DATA BREACH
- Experts uncovered a new Adwind campaign aimed at Linux, Windows, and macOS systems
- New Adwind Campaign Targets Linux, Windows, and macOS
- Survey: Nearly one-third of breached companies reported job losses after data breach
- 4 Things To Do To Get Your Smartphone Compromised
- [SingCERT] Alert on Microsoft JET Database Engine Vulnerabilities CVE-2018-8392 and CVE-2018-8393
- Freelance workers targeted in new malware campaign
- Bug Exposed Direct Messages of Millions of Twitter Users
- A bug in Twitter Account Activity API exposed users messages to wrong developers
- Do you know who the biggest threat actors are?
Check out this paper that shares our perspective on the key takeaways from the 2018 Verizon Data Breach Investigations Report.
Get your copy here:
#DBIR #
- Hackers Compromised Thousands of WordPress Sites and Redirects to Tech Support Scams
DENIAL-OF-SERVICE
- It’s an active buyer’s market for DDoS-as-a-Service - NETSCOUT
- Tricky DoS Attack Crashes Mozilla Firefox
- Virobot Ransomware Logs Keystrokes and Adds PC to Spam Botnet
- Credential Stuffing Attacks Are Reaching DDoS Proportions
- Viborot ransomware comes with a botnet
MALVERTISING
Nothing to report
PHISHING
- Microsoft goes password-free for Azure AD sign-in
- Cisco: We’ve killed another critical hard-coded root password bug, patch urgently
- Yubico's latest authentication keys get the jump on a 'passwordless' future
- US ISP RCN stores customer passwords in cleartext
- Zoho Suspended by Domain Registrar Over Phishy Emails
- [SingCERT] Alert on Cisco Video Surveillance Manager Default Password Vulnerability CVE-2018-15427
- Breaking Chrome / Google account auto login (and tracking)
- Microsoft Deletes Passwords for Azure Active Directory Applications
- Cisco: We've killed another critical hard-coded root password bug, patch urgently
- Cisco Removes Default Password From Video Surveillance Manager
- Western Digital resolves year-old password bypass bug in My Cloud NAS devices
- Pervasive email #security threats have dampened adoption of #cloud-based productivity tools: #survey #BarracudaNetworks #phishing #Office365 #fraud #AI #
WEB DEFACEMENT
Nothing to report
MALWARE
- Hackers Use Cloud Hosting Services To Deliver Malware That Steals Cryptocurrency Wallet Details
- Pennsylvania Senate Democrats paid $700,000 to recover from ransomware attack
- Adwind RAT Scurries By AV Software With New DDE Variant
- Join our LIVE Webcast with @SCMagazine on 9/25: #Cryptomining: The Next #Malware Attack >>> register now <<<
- Scottish Brewery Recovered from Ransomware Attack
- Cybercriminals Target Kodi Media Player for Malware Distribution
- Scottish Brewery Recovered from Ransomware Attack …
- Zoho Suspended by Domain Registrar Over Phishy Emails
- Operator of hackers' favorite malware scanning service gets 14 years in prison
- Black Rose Lucy Android malware mimics user's on-screen click
- Adwind RAT Scurries By AV Software With New DDE Variant
- Hacker Sentenced for Running “Scan4you” Malware Scanning Service
- Blocking ransomware for free with honeypots
- Unraveling Emotet's Latest Macro Obfuscation
- Adwind Trojan circumvents antivirus software to infect your PC
- #SecurityNews: Over 90% of US retail domains analyzed recently were found to be non-compliant with #PCI DSS. The sector also performed worst out of the 18 appraised. Read more about this here: #compliance #cyberattack #
- Researchers warn of iTranslator man-in-the-middle malware
- Virobot Ransomware Logs Keystrokes and Adds PC to Spam Botnet
- Pennsylvania Senate Democrats paid $700,000 to recover from ransomware attack
- Ransomware, Fileless Attacks and Cold Boot the Current Trend
- Virobot Malware Emerges
- Freelance workers targeted in new malware campaign
- Viborot ransomware comes with a botnet
