa invasion, robot skins
- The makers of the Mirai IoT-hijacking botnet are sentenced via
- 3 Drivers Behind the Increasing Frequency of DDoS Attacks
- New XBash malware combines features from ransomware, cryptocurrency miners, botnets, and worms
- : The 3 people suspected of the have escaped jail after agreeing to provide “substantial assistance” to the in ongoing cases. Read more about this story here: .twitter.com/Yzb9wM7KzU
- 3 Drivers Behind the Increasing Frequency of DDoS Attacks
- This Russian botnet mimics your click to prevent Android device factory resets
- FBI wants to keep “helpful” Mirai botnet authors around
- The makers of the Mirai IoT-hijacking botnet are sentenced via
- Mirai botnet developers collaborate with the FBI
- Identifying botnets before an attack: The new DARPA challenge
- US Signal partners with Cloudflare to deliver DDoS protection service
MALVERTISING
Nothing to report
DATA LEAK
- Hackers Uploaded Fake Apps into Google Play Store to Steal Credit card details and Login Credentials
PHISHING
- Account Takeover Attacks Become a Phishing Fave
- Account Takeover Attacks Result in Phishing Scams pic.twitter.com/hR2kSqlpCN
- Malicious Login Attempts Spike in Finance, Retail pic.twitter.com/OQPWqymDRB
- Account Takeover Attacks Result in Phishing Scams -magazine.com/news/account-takeover-attacks-result-in?utm_source=twitterfeed&utm_medium=twitter …
- Malicious Login Attempts Spike in Finance, Retail -magazine.com/news/malicious-login-attempts-spike-in?utm_source=twitterfeed&utm_medium=twitter …
- Account Takeover Attacks Become a Phishing Fave
- : malware detections have soared 273% since 2017 according to new stats from . The most popular way to spread is brute-forcing of passwords, used in 93% of detected attacks. Read more here: .twitter.com/Ct8Z7qckRC
- UK organisations’ email accounts used in mass phishing campaigns
- Threat Spotlight: Barracuda study finds account takeover incidents widespread, most commonly used for phishing campaigns
- Hackers Uploaded Fake Apps into Google Play Store to Steal Credit card details and Login Credentials
- HMRC Tax Refund Scam via Phishing Campaign
- Phishing finance apps make way back into Google Play
- Manipulation tactics that you fall for in phishing attacks
WEB DEFACEMENT
Nothing to report
MALWARE
- US authorities Have Pardoned Authors of Mirai Ransomware in Return For Government “Cooperation”
- Domain Joined Outlook 2016 Issues - 0x8004011D
- Report: Cryptomining malware detections up more than 459 percent since 2017
- Bad actors are sizing up systems via lightweight recon before attack, researchers at Proofpoint said:
- The rate at which new threats appear now requires a much greater reliance on threat intelligence. Learn more about its opportunities and challenges in our . pic.twitter.com/bEh9MKP6nS
- Malicious Login Attempts Spike in Finance, Retail pic.twitter.com/OQPWqymDRB
- Malicious Login Attempts Spike in Finance, Retail -magazine.com/news/malicious-login-attempts-spike-in?utm_source=twitterfeed&utm_medium=twitter …
- New XBash malware combines features from ransomware, cryptocurrency miners, botnets, and worms
- Pegasus spyware spotted in 45 countries, many with questionable human rights records
- Book Review: Malware Data Science
- Increased Use of a Delphi Packer to Evade Malware Classification
- Hundreds of Indian Government Websites Hit with Cryptojacking Malware
- This breach is a great example of how CT logs can be useful as an early indicator of an ongoing attack campaign. Orgs should be monitoring CT for certificates issued to look-alike domains to improve their situational awareness. -magazine.com/news/magecart-skimmed-newegg-cards/ …
- Mitigate Risk From Malicious and Accidental Insiders
- : malware detections have soared 273% since 2017 according to new stats from . The most popular way to spread is brute-forcing of passwords, used in 93% of detected attacks. Read more here: .twitter.com/Ct8Z7qckRC
- Sustes Malware: CPU for Monero
- Report: Cryptomining malware detections up more than 459 percent since 2017
- Threats posed by using RATs in ICS
- Report Reveals Widespread Use of Pegasus Spyware
- GovPayNow Leak of 14M+ Records The All Time Low in Processing
- Evil Clone Attack – Hackers Injecting Crypto-mining Malware into Legitimate PDF Software
- Newegg hacked: The new victim of Magecart malware
- How to detect and remove a virus from your Android phone | Avast
EXPLOIT
- : Hackers say and have been the easiest attack vectors to exploit this year. 56% of said that social engineering is the fastest account seizing technique to use on them. Read more here: .twitter.com/e5ogD8VYWT
- Researcher discovers buffer overflow vulnerability in Microsoft's JET Database Engine
VULNERABILITY
- Android bug bounty tops $3m in third year, but pay flattens out
- Facebook Bug Bounty opens to reward access token exposure
- Bug hunters fail third year in a row to get top prize in Android hacking program
- Cisco Issues New Warning for 6-Month-Old Critical Bug in IOS XE
- Guarding the Gate: Cybersecurity De-Mystified
- Researcher discovers buffer overflow vulnerability in Microsoft's JET Database Engine
- Interview with Daniel Stenberg: His thoughts on the Curl Bug Bounty Program
- Western Digital goes quiet on unpatched MyCloud flaw
- CVE-2018-0150: Cisco IOS XE Software Static Credential Vulnerability
- Adobe releases patch out of schedule to squash critical code execution bug
- Cisco IOS XE Software Static Credential Vulnerability
- Adobe issued a critical out-of-band patch to address CVE-2018-12848 Acrobat flaw
- Ubuntu Released Security Updates & Fixed Multiple Critical Vulnerabilities
- Vulnerability in My cloud devices exposes sensitive information
- Western Digital My Cloud vulnerability, let’s hacker gives full access
- Guarding the Gate: Cybersecurity De-Mystified
