TRANSNATIONAL / UNKNOWN
Nil
CHINA
Nil
INDIA
Nil
NORTH KOREA
Nil
PAKISTAN
Nil
VIETNAM
Nil
IRAN
Nil
IRAQ
Nil
LEBANON
Nil
PALESTINE
Nil
SAUDI ARABIA
Nil
SYRIA
Nil
TURKEY
Nil
UNITED ARAB EMIRATES
Nil
YEMEN
Nil
RUSSIA
SERBIA
Nil
UKRAINE
Nil
Oct 14, 2018
Threat report for 2018-10-13
DATA BREACH & DATA LOSS
- Pentagon Defense Department travel records data breach
- A combination of #SecurityFlaws and inadequate back-end development of the @Google Firebase database led to #DataLeaks and #SecurityVulnerabilities including HospitalGown.
- 'Only' 30 million accounts were compromised in Facebook hack
- Researchers @proofpoint have been tracking a downloader dubbed #AdvisorsBot as a first-stage payload in campaigns since May 2018.
- Facebook Clarifies Extent of Data Breach
- An Assessment of Google's Data Leak
- ArangoDB v3.3.18 releases: native multi-model database
- Facebook Now Revealed Hackers Stolen 29 Million Facebook Users Personal Data
- Microsoft Fix for Windows JET Database Bug Not Perfect, Micropatch Available
- Breach of Pentagon travel records exposes defense personnel PII
DENIAL-OF-SERVICE
Nil
MALVERTISING
Nil
PHISHING
- Hackers launched @netflix #phishing attacks by obtaining TLS certificates. Learn how hackers mimic popular websites to spoof users and steal
- This skyscraper reminds me of those really long ANSI art BBS login screens. Cc: @sixteencolors @blocktronics @velikani
WEB DEFACEMENT
Nil
BOTNET
Nil
RANSOMWARE
- [SingCERT] Updated Advisory on Ransomware
- APT group called #TeleBots linked to #Industroyer #malware and #NotPetya #ransomware, according to @ESET researchers. By @MaddieBacon11
CRYPTOMINING & CRYPTOCURRENCIES
- Criminals' Cryptocurrency Addiction Continues
- .@alienvault researchers recently discovered #MassMiner, a #cryptocurrency mining #malware that has the ability to infect systems across the web. Discover
- Cryptocurrency Miners trick the user through Fake Flash Updates
- Blockchain and Healthcare in Today’s World
MALWARE
- GPlayed – New Malware Posed as Google Play App to Spy & Steal Data From Your Entire Android Phone
- Researchers @proofpoint have been tracking a downloader dubbed #AdvisorsBot as a first-stage payload in campaigns since May 2018.
- .@alienvault researchers recently discovered #MassMiner, a #cryptocurrency mining #malware that has the ability to infect systems across the web. Discover
- Hackers use Googlebot in mining malware attacks
- Researchers at @TrendMicro found a new strain of #malware -- dubbed #FacexWorm -- that targets users through a malicious #ChromeExtension.
- APT group called #TeleBots linked to #Industroyer #malware and #NotPetya #ransomware, according to @ESET researchers. By @MaddieBacon11
EXPLOIT
Nil
VULNERABILITY
- Now this might be going out on a limb, but here's how a branch.io bug left '685 million' netizens open to website hacks
- Review Shows Glaring Flaws In Xiongmai IoT Devices
- Microsoft JET vulnerability still open to attacks, despite recent patch
- DOM-based XSS Vulnerability Affected 685 Million Users of Tinder, Shopify, Western Union, and Imgur
- A patched #MikroTik router vulnerability amps up severity rating as @TenableSecurity researchers find new potential exploits with more critical consequences.
