DATA BREACH
- Ex-NSA Hacker Sentenced to Jail Over Kaspersky Leak
- Malware on SHEIN Servers Compromises Data of 6.4M Customers
- Mozilla Launches Firefox Monitor Data Breach Notification Service
- Third-Party Patch Available for Microsoft JET Database Zero-Day
- 130 Million Hotel Customers Breached Due to Exposed Database
- State Department data breach exposes employee info (w/ commentary from @TripwireInc’s @craigtweets http://bit.ly/2MTcplE
- New Adwind RAT Campaign Targets Windows, Linux and Mac Users
- Shein Data Breach Exposes Personal Data and Email Address of 6.42 Million Customers
- SHEIN Data breach affected 6.42 million users
- Security In The Crypto World: Exchanges, Wallets, Personal Data. Kiev To Host The Largest Cybersecurity Forum In Eastern Europe
- Symantec accountancy audit uncovers customer transaction recorded as revenue
- NewsNow suffers security breach - passwords should be considered compromised
- First known malicious cryptomining campaign targeting Kodi discovered
- SHEIN-Fashion Shopping Site Suffers Data Breach Affecting 6.5 Million Users
- macOS zero-day vulnerability leads to user data leaks
- How Long Does it Take to Find Compromised Data
- DBeaver Community Edition 5.2.1 Releases: Free universal database tool and SQL client
DENIAL-OF-SERVICE
- DDoS Attack on Infinite Campus Limits Parent Access http://dlvr.it/QlL12Z
- DDoS Attack on Infinite Campus Limits Parent Access https://www.infosecurity-magazine.com/news/ddos-attacks-infinite-campus?utm_source=twitterfeed&utm_medium=twitter …
- DDoS attack on education vendor hinders access to districts’ online portals
- Bitcoin Core Team fixes a critical DDoS flaw in wallet software
- Some credential-stuffing botnets don't care about being noticed any more
- Advanced DDoS Detection and Defense
- ZombieBoy
- Bitcoin Core Software Patches a Critical DDoS Attack Vulnerability
MALVERTISING
Nothing to report
PHISHING
- Firefox Monitor provides password breach alerts, Would it convince you to set up a Firefox Account
- GrrCon Augusta 2018, Rachel Giacobozzi’s ‘The Hybrid Analyst: How Phishing Created A New Type Of Intel Analyst’
- Tomorrow: Go beyond the usual defenses and *really* protect your email from #spearphishing attacks. Find out how with @AlexanderGTster and @illena_a from @SCmagazine. http://www.workcast.com/register?cpak=2026696370909275&referrer=valimailA …
- Cisco patches critical default password vulnerability
- Security researcher fined for hacking hotel Wi-Fi and putting passwords on the internet
- Users fret over Chrome auto-login change
- Security Engineer Hacks Hotel WiFi, Fined for Exposing Admin Password
- AdGuard adblocker resets passwords after credential-stuffing attack
- 5 Notable Security Incidents that Recently Affected Federal Entities https://tripwire.me/2xGwKoH
- Anti-Phishing Requires A Three-Pronged Strategy https://www.infosecurity-magazine.com/white-papers/antiphishing-requires-threepronged?utm_source=twitterfeed&utm_medium=twitter …
- Microsoft: Here's why we're declaring end of password era
- Microsoft 'kills' passwords, throws up threat manager, APIs Graph Security
- Baddies just need one email account with clout to unleash phishing hell
- Why Was Equifax So Stupid About Passwords?