- Scottish brewery ransomware attack leverages job opening
- Arran Brewery Hits Massive Ransomware Attack – Warned Other Companies to Stay Safe
- Thousands of WordPress sites are infected with the malicious code
EXPLOIT
Nothing to report
VULNERABILITY
- macOS Mojave Privacy Bypass Flaw Allows Access to Protected Files
- Cisco: We’ve killed another critical hard-coded root password bug, patch urgently
- U.S. General Service Administration Launches Bug Bounty Program
- Cisco patches 'critical' credential bug in video surveillance software
- [SingCERT] Alert on Cisco Video Surveillance Manager Default Password Vulnerability CVE-2018-15427
- Apple MacOS Mojave zero-day privacy bypass vulnerability revealed
- The MyCloud Auth Vulnerability Fixed by Western Digital with a Hotfix
- [SingCERT] Alert on Microsoft JET Database Engine Vulnerabilities CVE-2018-8392 and CVE-2018-8393
- Cisco Patches Critical Flaw in Cisco Video Surveillance Manager (VSM) Software
- New Bug Crashes Mozilla Firefox on Windows, Linux, and Mac Systems
- Cisco Patched Critical Vulnerability With Video Surveillance Manager Appliance
- [SingCERT] Alert on Critical Out-Of-Band Adobe Acrobat Vulnerability (CVE-2018-12848)
- Critical flaw affects Cisco Video Surveillance Manager
- macOS Mojave Privacy Bypass Flaw Allows Access to Protected Files
- Cisco: We've killed another critical hard-coded root password bug, patch urgently
- Report: Microsoft misses disclosure deadline to patch RCE bug in JET
- Western Digital resolves year-old password bypass bug in My Cloud NAS devices
- Cisco Patched Critical Vulnerability In Its Video Surveillance Manager Software
- Bug Exposed Direct Messages of Millions of Twitter Users
- A bug in Twitter Account Activity API exposed users messages to wrong developers
ASIA
- Experts uncovered a new Adwind campaign aimed at Linux, Windows, and macOS systems
- Adwind RAT Scurries By AV Software With New DDE Variant
WORLD
- Pennsylvania Senate Democrats paid $700,000 to recover from ransomware attack
- macOS Mojave Privacy Bypass Flaw Allows Access to Protected Files
- Experts uncovered a new Adwind campaign aimed at Linux, Windows, and macOS systems
- Scottish Brewery Recovered from Ransomware Attack
- Yubico's latest authentication keys get the jump on a 'passwordless' future
- Scottish Brewery Recovered from Ransomware Attack …
- U.S. General Service Administration Launches Bug Bounty Program
- Cybersecurity Has Become a Major Liability for Online Retailers
- US ISP RCN stores customer passwords in cleartext
- Operator of hackers' favorite malware scanning service gets 14 years in prison
- Black Rose Lucy Android malware mimics user's on-screen click
- Adwind RAT Scurries By AV Software With New DDE Variant
- Hacker Sentenced for Running “Scan4you” Malware Scanning Service
- Unraveling Emotet's Latest Macro Obfuscation
- #SecurityNews: Over 90% of US retail domains analyzed recently were found to be non-compliant with #PCI DSS. The sector also performed worst out of the 18 appraised. Read more about this here: #compliance #cyberattack #
- Ransomware, Fileless Attacks and Cold Boot the Current Trend
- Virobot Malware Emerges
- Scottish brewery ransomware attack leverages job opening
- Arran Brewery Hits Massive Ransomware Attack – Warned Other Companies to Stay Safe
ATTACKS
- Microsoft goes password-free for Azure AD sign-in
- Cisco: We’ve killed another critical hard-coded root password bug, patch urgently
- Experts uncovered a new Adwind campaign aimed at Linux, Windows, and macOS systems
- Yubico's latest authentication keys get the jump on a 'passwordless' future
- New Adwind Campaign Targets Linux, Windows, and macOS
- US ISP RCN stores customer passwords in cleartext
- Zoho Suspended by Domain Registrar Over Phishy Emails