- Microsoft Fix for Windows JET Database Bug Not Perfect, Micropatch Available
- Vulnerabilities affect Shopify, Tinder and many other sites
Sector brief for 2018-10-13
HEALTHCARE
TRANSPORT
Nil
BANKING & FINANCE
- Pentagon Defense Department travel records data breach
- Cryptocurrency Miners trick the user through Fake Flash Updates
- Hackers use Googlebot in mining malware attacks
INFORMATION & TELECOMMUNICATION
- This skyscraper reminds me of those really long ANSI art BBS login screens. Cc: @sixteencolors @blocktronics @velikani
- 'Only' 30 million accounts were compromised in Facebook hack
- Facebook Clarifies Extent of Data Breach
- Facebook Now Revealed Hackers Stolen 29 Million Facebook Users Personal Data
FOOD
Nil
WATER
Nil
ENERGY
Nil
GOVERNMENT & PUBLIC SERVICE
Nil
Daily brief for 2018-10-13
ASIA
WORLD
- Pentagon Defense Department travel records data breach
- Security researchers found that Industroyer and NotPetya belong to the Russian hacker group
ATTACKS
- Pentagon Defense Department travel records data breach
- Hackers launched @netflix #phishing attacks by obtaining TLS certificates. Learn how hackers mimic popular websites to spoof users and steal
- This skyscraper reminds me of those really long ANSI art BBS login screens. Cc: @sixteencolors @blocktronics @velikani
- A combination of #SecurityFlaws and inadequate back-end development of the @Google Firebase database led to #DataLeaks and #SecurityVulnerabilities including HospitalGown.
- 'Only' 30 million accounts were compromised in Facebook hack
- Researchers @proofpoint have been tracking a downloader dubbed #AdvisorsBot as a first-stage payload in campaigns since May 2018.
- Facebook Clarifies Extent of Data Breach
- An Assessment of Google's Data Leak
- ArangoDB v3.3.18 releases: native multi-model database
- Facebook Now Revealed Hackers Stolen 29 Million Facebook Users Personal Data
- Microsoft Fix for Windows JET Database Bug Not Perfect, Micropatch Available
- Breach of Pentagon travel records exposes defense personnel PII
THREATS
- GPlayed – New Malware Posed as Google Play App to Spy & Steal Data From Your Entire Android Phone
- [SingCERT] Updated Advisory on Ransomware
- Researchers @proofpoint have been tracking a downloader dubbed #AdvisorsBot as a first-stage payload in campaigns since May 2018.
- Now this might be going out on a limb, but here's how a branch.io bug left '685 million' netizens open to website hacks
- Review Shows Glaring Flaws In Xiongmai IoT Devices
- Criminals' Cryptocurrency Addiction Continues
- .@alienvault researchers recently discovered #MassMiner, a #cryptocurrency mining #malware that has the ability to infect systems across the web. Discover
- Cryptocurrency Miners trick the user through Fake Flash Updates
- Microsoft JET vulnerability still open to attacks, despite recent patch
- DOM-based XSS Vulnerability Affected 685 Million Users of Tinder, Shopify, Western Union, and Imgur
- A patched #MikroTik router vulnerability amps up severity rating as @TenableSecurity researchers find new potential exploits with more critical consequences.
- Blockchain and Healthcare in Today’s World
- Microsoft Fix for Windows JET Database Bug Not Perfect, Micropatch Available
- Hackers use Googlebot in mining malware attacks
- Vulnerabilities affect Shopify, Tinder and many other sites
- Researchers at @TrendMicro found a new strain of #malware -- dubbed #FacexWorm -- that targets users through a malicious #ChromeExtension.
- APT group called #TeleBots linked to #Industroyer #malware and #NotPetya #ransomware, according to @ESET researchers. By @MaddieBacon11
CRIME
- ArangoDB v3.3.18 releases: native multi-model database
- Facebook Now Revealed Hackers Stolen 29 Million Facebook Users Personal Data
POLITICS
Oct 13, 2018
APT report for 2018-10-12
TRANSNATIONAL / UNKNOWN
- Cyber News Rundown: Windows 10 Update Deletes Files
- No Cookies for CartThief, a New Magecart Variant
- Payment skimmers sneaking on to websites via third party code
- Gallmaker Hacking Group Attack Government, Military, and Defense Sectors Using Publicly Available Hacking Tools
CHINA
INDIA
Nil
NORTH KOREA
PAKISTAN
Nil
VIETNAM
Nil
IRAN
IRAQ
Nil
LEBANON
Nil
PALESTINE
Nil
SAUDI ARABIA
Nil
SYRIA
Nil
TURKEY
Nil
UNITED ARAB EMIRATES
Nil
YEMEN
Nil
RUSSIA
Nil
SERBIA
Nil
UKRAINE
Nil
Platform report for 2018-10-12
WINDOWS
- Windows 10 October 2018 Update: Release – Halt – Bug Identified – Fix!