- NewsNow suffers security breach - passwords should be considered compromised
- Cisco patches critical default password vulnerability
- 5 Notable Security Incidents that Recently Affected Federal Entities https://tripwire.me/2xGwKoH
WEB DEFACEMENT
Nothing to report
MALWARE
- The MITRE ATT&CK Framework: Exfiltration https://tripwire.me/2NDbSJV
- Malware on SHEIN Servers Compromises Data of 6.4M Customers
- Operator of Scan4You Malware-Scanning sentenced to 14 Years in prison
- New Adwind RAT Campaign Targets Windows, Linux and Mac Users
- Cryptomining Malware Continues Rapid Growth: Report
- Freelancers baited with job offers to download malicious macros
- DanaBot trojan sets sights on Europe, new features
- Crooks turn to Delphi packers to evade malware detection
- Mac Mojave Zero-Day Allows Malicious Apps to Access Sensitive Info
- Astaroth Trojan Resurges in South America
- BrandPost: Malicious Tactics Have Evolved: Your DNS Needs to, Too
- Bloodhound – A Tool For Exploring Active Directory Domain Security
- #SecurityNews: #Cryptocurrency mining soars 459% from 2017 to 2018 with no indication of slowing down. Read more about this story here: https://bit.ly/2PXYSew
- #SecurityNews: Scottish #Brewery recovers from #ransomware attack. #Arran Brewery in Scotland, received what they thought was a cover letter as part of a job application, but the email attachment contained malware. Read more here:
https://bit.ly/2PYAR7k
- Man gets two years in prison for sabotaging US Army servers with 'logic bomb'
- Malware Analysis using Osquery Part 2
- Off-the-shelf RATs Targeting Pakistan
- Malware Analysis using Osquery Part 1
- Malicious Documents from Lazarus Group Targeting South Korea
- GZipDe: An Encrypted Downloader Serving Metasploit
- Satan Ransomware Spawns New Methods to Spread
- MassMiner Malware Targeting Web Servers
- 14 years prison for man who helped hackers evade detection by anti-virus software
- USB threats from malware to miners
- DanaBot trojan sets sights on Europe, new features
- Stealthy cryptomining apps still on Google Play
- New Version of GandCrab Ransomware Appends 5 Character Extension To Encrypted Files
- First known malicious cryptomining campaign targeting Kodi discovered
- 14 years prison for man who helped hackers evade detection by anti-virus software
- New malware-as-a-service, Black Rose Lucy targets Android devices
- Domain registrar oversteps taking down Zoho domain, impacts over 30Mil users
EXPLOIT
- New CVE-2018-8373 Exploit Spotted in the Wild
VULNERABILITY
- Open-source reuse has left Android’s most-popular apps laced with critical vulnerabilities
- Monero bug could have allowed hackers to steal massive amounts of cryptocurrency
- New Linux 'Mutagen Astronomy' security flaw impacts Red Hat and CentOS distros
- Third-Party Patch Available for Microsoft JET Database Zero-Day
- Over 80 Cisco Products Affected by FragmentSmack DoS Bug
- MacOS Mojave zero-day privacy vulnerability uncovered
- Snyk gets $22 million for platform that tracks security flaws in open source projects
- Cisco patches critical default password vulnerability
- Twitter fixes API bug that shared data with wrong developers
- Mac Mojave Zero-Day Allows Malicious Apps to Access Sensitive Info
- Bitcoin Core Team fixes a critical DDoS flaw in wallet software
- No Takers for Zero-Day Vulnerabilities on the Dark Web
- macOS Mojave Patches Vulnerabilities, But New Flaws Already Emerge
- New CVE-2018-8373 Exploit Spotted in the Wild
- More Details on an ActiveX Vulnerability Recently Used to Target Users in South Korea
- Vulnerability Spotlight: Epee Levin Packet Deserialization Code Execution Vulnerability
- Twitter fixes API bug that shared data with wrong developers
- Cisco patches critical default password vulnerability
- White hat hacker found a macOS Mojave privacy bypass 0-day flaw on release day
- macOS zero-day vulnerability leads to user data leaks
- Bitcoin Core Software Patches a Critical DDoS Attack Vulnerability
- Vulnerability in macOS Mojave allows access to protected files
- Firefox bugs can cause browsers and even the entire operating system to crash directly
- Why the market for zero-day vulnerabilities on the dark web is vanishing
ASIA
- Snyk gets $22 million for platform that tracks security flaws in open source projects