- [SingCERT] Alert on Cisco Video Surveillance Manager Default Password Vulnerability CVE-2018-15427
- Survey: Nearly one-third of breached companies reported job losses after data breach
- Breaking Chrome / Google account auto login (and tracking)
- 4 Things To Do To Get Your Smartphone Compromised
- Microsoft Deletes Passwords for Azure Active Directory Applications
- [SingCERT] Alert on Microsoft JET Database Engine Vulnerabilities CVE-2018-8392 and CVE-2018-8393
- It’s an active buyer’s market for DDoS-as-a-Service - NETSCOUT
- Tricky DoS Attack Crashes Mozilla Firefox
- Virobot Ransomware Logs Keystrokes and Adds PC to Spam Botnet
- Cisco: We've killed another critical hard-coded root password bug, patch urgently
- Cisco Removes Default Password From Video Surveillance Manager
- Credential Stuffing Attacks Are Reaching DDoS Proportions
- Freelance workers targeted in new malware campaign
- Viborot ransomware comes with a botnet
- Western Digital resolves year-old password bypass bug in My Cloud NAS devices
- Bug Exposed Direct Messages of Millions of Twitter Users
- A bug in Twitter Account Activity API exposed users messages to wrong developers
- Do you know who the biggest threat actors are?
Check out this paper that shares our perspective on the key takeaways from the 2018 Verizon Data Breach Investigations Report.
Get your copy here:
#DBIR #
- Pervasive email #security threats have dampened adoption of #cloud-based productivity tools: #survey #BarracudaNetworks #phishing #Office365 #fraud #AI #
- Hackers Compromised Thousands of WordPress Sites and Redirects to Tech Support Scams
THREATS
- Hackers Use Cloud Hosting Services To Deliver Malware That Steals Cryptocurrency Wallet Details
- Pennsylvania Senate Democrats paid $700,000 to recover from ransomware attack
- macOS Mojave Privacy Bypass Flaw Allows Access to Protected Files
- Adwind RAT Scurries By AV Software With New DDE Variant
- Cisco: We’ve killed another critical hard-coded root password bug, patch urgently
- Join our LIVE Webcast with @SCMagazine on 9/25: #Cryptomining: The Next #Malware Attack >>> register now <<<
- Scottish Brewery Recovered from Ransomware Attack
- Cybercriminals Target Kodi Media Player for Malware Distribution
- Scottish Brewery Recovered from Ransomware Attack …
- U.S. General Service Administration Launches Bug Bounty Program
- Zoho Suspended by Domain Registrar Over Phishy Emails
- Operator of hackers' favorite malware scanning service gets 14 years in prison
- Cisco patches 'critical' credential bug in video surveillance software
- Black Rose Lucy Android malware mimics user's on-screen click
- Adwind RAT Scurries By AV Software With New DDE Variant
- [SingCERT] Alert on Cisco Video Surveillance Manager Default Password Vulnerability CVE-2018-15427
- Hacker Sentenced for Running “Scan4you” Malware Scanning Service
- Apple MacOS Mojave zero-day privacy bypass vulnerability revealed
- The MyCloud Auth Vulnerability Fixed by Western Digital with a Hotfix
- Blocking ransomware for free with honeypots
- Unraveling Emotet's Latest Macro Obfuscation
- [SingCERT] Alert on Microsoft JET Database Engine Vulnerabilities CVE-2018-8392 and CVE-2018-8393
- Adwind Trojan circumvents antivirus software to infect your PC
- Cisco Patches Critical Flaw in Cisco Video Surveillance Manager (VSM) Software
- #SecurityNews: Over 90% of US retail domains analyzed recently were found to be non-compliant with #PCI DSS. The sector also performed worst out of the 18 appraised. Read more about this here: #compliance #cyberattack #
- Researchers warn of iTranslator man-in-the-middle malware
- New Bug Crashes Mozilla Firefox on Windows, Linux, and Mac Systems
- Virobot Ransomware Logs Keystrokes and Adds PC to Spam Botnet