- Cyber News Rundown: Windows 10 Update Deletes Files
- Five Eyes Intelligence agencies warn of popular hacking tools
- PoC exploit for Windows Shell RCE released
- Call of Duty: Black Ops 4 welcomes launch with new Blackout and Zombies trailers
- Cryptomining software is hidden as Flash update
LINUX
UNIX
Nil
ANDROID
- Five Eyes Intelligence agencies warn of popular hacking tools
- .@ThreatFabric researchers uncovered an #Android malware, #MysteryBot, which uses overlay attacks to avoid detection. Learn how this #malware affects @Google's
- 360 Total Security has intercepted more than 50,000 Clipboard Wallet Hijacker attacks, helping users recover over 40 million
- This Trojan masquerades as Google Play to hide on your phone in plain sight
- Fortnite for Android Released, But Make Sure You Don't Download Malware
IOS
Nil
MACOS
Threat report for 2018-10-12
DATA BREACH & DATA LOSS
- Facebook Data Breach Update: attackers accessed data of 29 Million users
- Pentagon Reveals Cyber Breach of Travel Records
- NEW BETABOT CAMPAIGN UNDER THE MICROSCOPE
- Detecting Malicious Campaigns with Machine Learning
- Fitmetrix fitness software company may have exposed millions of customer records
- Fake browser update seeks to compromise more MikroTik routers
- Phishing Campaign uses Hijacked Emails to Deliver URSNIF by Replying to Ongoing Threads
- #TLBleed abuses @Intel's HTT chip feature to leak data and obtain sensitive memory information. Learn more about this new side-channel
- Mindbody’s FitMetrix leaked millions of Users’ Personal Details
- Is Google Sync a Vector for Data Breaches?
- Facebook Revises Data Breach Impact Downward, Provides New Details
- How #livechatsoftware leak personal #employeedata?
- Labor seeks updated My Health Record legislation to prevent privatisation
DENIAL-OF-SERVICE
- 'The Nuke Loop' is Fallout 76's endgame, lead designer explains
- UK's NCSC to monitor internet routing to stop DDoS and hijacks
MALVERTISING
Nil
PHISHING
- Threat Announcement: Phishing Sites Detected on Emoji Domains
- Phishing Campaign uses Hijacked Emails to Deliver URSNIF by Replying to Ongoing Threads
- An Examination of a Phishing Kit Dubbed Luis
- Do you know the top myths and facts of #mobile #phishing? If not, don't worry, we've compiled a list of
- Largest Cyber Attack Against Iceland Driven by Complex Phishing Scheme
- Spring Security With Radius Login
WEB DEFACEMENT
Nil
BOTNET
RANSOMWARE
- The Week in Ransomware - October 12th 2018 - NotPetya, GandCrab, and More
- New @ESET research finds APT group dubbed #TeleBots was behind #Industroyer #malware attacks, #NotPetya #ransomware outbreaks, and a recent Exaramel
- GandCrab ransomware operators team up with crypter service
- GandCrab Ransomware Partners With Crypter Service
- This is how much the WannaCry ransomware attack cost the NHS
CRYPTOMINING & CRYPTOCURRENCIES
- Almost 12K MikroTik Routers Are Hunting Around for Cryptojacking Opportunities
- Three Industries That Blockchain Will Impact the Most
- Obfuscated JavaScript Cryptominer
- In 2008, @nokia dominated the mobile phone universe. Four years later, the company was on the verge of extinction. Discover
- 360 Total Security has intercepted more than 50,000 Clipboard Wallet Hijacker attacks, helping users recover over 40 million
- Cryptomining software is hidden as Flash update
MALWARE
- Detecting Malicious Campaigns with Machine Learning
- Fake Adobe Flash Updates Hide Malicious Crypto Miners
- .@ThreatFabric researchers uncovered an #Android malware, #MysteryBot, which uses overlay attacks to avoid detection. Learn how this #malware affects @Google's
- New @ESET research finds APT group dubbed #TeleBots was behind #Industroyer #malware attacks, #NotPetya #ransomware outbreaks, and a recent Exaramel
- Researchers at the 2018 @RSAConference discussed #stegware: @malware that uses #steganography. Discover how this works with expert @lewisnic.