- Security Engineer Hacks Hotel WiFi, Fined for Exposing Admin Password
- Off-the-shelf RATs Targeting Pakistan
- Malicious Documents from Lazarus Group Targeting South Korea
- GZipDe: An Encrypted Downloader Serving Metasploit
- More Details on an ActiveX Vulnerability Recently Used to Target Users in South Korea
- USB threats from malware to miners
WORLD
- Ex-NSA Hacker Sentenced to Jail Over Kaspersky Leak
- Operator of Scan4You Malware-Scanning sentenced to 14 Years in prison
- Snyk gets $22 million for platform that tracks security flaws in open source projects
- Astaroth Trojan Resurges in South America
- BrandPost: Malicious Tactics Have Evolved: Your DNS Needs to, Too
- Security In The Crypto World: Exchanges, Wallets, Personal Data. Kiev To Host The Largest Cybersecurity Forum In Eastern Europe
- #SecurityNews: Scottish #Brewery recovers from #ransomware attack. #Arran Brewery in Scotland, received what they thought was a cover letter as part of a job application, but the email attachment contained malware. Read more here:
https://bit.ly/2PYAR7k
- Man gets two years in prison for sabotaging US Army servers with 'logic bomb'
- Baddies just need one email account with clout to unleash phishing hell
- Malware Analysis using Osquery Part 1
- MassMiner Malware Targeting Web Servers
- 14 years prison for man who helped hackers evade detection by anti-virus software
- SHEIN-Fashion Shopping Site Suffers Data Breach Affecting 6.5 Million Users
- 14 years prison for man who helped hackers evade detection by anti-virus software
- New malware-as-a-service, Black Rose Lucy targets Android devices
ATTACKS
- Firefox Monitor provides password breach alerts, Would it convince you to set up a Firefox Account
- Ex-NSA Hacker Sentenced to Jail Over Kaspersky Leak
- Malware on SHEIN Servers Compromises Data of 6.4M Customers
- GrrCon Augusta 2018, Rachel Giacobozzi’s ‘The Hybrid Analyst: How Phishing Created A New Type Of Intel Analyst’
- Mozilla Launches Firefox Monitor Data Breach Notification Service
- Tomorrow: Go beyond the usual defenses and *really* protect your email from #spearphishing attacks. Find out how with @AlexanderGTster and @illena_a from @SCmagazine. http://www.workcast.com/register?cpak=2026696370909275&referrer=valimailA …
- Third-Party Patch Available for Microsoft JET Database Zero-Day
- 130 Million Hotel Customers Breached Due to Exposed Database
- State Department data breach exposes employee info (w/ commentary from @TripwireInc’s @craigtweets http://bit.ly/2MTcplE
- DDoS Attack on Infinite Campus Limits Parent Access http://dlvr.it/QlL12Z
- DDoS Attack on Infinite Campus Limits Parent Access https://www.infosecurity-magazine.com/news/ddos-attacks-infinite-campus?utm_source=twitterfeed&utm_medium=twitter …
- New Adwind RAT Campaign Targets Windows, Linux and Mac Users
- Cisco patches critical default password vulnerability
- DDoS attack on education vendor hinders access to districts’ online portals
- Bitcoin Core Team fixes a critical DDoS flaw in wallet software
- Shein Data Breach Exposes Personal Data and Email Address of 6.42 Million Customers
- Security researcher fined for hacking hotel Wi-Fi and putting passwords on the internet
- SHEIN Data breach affected 6.42 million users
- Security In The Crypto World: Exchanges, Wallets, Personal Data. Kiev To Host The Largest Cybersecurity Forum In Eastern Europe
- Users fret over Chrome auto-login change
- Security Engineer Hacks Hotel WiFi, Fined for Exposing Admin Password
- AdGuard adblocker resets passwords after credential-stuffing attack
- Symantec accountancy audit uncovers customer transaction recorded as revenue
- 5 Notable Security Incidents that Recently Affected Federal Entities https://tripwire.me/2xGwKoH
- Anti-Phishing Requires A Three-Pronged Strategy https://www.infosecurity-magazine.com/white-papers/antiphishing-requires-threepronged?utm_source=twitterfeed&utm_medium=twitter …
- Microsoft: Here's why we're declaring end of password era
- Microsoft 'kills' passwords, throws up threat manager, APIs Graph Security
- Baddies just need one email account with clout to unleash phishing hell
- Some credential-stuffing botnets don't care about being noticed any more
- Advanced DDoS Detection and Defense
- Why Was Equifax So Stupid About Passwords?