- Cisco Patched Critical Vulnerability With Video Surveillance Manager Appliance
- [SingCERT] Alert on Critical Out-Of-Band Adobe Acrobat Vulnerability (CVE-2018-12848)
- Critical flaw affects Cisco Video Surveillance Manager
- Pennsylvania Senate Democrats paid $700,000 to recover from ransomware attack
- Ransomware, Fileless Attacks and Cold Boot the Current Trend
- macOS Mojave Privacy Bypass Flaw Allows Access to Protected Files
- Cisco: We've killed another critical hard-coded root password bug, patch urgently
- Virobot Malware Emerges
- Report: Microsoft misses disclosure deadline to patch RCE bug in JET
- Freelance workers targeted in new malware campaign
- Viborot ransomware comes with a botnet
- Scottish brewery ransomware attack leverages job opening
- Arran Brewery Hits Massive Ransomware Attack – Warned Other Companies to Stay Safe
- Western Digital resolves year-old password bypass bug in My Cloud NAS devices
- Cisco Patched Critical Vulnerability In Its Video Surveillance Manager Software
- Bug Exposed Direct Messages of Millions of Twitter Users
- A bug in Twitter Account Activity API exposed users messages to wrong developers
- Thousands of WordPress sites are infected with the malicious code
CRIME
- Pennsylvania Senate Democrats paid $700,000 to recover from ransomware attack
- Join our LIVE Webcast with @SCMagazine on 9/25: #Cryptomining: The Next #Malware Attack >>> register now <<<
- Cybercriminals Target Kodi Media Player for Malware Distribution
- Cybersecurity Has Become a Major Liability for Online Retailers
- Operator of hackers' favorite malware scanning service gets 14 years in prison
- Hacker Sentenced for Running “Scan4you” Malware Scanning Service
- Unraveling Emotet's Latest Macro Obfuscation
- Ransomware, Fileless Attacks and Cold Boot the Current Trend
- Arran Brewery Hits Massive Ransomware Attack – Warned Other Companies to Stay Safe
POLITICS
- macOS Mojave Privacy Bypass Flaw Allows Access to Protected Files
ASIA
- Bug in Apple Store Allowed more than 500 iPhones For Just 0.03 USD
- Hackers Compromised Japanese Zaif Exchange and Stole Cryptocurrencies worth $60 Million
WORLD
- MagBO Black Market Hacking Site, Caught Selling 3,000 Website Login Credentials
- Romanian Citizen Admits Guilt in Police Department Ransomware Attack #digitalattack
- Operator of Scan4You Malware-Scanning sentenced to 14 Years in prison
- Researchers Discovered New Virobot Ransomware with Botnet Capabilities
- DanaBot banking Trojan evolves and now targets European countries
- Learn how Russian #BOTs weaponized Twitter to influence and disinform people in the @SafeGuard_Cyber #whitepaper.
- Hackers Spreading New Virobot Ransomware with Powerful Botnet & Keylogging Capabilities
- EE’s 4G WiFi Modem Privilege Escalation Vulnerability Allows Let Attacker Bypass & Gain Windows Access
- Operator of VirusTotal Like Malware-Scanning Service Jailed for 14 Years
- Thousands of compromised websites on sale in black market
- Data theft in US State Department email system
- Romanian Citizen Admits Guilt in Police Department Ransomware Attack #malware
ATTACKS
- Adams County clerk resigns over role in data breach
- Twitter API Bug Might Have Exposed Your Direct Messages To The Wrong Developers
- Pegasus spyware spotted in 45 countries, many with questionable human rights records
- MagBO Black Market Hacking Site, Caught Selling 3,000 Website Login Credentials
- The Common Factors in Phishing
- The makers of the Mirai IoT-hijacking botnet are sentenced #extortion
- Researchers Discovered New Virobot Ransomware with Botnet Capabilities
- Hackers Compromised Japanese Zaif Exchange and Stole Cryptocurrencies worth $60 Million
- It’s not enough to cast a wide cybersecurity net and hope you catch the adversaries trying to compromise your data.