- Hackers targeting Drupal vulnerabilities to install the Shellbot Backdoor
- Researchers at Cisco Talos (@TalosSecurity) recently discovered #GravityRAT, a remote access #Trojan. Discover how this RAT can check for
- GPlayed trojan seeks to play users out of their data
- This Trojan masquerades as Google Play to hide on your phone in plain sight
- Marion County Jail’s Reporting System Fall Prey to Virus Attack
- Some 10% of user-reported emails malicious
- ThreatFabric on stage @bsidesdelft talking about the evolution of
- Fortnite for Android Released, But Make Sure You Don't Download Malware
EXPLOIT
VULNERABILITY
- Windows 10 October 2018 Update: Release – Halt – Bug Identified – Fix!
- FDA Issues Warning about Security Vulnerabilities in Pacemaker Programmers
- Microsoft Zero-Day Patch for JET Bug Incomplete, Claims Firm
- Proof-of-Concept Available for Edge Remote Code Execution Vulnerability
- Facebook States 30 Million People Affected by Last Month's "View As" Bug
- Learn how the #NetSpectre vulnerability affects the #cloud from expert Ed Moyle of @securitycurve.
- What's keeping the #CISO up at night? The vulnerabilities caused by third-party vendors, finds @forrester research. 65% of organizations say
- Micropatch Released to Correct Partially Fixed JET DB Engine RCE Vulnerability
- FDA warns users of cyber vulnerability in pacemaker programmers
- Ryan Kalember, Senior VP of #Cybersecurity Strategy at Proofpoint, discussing why humans are a company’s biggest cybersecurity vulnerability.
- Sony Patched Three Critical Vulnerabilities In Smart TV Bravia
- Hackers targeting Drupal vulnerabilities to install the Shellbot Backdoor
- Now, watch this... Network time protocol bugs sting Juniper operating system
- DOM-XSS Bug Affecting Tinder, Shopify, Yelp, and More
- Facebook's WhatsApp says it has fixed a video call security bug that let hackers hijack accounts.
- Vulnerability allows hijacking of software installed in macOS
- Senator asked Google to explain why the revealing of the Google+ vulnerability was postponed
- Proof-of-concept code published for Microsoft Edge remote code execution bug
Region brief for 2018-10-12
ASIA
- Cyber News Rundown: Windows 10 Update Deletes Files
- Threat Brief: FASTCash ATM Cash Out Tactics
- Five Eyes Intelligence agencies warn of popular hacking tools
- 360 Total Security has intercepted more than 50,000 Clipboard Wallet Hijacker attacks, helping users recover over 40 million
OCEANIA
- Five Eyes Intelligence agencies warn of popular hacking tools
- Labor seeks updated My Health Record legislation to prevent privatisation
NORTH AMERICA
- Facebook Data Breach Update: attackers accessed data of 29 Million users
- Pentagon Reveals Cyber Breach of Travel Records
- FDA Issues Warning about Security Vulnerabilities in Pacemaker Programmers
- Detecting Malicious Campaigns with Machine Learning
- Fake browser update seeks to compromise more MikroTik routers
- Five Eyes Intelligence agencies warn of popular hacking tools
- 360 Total Security has intercepted more than 50,000 Clipboard Wallet Hijacker attacks, helping users recover over 40 million
- DOM-XSS Bug Affecting Tinder, Shopify, Yelp, and More
- Senator asked Google to explain why the revealing of the Google+ vulnerability was postponed
SOUTH AMERICA
Nil
EUROPE
- Facebook Data Breach Update: attackers accessed data of 29 Million users
- Almost 12K MikroTik Routers Are Hunting Around for Cryptojacking Opportunities
- Cyber News Rundown: Windows 10 Update Deletes Files
- Fake browser update seeks to compromise more MikroTik routers
- An Examination of a Phishing Kit Dubbed Luis
- Five Eyes Intelligence agencies warn of popular hacking tools
- UK's NCSC to monitor internet routing to stop DDoS and hijacks
- Largest Cyber Attack Against Iceland Driven by Complex Phishing Scheme
AFRICA
Nil
Sector brief for 2018-10-12
HEALTHCARE
TRANSPORT
BANKING & FINANCE
- Pentagon Reveals Cyber Breach of Travel Records
- No Cookies for CartThief, a New Magecart Variant
- An Examination of a Phishing Kit Dubbed Luis
- Mindbody’s FitMetrix leaked millions of Users’ Personal Details
- Threat Brief: FASTCash ATM Cash Out Tactics
- Five Eyes Intelligence agencies warn of popular hacking tools
- Payment skimmers sneaking on to websites via third party code
- 360 Total Security has intercepted more than 50,000 Clipboard Wallet Hijacker attacks, helping users recover over 40 million
- This is how much the WannaCry ransomware attack cost the NHS
- ThreatFabric on stage @bsidesdelft talking about the evolution of
INFORMATION & TELECOMMUNICATION
- Facebook Data Breach Update: attackers accessed data of 29 Million users
- Detecting Malicious Campaigns with Machine Learning
- Almost 12K MikroTik Routers Are Hunting Around for Cryptojacking Opportunities
- Cyber News Rundown: Windows 10 Update Deletes Files
- Facebook States 30 Million People Affected by Last Month's "View As" Bug
- Fake browser update seeks to compromise more MikroTik routers
- An Examination of a Phishing Kit Dubbed Luis
- Do you know the top myths and facts of #mobile #phishing? If not, don't worry, we've compiled a list of
- Facebook Revises Data Breach Impact Downward, Provides New Details
- Facebook's WhatsApp says it has fixed a video call security bug that let hackers hijack accounts.