- ZombieBoy
- NewsNow suffers security breach - passwords should be considered compromised
- Cisco patches critical default password vulnerability
- First known malicious cryptomining campaign targeting Kodi discovered
- SHEIN-Fashion Shopping Site Suffers Data Breach Affecting 6.5 Million Users
- macOS zero-day vulnerability leads to user data leaks
- How Long Does it Take to Find Compromised Data
- Bitcoin Core Software Patches a Critical DDoS Attack Vulnerability
- 5 Notable Security Incidents that Recently Affected Federal Entities https://tripwire.me/2xGwKoH
- DBeaver Community Edition 5.2.1 Releases: Free universal database tool and SQL client
THREATS
- Open-source reuse has left Android’s most-popular apps laced with critical vulnerabilities
- The MITRE ATT&CK Framework: Exfiltration https://tripwire.me/2NDbSJV
- Monero bug could have allowed hackers to steal massive amounts of cryptocurrency
- New Linux 'Mutagen Astronomy' security flaw impacts Red Hat and CentOS distros
- Once Popular Online Ad Format Opens Top Tier Sites to XSS Attacks
- Malware on SHEIN Servers Compromises Data of 6.4M Customers
- Third-Party Patch Available for Microsoft JET Database Zero-Day
- Over 80 Cisco Products Affected by FragmentSmack DoS Bug
- Operator of Scan4You Malware-Scanning sentenced to 14 Years in prison
- MacOS Mojave zero-day privacy vulnerability uncovered
- New Adwind RAT Campaign Targets Windows, Linux and Mac Users
- Cryptomining Malware Continues Rapid Growth: Report
- Freelancers baited with job offers to download malicious macros
- Snyk gets $22 million for platform that tracks security flaws in open source projects
- Cisco patches critical default password vulnerability
- Twitter fixes API bug that shared data with wrong developers
- DanaBot trojan sets sights on Europe, new features
- Crooks turn to Delphi packers to evade malware detection
- Mac Mojave Zero-Day Allows Malicious Apps to Access Sensitive Info
- Bitcoin Core Team fixes a critical DDoS flaw in wallet software
- Astaroth Trojan Resurges in South America
- BrandPost: Malicious Tactics Have Evolved: Your DNS Needs to, Too
- Bloodhound – A Tool For Exploring Active Directory Domain Security
- No Takers for Zero-Day Vulnerabilities on the Dark Web
- macOS Mojave Patches Vulnerabilities, But New Flaws Already Emerge
- #SecurityNews: #Cryptocurrency mining soars 459% from 2017 to 2018 with no indication of slowing down. Read more about this story here: https://bit.ly/2PXYSew
- New CVE-2018-8373 Exploit Spotted in the Wild
- #SecurityNews: Scottish #Brewery recovers from #ransomware attack. #Arran Brewery in Scotland, received what they thought was a cover letter as part of a job application, but the email attachment contained malware. Read more here:
https://bit.ly/2PYAR7k
- Man gets two years in prison for sabotaging US Army servers with 'logic bomb'
- Malware Analysis using Osquery Part 2
- Off-the-shelf RATs Targeting Pakistan
- Malware Analysis using Osquery Part 1
- Malicious Documents from Lazarus Group Targeting South Korea
- GZipDe: An Encrypted Downloader Serving Metasploit
- More Details on an ActiveX Vulnerability Recently Used to Target Users in South Korea
- Satan Ransomware Spawns New Methods to Spread
- MassMiner Malware Targeting Web Servers
- Vulnerability Spotlight: Epee Levin Packet Deserialization Code Execution Vulnerability