Learn how using the MITRE ATT&CK Matrix with CIS Controls and Tripwire mapping can secure your business, today!
#security #
- Learn how Russian #BOTs weaponized Twitter to influence and disinform people in the @SafeGuard_Cyber #whitepaper.
- Google publicly disclosed the Microsoft Jet database engine zero-day RCE vulnerability
- MariaDB announces acquisition of distributed database Clustrix
- Twitter: Don't panic, but we may have leaked your DMs to rando devs
- Business Email Compromises Fuel Procurement Fraud
- Defending Against Next-Generation DDoS Attacks
- Ngrok Mining Botnet
- Hackers Spreading New Virobot Ransomware with Powerful Botnet & Keylogging Capabilities
- Twitter API Flaw Exposed Users Messages to Wrong Developers For Over a Year
- Thousands of compromised websites on sale in black market
- Data theft in US State Department email system
- Thousands of Compromised WordPress Sites Redirect to Tech Support Scams
THREATS
- Report: Cryptomining malware detections up more than 459 percent since 2017
- Twitter API Bug Might Have Exposed Your Direct Messages To The Wrong Developers
- Pegasus spyware spotted in 45 countries, many with questionable human rights records
- Bitcoin Core Bug Could Crash The Entire Bitcoin Network
- Romanian Citizen Admits Guilt in Police Department Ransomware Attack #digitalattack
- Operator of Scan4You Malware-Scanning sentenced to 14 Years in prison
- The makers of the Mirai IoT-hijacking botnet are sentenced #extortion
- Researchers Discovered New Virobot Ransomware with Botnet Capabilities
- Bug in Apple Store Allowed more than 500 iPhones For Just 0.03 USD
- Researchers Publicly Disclosed a Unpatched Zero-Day Flaw Affecting All Version of Windows
- DanaBot banking Trojan evolves and now targets European countries
- Learn how Russian #BOTs weaponized Twitter to influence and disinform people in the @SafeGuard_Cyber #whitepaper.
- Is Your Security Dashboard Ready for the Cloud? #vulnerabilities
- Google publicly disclosed the Microsoft Jet database engine zero-day RCE vulnerability
- Scottish brewery recovers from ransomware attack
- Scotland's Arran Brewery Slammed by Dharma Bip Ransomware
- Google’s Vulnerability Scanning for Their Cloud Infrastructure in Beta
- Hackers Spreading New Virobot Ransomware with Powerful Botnet & Keylogging Capabilities
- EE’s 4G WiFi Modem Privilege Escalation Vulnerability Allows Let Attacker Bypass & Gain Windows Access
- Operator of VirusTotal Like Malware-Scanning Service Jailed for 14 Years
- Twitter API Flaw Exposed Users Messages to Wrong Developers For Over a Year
- Romanian Citizen Admits Guilt in Police Department Ransomware Attack #malware
- New Ransomware Virus?