- ThreatFabric on stage @bsidesdelft talking about the evolution of
FOOD
Nil
WATER
Nil
ENERGY
Nil
GOVERNMENT & PUBLIC SERVICE
Daily brief for 2018-10-12
ASIA
- Cyber News Rundown: Windows 10 Update Deletes Files
- Threat Brief: FASTCash ATM Cash Out Tactics
- Five Eyes Intelligence agencies warn of popular hacking tools
- 360 Total Security has intercepted more than 50,000 Clipboard Wallet Hijacker attacks, helping users recover over 40 million
WORLD
- Facebook Data Breach Update: attackers accessed data of 29 Million users
- Pentagon Reveals Cyber Breach of Travel Records
- FDA Issues Warning about Security Vulnerabilities in Pacemaker Programmers
- Detecting Malicious Campaigns with Machine Learning
- Almost 12K MikroTik Routers Are Hunting Around for Cryptojacking Opportunities
- Cyber News Rundown: Windows 10 Update Deletes Files
- Fake browser update seeks to compromise more MikroTik routers
- An Examination of a Phishing Kit Dubbed Luis
- Five Eyes Intelligence agencies warn of popular hacking tools
- 360 Total Security has intercepted more than 50,000 Clipboard Wallet Hijacker attacks, helping users recover over 40 million
- DOM-XSS Bug Affecting Tinder, Shopify, Yelp, and More
- UK's NCSC to monitor internet routing to stop DDoS and hijacks
- Largest Cyber Attack Against Iceland Driven by Complex Phishing Scheme
- Labor seeks updated My Health Record legislation to prevent privatisation
- Senator asked Google to explain why the revealing of the Google+ vulnerability was postponed
ATTACKS
- Facebook Data Breach Update: attackers accessed data of 29 Million users
- Pentagon Reveals Cyber Breach of Travel Records
- NEW BETABOT CAMPAIGN UNDER THE MICROSCOPE
- Detecting Malicious Campaigns with Machine Learning
- Fitmetrix fitness software company may have exposed millions of customer records
- Fake browser update seeks to compromise more MikroTik routers
- Threat Announcement: Phishing Sites Detected on Emoji Domains
- Phishing Campaign uses Hijacked Emails to Deliver URSNIF by Replying to Ongoing Threads
- #TLBleed abuses @Intel's HTT chip feature to leak data and obtain sensitive memory information. Learn more about this new side-channel
- An Examination of a Phishing Kit Dubbed Luis
- Mindbody’s FitMetrix leaked millions of Users’ Personal Details
- Is Google Sync a Vector for Data Breaches?
- Do you know the top myths and facts of #mobile #phishing? If not, don't worry, we've compiled a list of
- Facebook Revises Data Breach Impact Downward, Provides New Details
- How #livechatsoftware leak personal #employeedata?
- Largest Cyber Attack Against Iceland Driven by Complex Phishing Scheme
- Spring Security With Radius Login
- Labor seeks updated My Health Record legislation to prevent privatisation
THREATS
- Windows 10 October 2018 Update: Release – Halt – Bug Identified – Fix!