- 14 years prison for man who helped hackers evade detection by anti-virus software
- USB threats from malware to miners
- DanaBot trojan sets sights on Europe, new features
- Twitter fixes API bug that shared data with wrong developers
- Stealthy cryptomining apps still on Google Play
- New Version of GandCrab Ransomware Appends 5 Character Extension To Encrypted Files
- Cisco patches critical default password vulnerability
- White hat hacker found a macOS Mojave privacy bypass 0-day flaw on release day
- First known malicious cryptomining campaign targeting Kodi discovered
- 14 years prison for man who helped hackers evade detection by anti-virus software
- macOS zero-day vulnerability leads to user data leaks
- New malware-as-a-service, Black Rose Lucy targets Android devices
- Bitcoin Core Software Patches a Critical DDoS Attack Vulnerability
- Vulnerability in macOS Mojave allows access to protected files
- Firefox bugs can cause browsers and even the entire operating system to crash directly
- Domain registrar oversteps taking down Zoho domain, impacts over 30Mil users
- Why the market for zero-day vulnerabilities on the dark web is vanishing
CRIME
- Ex-NSA Hacker Sentenced to Jail Over Kaspersky Leak
- Porous portals, Newegg is a broken egg, and Mirai’s creators have new hats
- Operator of Scan4You Malware-Scanning sentenced to 14 Years in prison
- Cryptomining Malware Continues Rapid Growth: Report
- Bitcoin Core Team fixes a critical DDoS flaw in wallet software
- SHEIN Data breach affected 6.42 million users
- #SecurityNews: #Cryptocurrency mining soars 459% from 2017 to 2018 with no indication of slowing down. Read more about this story here: https://bit.ly/2PXYSew
- Man gets two years in prison for sabotaging US Army servers with 'logic bomb'
- Microsoft: Here's why we're declaring end of password era
- Malware Analysis using Osquery Part 2
- Malware Analysis using Osquery Part 1
- ZombieBoy
- Malicious Documents from Lazarus Group Targeting South Korea
- MassMiner Malware Targeting Web Servers
- 14 years prison for man who helped hackers evade detection by anti-virus software
- DanaBot trojan sets sights on Europe, new features
- Stealthy cryptomining apps still on Google Play
- First known malicious cryptomining campaign targeting Kodi discovered
- 14 years prison for man who helped hackers evade detection by anti-virus software
- Bitcoin Core Software Patches a Critical DDoS Attack Vulnerability
POLITICS
- Ex-NSA Hacker Sentenced to Jail Over Kaspersky Leak
- Man gets two years in prison for sabotaging US Army servers with 'logic bomb'
- Vulnerability in macOS Mojave allows access to protected files
DATA BREACH
- Experts uncovered a new Adwind campaign aimed at Linux, Windows, and macOS systems
- New Adwind Campaign Targets Linux, Windows, and macOS
- Survey: Nearly one-third of breached companies reported job losses after data breach
- 4 Things To Do To Get Your Smartphone Compromised
- [SingCERT] Alert on Microsoft JET Database Engine Vulnerabilities CVE-2018-8392 and CVE-2018-8393
- Freelance workers targeted in new malware campaign
- Bug Exposed Direct Messages of Millions of Twitter Users
- A bug in Twitter Account Activity API exposed users messages to wrong developers
- Do you know who the biggest threat actors are?
Check out this paper that shares our perspective on the key takeaways from the 2018 Verizon Data Breach Investigations Report.