- Is Your Security Dashboard Ready for the Cloud? #DevOps
CRIME
- Report: Cryptomining malware detections up more than 459 percent since 2017
- MagBO Black Market Hacking Site, Caught Selling 3,000 Website Login Credentials
- Bitcoin Core Bug Could Crash The Entire Bitcoin Network
- Operator of Scan4You Malware-Scanning sentenced to 14 Years in prison
- The makers of the Mirai IoT-hijacking botnet are sentenced #extortion
- Bug in Apple Store Allowed more than 500 iPhones For Just 0.03 USD
- DanaBot banking Trojan evolves and now targets European countries
- Hackers Compromised Japanese Zaif Exchange and Stole Cryptocurrencies worth $60 Million
- Scotland's Arran Brewery Slammed by Dharma Bip Ransomware
- Operator of VirusTotal Like Malware-Scanning Service Jailed for 14 Years
- Data theft in US State Department email system
POLITICS
Nothing to report
DATA BREACH
- What Are Honeywords? Password Protection for Database Breaches
- Snap! Microsoft database flaw, internet to split? Plus, asteroid probed
- Twitter Flaw Exposed Direct Messages To External Developers
- Twitter Flaw Exposed Direct Messages To External Developers
- Twitter API bug leaked private data to other accounts
- The @aberdeengroup analyzed the likelihood and business impact of #phishing attacks based on lost productivity of 1,000 users with a confirmed #databreach of between 100k - 1m records, for 10 different industries. Download the @cyreninc #whitepaper here
- Independence Blue Cross Breach Exposed 17K Records
- Independence Blue Cross Breach Exposed 17K Records …
- Newegg leaked credit card information for more than a month
- ZDI Shares Details of Microsoft JET Database Zero-Day
- Fully 61 percent of ASX100 exposed as email fraud gets personal
- Pegasus spyware spotted in 45 countries, many with questionable human rights records
- ICO to Fine Equifax £500,000 for 2017 Data Breach via @DMBisson #GDPR #databreach
- Adams County clerk resigns over role in data breach
- SC Media September Product Reviews: Threat Intelligence
Recorded Future l
- 0Day Windows JET Database Vulnerability disclosed by Zero Day Initiative
- Who ate all the PII? Not the blockchain, thankfully
- Tick-tock, tick-tock. Oh, that's just the sound of compromised logins waiting to ruin your day
- Equifax IT staff had to rerun hackers' database queries to work out what was nicked – audit
- Veeam holds its hands up, admits database leak was plain 'complacency'
- Back up a minute: Veeam database config snafu exposed millions of customer records
- Law firm seeking leak victims to launch £500m suit at British Airways
- #SecurityNews: The Information Commissioner’s Office (ICO) has fined #Equifax £500K after the 2017 #databreach. For the 2nd time the #ICO has issued a max fine after the credit agency exposed data on 15 million UK customers. Read more here: #
- SingHealth data breach reveals several 'inadequate' security measures
- Cisco releases fixes for remote code execution flaws in Webex Network Recording Player
- ICO Slaps Equifax with Maximum Fine for the 2017 Data Breach
- Cisco fixes Remote Code Execution flaws in Webex Network Recording Player
- MageCart Hacked Customers’ In NewEgg Credit Card Data Breach
- ZDI Exposed Unpatched Microsoft RCE Zero-day Flaw in Public After it Crossed the 120 Days Deadline
- ICO to Fine Equifax £500,000 for 2017 Data Breach via @DMBisson #databreach #GDPR
- Magecart’s Next Attack Resulted In ABS-CBN Data Breach
- £500k fine for Equifax 2017 data breach
DENIAL-OF-SERVICE
- New Virobot Ransomware and Botnet Emerges
- New Virobot ransomware will also log keystrokes, add PC to a spam botnet
- Apache Struts and SonicWall Targeted by Mirai and Gafgyt Botnets
- Virobot Ransomware with Botnet Capability Breaks Through
- No, the Mirai botnet masters aren't going to jail. Why? 'Cos they help Feds nab cyber-crims
- ZombieBoy
- The makers of the Mirai IoT-hijacking botnet are sentenced via @gcluley #DDoS #FBI
- Mirai Botnet Creators To Help Law Enforcement Agencies On Cybercrime Investigations
- The makers of the Mirai IoT-hijacking botnet are sentenced via @gcluley #botnets #Mirai
MALVERTISING
- This blog post explores how #malvertising works and identifies key defense strategies for #businesses … #malware #cyberattacks
DATA LEAK
Nothing to report
PHISHING
- What Are Honeywords? Password Protection for Database Breaches
- Spam or Phish? How to Tell the Difference Between a Marketing Email and a Malicious Spam Email