- FDA Issues Warning about Security Vulnerabilities in Pacemaker Programmers
- Detecting Malicious Campaigns with Machine Learning
- Almost 12K MikroTik Routers Are Hunting Around for Cryptojacking Opportunities
- The Week in Ransomware - October 12th 2018 - NotPetya, GandCrab, and More
- Microsoft Zero-Day Patch for JET Bug Incomplete, Claims Firm
- Three Industries That Blockchain Will Impact the Most
- Proof-of-Concept Available for Edge Remote Code Execution Vulnerability
- Facebook States 30 Million People Affected by Last Month's "View As" Bug
- Fake Adobe Flash Updates Hide Malicious Crypto Miners
- Learn how the #NetSpectre vulnerability affects the #cloud from expert Ed Moyle of @securitycurve.
- What's keeping the #CISO up at night? The vulnerabilities caused by third-party vendors, finds @forrester research. 65% of organizations say
- Micropatch Released to Correct Partially Fixed JET DB Engine RCE Vulnerability
- Obfuscated JavaScript Cryptominer
- FDA warns users of cyber vulnerability in pacemaker programmers
- In 2008, @nokia dominated the mobile phone universe. Four years later, the company was on the verge of extinction. Discover
- .@ThreatFabric researchers uncovered an #Android malware, #MysteryBot, which uses overlay attacks to avoid detection. Learn how this #malware affects @Google's
- New @ESET research finds APT group dubbed #TeleBots was behind #Industroyer #malware attacks, #NotPetya #ransomware outbreaks, and a recent Exaramel
- Ryan Kalember, Senior VP of #Cybersecurity Strategy at Proofpoint, discussing why humans are a company’s biggest cybersecurity vulnerability.
- Researchers at the 2018 @RSAConference discussed #stegware: @malware that uses #steganography. Discover how this works with expert @lewisnic.
- Sony Patched Three Critical Vulnerabilities In Smart TV Bravia
- Hackers targeting Drupal vulnerabilities to install the Shellbot Backdoor
- 360 Total Security has intercepted more than 50,000 Clipboard Wallet Hijacker attacks, helping users recover over 40 million
- GandCrab ransomware operators team up with crypter service
- Now, watch this... Network time protocol bugs sting Juniper operating system
- GandCrab Ransomware Partners With Crypter Service
- This is how much the WannaCry ransomware attack cost the NHS
- Researchers at Cisco Talos (@TalosSecurity) recently discovered #GravityRAT, a remote access #Trojan. Discover how this RAT can check for
- GPlayed trojan seeks to play users out of their data
- This Trojan masquerades as Google Play to hide on your phone in plain sight
- DOM-XSS Bug Affecting Tinder, Shopify, Yelp, and More
- Facebook's WhatsApp says it has fixed a video call security bug that let hackers hijack accounts.
- Marion County Jail’s Reporting System Fall Prey to Virus Attack
- Some 10% of user-reported emails malicious
- Cryptomining software is hidden as Flash update
- ThreatFabric on stage @bsidesdelft talking about the evolution of
- Vulnerability allows hijacking of software installed in macOS
- Fortnite for Android Released, But Make Sure You Don't Download Malware
- Senator asked Google to explain why the revealing of the Google+ vulnerability was postponed
- Proof-of-concept code published for Microsoft Edge remote code execution bug
CRIME
- Facebook Data Breach Update: attackers accessed data of 29 Million users
- Facebook States 30 Million People Affected by Last Month's "View As" Bug
- Fake browser update seeks to compromise more MikroTik routers
- Threat Brief: FASTCash ATM Cash Out Tactics
- Hackers targeting Drupal vulnerabilities to install the Shellbot Backdoor
- 360 Total Security has intercepted more than 50,000 Clipboard Wallet Hijacker attacks, helping users recover over 40 million
- PoC exploit for Windows Shell RCE released
- DOM-XSS Bug Affecting Tinder, Shopify, Yelp, and More
- UK's NCSC to monitor internet routing to stop DDoS and hijacks
- Largest Cyber Attack Against Iceland Driven by Complex Phishing Scheme
POLITICS
Nil
Oct 12, 2018
APT report for 2018-10-11
TRANSNATIONAL / UNKNOWN
- Magecart Card-Stealing Gang Hits 'Shopper Approved' Plug-In
- Microsoft October Patch Tuesday fixed Win32k privilege vulnerability that used in targeted attacks
- New Gallmaker APT group eschews malware in cyber espionage campaigns
CHINA
- Cybersecurity Authorities Issue Alert About Publicly Available Hacking Tools
- AA18-284A: Publicly Available Tools Seen in Cyber Incidents Worldwide
- Threats in the Netherlands
INDIA
NORTH KOREA
PAKISTAN
Nil
VIETNAM
Nil
IRAN
Nil
IRAQ
Nil
LEBANON
Nil
PALESTINE
Nil
SAUDI ARABIA
SYRIA
Nil
TURKEY
Nil
UNITED ARAB EMIRATES
Nil
YEMEN
Nil
RUSSIA
- Exaramel Malware Links Industroyer ICS malware and NotPetya wiper
- Researchers link tools used in NotPetya and Ukraine grid hacks
- What would happen if an attack interrupted a country’s power supply?