Get your copy here:
#DBIR #
- Hackers Compromised Thousands of WordPress Sites and Redirects to Tech Support Scams
DENIAL-OF-SERVICE
- It’s an active buyer’s market for DDoS-as-a-Service - NETSCOUT
- Tricky DoS Attack Crashes Mozilla Firefox
- Virobot Ransomware Logs Keystrokes and Adds PC to Spam Botnet
- Credential Stuffing Attacks Are Reaching DDoS Proportions
- Viborot ransomware comes with a botnet
MALVERTISING
Nothing to report
PHISHING
- Microsoft goes password-free for Azure AD sign-in
- Cisco: We’ve killed another critical hard-coded root password bug, patch urgently
- Yubico's latest authentication keys get the jump on a 'passwordless' future
- US ISP RCN stores customer passwords in cleartext
- Zoho Suspended by Domain Registrar Over Phishy Emails
- [SingCERT] Alert on Cisco Video Surveillance Manager Default Password Vulnerability CVE-2018-15427
- Breaking Chrome / Google account auto login (and tracking)
- Microsoft Deletes Passwords for Azure Active Directory Applications
- Cisco: We've killed another critical hard-coded root password bug, patch urgently
- Cisco Removes Default Password From Video Surveillance Manager
- Western Digital resolves year-old password bypass bug in My Cloud NAS devices
- Pervasive email #security threats have dampened adoption of #cloud-based productivity tools: #survey #BarracudaNetworks #phishing #Office365 #fraud #AI #
WEB DEFACEMENT
Nothing to report
MALWARE
- Hackers Use Cloud Hosting Services To Deliver Malware That Steals Cryptocurrency Wallet Details
- Pennsylvania Senate Democrats paid $700,000 to recover from ransomware attack
- Adwind RAT Scurries By AV Software With New DDE Variant
- Join our LIVE Webcast with @SCMagazine on 9/25: #Cryptomining: The Next #Malware Attack >>> register now <<<
- Scottish Brewery Recovered from Ransomware Attack
- Cybercriminals Target Kodi Media Player for Malware Distribution
- Scottish Brewery Recovered from Ransomware Attack …
- Zoho Suspended by Domain Registrar Over Phishy Emails
- Operator of hackers' favorite malware scanning service gets 14 years in prison
- Black Rose Lucy Android malware mimics user's on-screen click
- Adwind RAT Scurries By AV Software With New DDE Variant
- Hacker Sentenced for Running “Scan4you” Malware Scanning Service
- Blocking ransomware for free with honeypots
- Unraveling Emotet's Latest Macro Obfuscation
- Adwind Trojan circumvents antivirus software to infect your PC
- #SecurityNews: Over 90% of US retail domains analyzed recently were found to be non-compliant with #PCI DSS. The sector also performed worst out of the 18 appraised. Read more about this here: #compliance #cyberattack #
- Researchers warn of iTranslator man-in-the-middle malware
- Virobot Ransomware Logs Keystrokes and Adds PC to Spam Botnet
- Pennsylvania Senate Democrats paid $700,000 to recover from ransomware attack
- Ransomware, Fileless Attacks and Cold Boot the Current Trend
- Virobot Malware Emerges
- Freelance workers targeted in new malware campaign
- Viborot ransomware comes with a botnet
- Scottish brewery ransomware attack leverages job opening
- Arran Brewery Hits Massive Ransomware Attack – Warned Other Companies to Stay Safe
- Thousands of WordPress sites are infected with the malicious code
EXPLOIT
Nothing to report
VULNERABILITY
- macOS Mojave Privacy Bypass Flaw Allows Access to Protected Files
- Cisco: We’ve killed another critical hard-coded root password bug, patch urgently
- U.S. General Service Administration Launches Bug Bounty Program
- Cisco patches 'critical' credential bug in video surveillance software
- [SingCERT] Alert on Cisco Video Surveillance Manager Default Password Vulnerability CVE-2018-15427
- Apple MacOS Mojave zero-day privacy bypass vulnerability revealed
- The MyCloud Auth Vulnerability Fixed by Western Digital with a Hotfix
- [SingCERT] Alert on Microsoft JET Database Engine Vulnerabilities CVE-2018-8392 and CVE-2018-8393
- Cisco Patches Critical Flaw in Cisco Video Surveillance Manager (VSM) Software
- New Bug Crashes Mozilla Firefox on Windows, Linux, and Mac Systems