- Phishing finance apps make way back into Google Play
- The @aberdeengroup analyzed the likelihood and business impact of #phishing attacks based on lost productivity of 1,000 users with a confirmed #databreach of between 100k - 1m records, for 10 different industries. Download the @cyreninc #whitepaper here
- Securing industrial IoT passwords: For Pete's sake, engineers, don't all jump in at once
- Tick-tock, tick-tock. Oh, that's just the sound of compromised logins waiting to ruin your day
- Solid password practice on Capital One's site? Don't bank on it
- When is a patch not a patch? When it's for this McAfee password bug
- Warning issued as Netflix subscribers hit by phishing attack
- Security data reveals worldwide malicious login attempts are on the rise
- AD FS 2016 Password Change from non workplace joined devices
- The most used email subjects used in phishing attacks
- AdGuard resets all user passwords after credential stuffing attack
WEB DEFACEMENT
Nothing to report
MALWARE
- Brewery breach: Not even beer is safe from ransomware
- The Week in Ransomware – September 21st 2018 – Beer, Airports, & Dharma
- PMP®️ Domain Information & Overview
- Gamma, Bkp, & Monro Dharma Ransomware Variants Released in One Week
- Spam or Phish? How to Tell the Difference Between a Marketing Email and a Malicious Spam Email
- Romanian Citizen Admits Guilt in Police Department Ransomware Attack via @DMBisson #police #ransomware
- Malware Disguised as Job Offers Distributed on Freelance Sites
- Romanian Hacker Pleads Guilty for Role in Inauguration Surveillance Ransomware
- Proofpoint: One month out from deadline, half of agency domains are #DMARC compliant via CyberScoopNews #FinSec
- Delphi Packer Looks for Human Behavior Before Deploying Payload
- Delphi Packer Looks for Human Behavior Before Deploying Payload
- The Week in Ransomware - September 21st 2018 - Beer, Airports, & Dharma
- Operator of 'VirusTotal for criminals' gets 14-year prison sentence
- Gamma, Bkp, & Monro Dharma Ransomware Variants Released in One Week
- New Virobot Ransomware and Botnet Emerges
- Staying King Krab: GandCrab Malware Keeps a Step Ahead of Network Defenses
- Malware Disguised as Job Offers Distributed on Freelance Sites
- New Virobot ransomware will also log keystrokes, add PC to a spam botnet
- Security news: All-in-one malware out, GovPayNow drops the ball on security, and Newegg suffers a crack | Avast
- Romanian Hacker Pleads Guilty for Role in Inauguration Surveillance Ransomware
- Pegasus spyware spotted in 45 countries, many with questionable human rights records
- Discover how Tripwire Malware Detection...
- Protects against zero-day exploits and other known threats.
- Offers an enterprise view of suspicious malware objects across all monitored systems.
- Protects from repeat #malware attacks.
Learn more here:
- Legitimate RATs Pose Serious Risk to Industrial Systems
- Crooks turn to Delphi packers to evade malware detection
- This blog post explores how #malvertising works and identifies key defense strategies for #businesses … #malware #cyberattacks
- Malware Businesses Blending the Legitimate and the Illegitimate
- Avoidable mistakes lead to iOS cryptomining attacks
- Romanian Citizen Admits Guilt in Police Department Ransomware Attack via @DMBisson #ransomware #police
- Thousands of WordPress sites backdoored with malicious code
- Virobot Ransomware with Botnet Capability Breaks Through
- DMARC Fully Implemented on Two Thirds of U.S. Government Domains
- Guilty: The Romanian ransomware mastermind who infected Trump inauguration CCTV cams
- FDIC: Supervisory Approach to Payment Processing Relationships with Merchant Customers
- MassMiner Malware Targeting Web Servers
- Malware Analysis using Osquery Part 2
- Off-the-shelf RATs Targeting Pakistan
- Malware Analysis using Osquery Part 1
- Malicious Documents from Lazarus Group Targeting South Korea
- GZipDe: An Encrypted Downloader Serving Metasploit
- Satan Ransomware Spawns New Methods to Spread
- Woman Pleads Guilty to DC CCTV Ransomware Blitz
- Woman Pleads Guilty to DC CCTV Ransomware Blitz …
- Report: Cryptomining malware detections up more than 459 percent since 2017
- The most dangerous mobile spyware, Pegasus that has infected 45 countries
- Security data reveals worldwide malicious login attempts are on the rise
- Why voice fraud rates continue to rise with no signs of slowing down
EXPLOIT
- Discover how Tripwire Malware Detection...
- Protects against zero-day exploits and other known threats.
- Offers an enterprise view of suspicious malware objects across all monitored systems.
- Protects from repeat #malware attacks.
Learn more here:
- Docker fave Alpine Linux suffers bug miscreants can exploit to poison containers
- New Hacker Exploits and How to Fight Them
VULNERABILITY
- Western Digital Releases Hotfix for My Cloud Auth Bypass Vulnerability
- Critical Vulnerability Found in Cisco Video Surveillance Manager
- Critical Vulnerability Found in Cisco Video Surveillance Manager
- Expert disclosed an unpatched zero-day flaw in all supported versions of Microsoft Windows
- Snap! Microsoft database flaw, internet to split? Plus, asteroid probed
- Bug allowing unlimited spiceups in "Answer Question" section
- Optional Cumulative Update KB4457139 for Windows 7 Released With Bug Fixes
- Twitter Flaw Exposed Direct Messages To External Developers
- Twitter Flaw Exposed Direct Messages To External Developers
- Twitter API bug leaked private data to other accounts
- Western Digital Releases Hotfix for My Cloud Auth Bypass Vulnerability
- Twitter notifies users about API bug that shared DMs with wrong devs
- Optional Cumulative Update KB4457139 for Windows 7 Released With Bug Fixes
- ZDI Shares Details of Microsoft JET Database Zero-Day
- Flaw in Western Digital My Cloud exposes the content to hackers
- Twitter Bug May Have Sent your Direct Messages to Twitter Developers As Well
- Unpatched Microsoft Zero-Day in JET Allows Remote Code-Execution
- Discover how Tripwire Malware Detection...
- Protects against zero-day exploits and other known threats.
- Offers an enterprise view of suspicious malware objects across all monitored systems.
- Protects from repeat #malware attacks.
Learn more here:
- Bitcoin flaw could have allowed dreaded 51% takeover
- 0Day Windows JET Database Vulnerability disclosed by Zero Day Initiative
- Microsoft's Jet crash: Zero-day flaw drops after deadline passes
- Patch for EE's 4G Wi-Fi mini modem nails local privilege escalation flaw
- 'I am admin' bug turns WD's My Cloud boxes into Everyone's Cloud
- Docker fave Alpine Linux suffers bug miscreants can exploit to poison containers
- When is a patch not a patch? When it's for this McAfee password bug
- More Details on an ActiveX Vulnerability Recently Used to Target Users in South Korea
- Researcher Discloses New Zero-Day Affecting All Versions of Windows
- Rockwell Automation Patches Severe Flaws in Communications Software
- Cisco releases fixes for remote code execution flaws in Webex Network Recording Player
- Google Cloud Service launches automatic scanning of container vulnerabilities to enhance cloud environment security
- CVE-2018-14829: Rockwell Automation Stack Overflow High Risk Vulnerability
- Adobe Addresses a Number of Critical Remote Execution Vulnerabilities
- Trend Micro Zero Day team discloses unpatched Microsoft Jet RCE vulnerability
- Singapore to offer bug bounty, set up Asean cybersecurity centre
- Cisco fixes Remote Code Execution flaws in Webex Network Recording Player
- ZDI Exposed Unpatched Microsoft RCE Zero-day Flaw in Public After it Crossed the 120 Days Deadline
- iOS Webkit flaw found that forces iPhone restart
- Flaw in 4GEE WiFi Modem Could Leave Your Computer Vulnerable
- Authentication Bypass Vulnerability Disclosed in Western Digital My Cloud NAS Devices