- Cisco Patched Critical Vulnerability With Video Surveillance Manager Appliance
- [SingCERT] Alert on Critical Out-Of-Band Adobe Acrobat Vulnerability (CVE-2018-12848)
- Critical flaw affects Cisco Video Surveillance Manager
- macOS Mojave Privacy Bypass Flaw Allows Access to Protected Files
- Cisco: We've killed another critical hard-coded root password bug, patch urgently
- Report: Microsoft misses disclosure deadline to patch RCE bug in JET
- Western Digital resolves year-old password bypass bug in My Cloud NAS devices
- Cisco Patched Critical Vulnerability In Its Video Surveillance Manager Software
- Bug Exposed Direct Messages of Millions of Twitter Users
- A bug in Twitter Account Activity API exposed users messages to wrong developers
ASIA
- Experts uncovered a new Adwind campaign aimed at Linux, Windows, and macOS systems
- Adwind RAT Scurries By AV Software With New DDE Variant
WORLD
- Pennsylvania Senate Democrats paid $700,000 to recover from ransomware attack
- macOS Mojave Privacy Bypass Flaw Allows Access to Protected Files
- Experts uncovered a new Adwind campaign aimed at Linux, Windows, and macOS systems
- Scottish Brewery Recovered from Ransomware Attack
- Yubico's latest authentication keys get the jump on a 'passwordless' future
- Scottish Brewery Recovered from Ransomware Attack …
- U.S. General Service Administration Launches Bug Bounty Program
- Cybersecurity Has Become a Major Liability for Online Retailers
- US ISP RCN stores customer passwords in cleartext
- Operator of hackers' favorite malware scanning service gets 14 years in prison
- Black Rose Lucy Android malware mimics user's on-screen click
- Adwind RAT Scurries By AV Software With New DDE Variant
- Hacker Sentenced for Running “Scan4you” Malware Scanning Service
- Unraveling Emotet's Latest Macro Obfuscation
- #SecurityNews: Over 90% of US retail domains analyzed recently were found to be non-compliant with #PCI DSS. The sector also performed worst out of the 18 appraised. Read more about this here: #compliance #cyberattack #
- Ransomware, Fileless Attacks and Cold Boot the Current Trend
- Virobot Malware Emerges
- Scottish brewery ransomware attack leverages job opening
- Arran Brewery Hits Massive Ransomware Attack – Warned Other Companies to Stay Safe
ATTACKS
- Microsoft goes password-free for Azure AD sign-in
- Cisco: We’ve killed another critical hard-coded root password bug, patch urgently
- Experts uncovered a new Adwind campaign aimed at Linux, Windows, and macOS systems
- Yubico's latest authentication keys get the jump on a 'passwordless' future
- New Adwind Campaign Targets Linux, Windows, and macOS
- US ISP RCN stores customer passwords in cleartext
- Zoho Suspended by Domain Registrar Over Phishy Emails
- [SingCERT] Alert on Cisco Video Surveillance Manager Default Password Vulnerability CVE-2018-15427
- Survey: Nearly one-third of breached companies reported job losses after data breach
- Breaking Chrome / Google account auto login (and tracking)
- 4 Things To Do To Get Your Smartphone Compromised
- Microsoft Deletes Passwords for Azure Active Directory Applications
- [SingCERT] Alert on Microsoft JET Database Engine Vulnerabilities CVE-2018-8392 and CVE-2018-8393
- It’s an active buyer’s market for DDoS-as-a-Service - NETSCOUT
- Tricky DoS Attack Crashes Mozilla Firefox
- Virobot Ransomware Logs Keystrokes and Adds PC to Spam Botnet
- Cisco: We've killed another critical hard-coded root password bug, patch urgently
- Cisco Removes Default Password From Video Surveillance Manager
- Credential Stuffing Attacks Are Reaching DDoS Proportions
- Freelance workers targeted in new malware campaign
- Viborot ransomware comes with a botnet
- Western Digital resolves year-old password bypass bug in My Cloud NAS devices
- Bug Exposed Direct Messages of Millions of Twitter Users
- A bug in Twitter Account Activity API exposed users messages to wrong developers
- Do you know who the biggest threat actors are?
Check out this paper that shares our perspective on the key takeaways from the 2018 Verizon Data Breach Investigations Report.
Get your copy here:
#DBIR #
- Pervasive email #security threats have dampened adoption of #cloud-based productivity tools: #survey #BarracudaNetworks #phishing #Office365 #fraud #AI #
- Hackers Compromised Thousands of WordPress Sites and Redirects to Tech Support Scams
THREATS
- Hackers Use Cloud Hosting Services To Deliver Malware That Steals Cryptocurrency Wallet Details
- Pennsylvania Senate Democrats paid $700,000 to recover from ransomware attack
- macOS Mojave Privacy Bypass Flaw Allows Access to Protected Files
- Adwind RAT Scurries By AV Software With New DDE Variant
- Cisco: We’ve killed another critical hard-coded root password bug, patch urgently
- Join our LIVE Webcast with @SCMagazine on 9/25: #Cryptomining: The Next #Malware Attack >>> register now <<<
- Scottish Brewery Recovered from Ransomware Attack
- Cybercriminals Target Kodi Media Player for Malware Distribution
- Scottish Brewery Recovered from Ransomware Attack …
- U.S. General Service Administration Launches Bug Bounty Program
- Zoho Suspended by Domain Registrar Over Phishy Emails
- Operator of hackers' favorite malware scanning service gets 14 years in prison
- Cisco patches 'critical' credential bug in video surveillance software
- Black Rose Lucy Android malware mimics user's on-screen click
- Adwind RAT Scurries By AV Software With New DDE Variant
- [SingCERT] Alert on Cisco Video Surveillance Manager Default Password Vulnerability CVE-2018-15427
- Hacker Sentenced for Running “Scan4you” Malware Scanning Service
- Apple MacOS Mojave zero-day privacy bypass vulnerability revealed
- The MyCloud Auth Vulnerability Fixed by Western Digital with a Hotfix
- Blocking ransomware for free with honeypots
- Unraveling Emotet's Latest Macro Obfuscation
- [SingCERT] Alert on Microsoft JET Database Engine Vulnerabilities CVE-2018-8392 and CVE-2018-8393
- Adwind Trojan circumvents antivirus software to infect your PC
- Cisco Patches Critical Flaw in Cisco Video Surveillance Manager (VSM) Software
- #SecurityNews: Over 90% of US retail domains analyzed recently were found to be non-compliant with #PCI DSS. The sector also performed worst out of the 18 appraised. Read more about this here: #compliance #cyberattack #
- Researchers warn of iTranslator man-in-the-middle malware
- New Bug Crashes Mozilla Firefox on Windows, Linux, and Mac Systems
- Virobot Ransomware Logs Keystrokes and Adds PC to Spam Botnet
- Cisco Patched Critical Vulnerability With Video Surveillance Manager Appliance
- [SingCERT] Alert on Critical Out-Of-Band Adobe Acrobat Vulnerability (CVE-2018-12848)
- Critical flaw affects Cisco Video Surveillance Manager
- Pennsylvania Senate Democrats paid $700,000 to recover from ransomware attack
- Ransomware, Fileless Attacks and Cold Boot the Current Trend
- macOS Mojave Privacy Bypass Flaw Allows Access to Protected Files
- Cisco: We've killed another critical hard-coded root password bug, patch urgently
- Virobot Malware Emerges
- Report: Microsoft misses disclosure deadline to patch RCE bug in JET
- Freelance workers targeted in new malware campaign
- Viborot ransomware comes with a botnet
- Scottish brewery ransomware attack leverages job opening
- Arran Brewery Hits Massive Ransomware Attack – Warned Other Companies to Stay Safe
- Western Digital resolves year-old password bypass bug in My Cloud NAS devices
- Cisco Patched Critical Vulnerability In Its Video Surveillance Manager Software
- Bug Exposed Direct Messages of Millions of Twitter Users
- A bug in Twitter Account Activity API exposed users messages to wrong developers
- Thousands of WordPress sites are infected with the malicious code
CRIME
- Pennsylvania Senate Democrats paid $700,000 to recover from ransomware attack
- Join our LIVE Webcast with @SCMagazine on 9/25: #Cryptomining: The Next #Malware Attack >>> register now <<<
- Cybercriminals Target Kodi Media Player for Malware Distribution
- Cybersecurity Has Become a Major Liability for Online Retailers
- Operator of hackers' favorite malware scanning service gets 14 years in prison
- Hacker Sentenced for Running “Scan4you” Malware Scanning Service
- Unraveling Emotet's Latest Macro Obfuscation
- Ransomware, Fileless Attacks and Cold Boot the Current Trend
- Arran Brewery Hits Massive Ransomware Attack – Warned Other Companies to Stay Safe
POLITICS
- macOS Mojave Privacy Bypass Flaw Allows Access to Protected Files