- Threats in the Netherlands
SERBIA
Nil
UKRAINE
Platform report for 2018-10-11
WINDOWS
- Exaramel Malware Links Industroyer ICS malware and NotPetya wiper
- Cybersecurity Authorities Issue Alert About Publicly Available Hacking Tools
- PoC Code Available for Microsoft Edge Remote Code Execution Bug
- AA18-284A: Publicly Available Tools Seen in Cyber Incidents Worldwide
- Researchers link tools used in NotPetya and Ukraine grid hacks
- Fake Flash Updaters Push Cryptocurrency Miners
- Adobe patches critical flaws in many of its software offerings
- Qihoo 360’s precise analysis of ransomware for September
- Microsoft October Patch Tuesday fixed Win32k privilege vulnerability that used in targeted attacks
- New Gallmaker APT group eschews malware in cyber espionage campaigns
- GPlayed Trojan - .Net playing with Google Market
- Avast 2019: Extends Artificial Intelligence Technology to Block Advanced Phishing Attacks for Enhanced Consumer Security
- JSRAT – Secret Command and Control Channel Backdoor to Control Victims Machine Using JavaScript
LINUX
- Exaramel Malware Links Industroyer ICS malware and NotPetya wiper
- AA18-284A: Publicly Available Tools Seen in Cyber Incidents Worldwide
- Adobe patches critical flaws in many of its software offerings
- JSRAT – Secret Command and Control Channel Backdoor to Control Victims Machine Using JavaScript
UNIX
Nil
ANDROID
- GPlayed Android Trojan Can Wipe Your Device, Steal Data, Make Calls, Send SMS
- Adaptable, All-in-One Android Trojan Shows the Future of Malware
- Talos: Android trojan resembling Play Store installs sophisticated spyware
- AA18-284A: Publicly Available Tools Seen in Cyber Incidents Worldwide
- GPlayed trojan – .Net playing with Google Market
- New Android Trojan Gplayed Adapts to Attacker's Needs
- All WhatsApp Users Must Update: Zero Day Bug Found in WhatsApp
- GPlayed Trojan - .Net playing with Google Market
- A simple videocall could compromise your WhatsApp account
IOS
- Talos: Android trojan resembling Play Store installs sophisticated spyware
- All WhatsApp Users Must Update: Zero Day Bug Found in WhatsApp
- A simple videocall could compromise your WhatsApp account
MACOS
Threat report for 2018-10-11
DATA BREACH & DATA LOSS
- The BEC List: Helping Thwart Business Email Compromise through Collaboration
- Personal data for coffee. What’s the risk? | Avast
- The EU and the US have investigated on data breaches on the Google+
- FitMetrix user data exposed via passwordless ElasticSearch server cluster
- Apple has formed a partnership with lyrics database provider Genius
- Defending Against Business Email Compromise Attacks
- Heathrow Airport, the busiest airport in the United Kingdom, has been fined £120,000 (about $158,173) following a data breach caused
- Palo Alto Networks Uncovers Flash Updater Cryptojacking Campaign
- Gemalto reports that 4.6 billion record leaked in the first half of 2018
- A new database with information on every shooting at a school in the last 50 years is now available publicly
- New Gallmaker APT group eschews malware in cyber espionage campaigns
- Ghostdns Attack Compromised Over 100K Routers
- A simple videocall could compromise your WhatsApp account
- Mingis on Tech: Data breaches and the rise of 'surveillance capitalism'
- Mingis on Tech: Data breaches in a world of 'surveillance capitalism'
DENIAL-OF-SERVICE
Nil
MALVERTISING
Nil
PHISHING
- California Bill Increases Default Password Security
- Cofense Report Reveals 10 Percent of User-Reported Emails Across Key Industries are Malicious, Over Half Tied to Credential Phishing
- Hackers launched #phishing attacks against @netflix users via malicious sites with TLS certificates. Learn how hackers mimic popular websites to
- Avast 2019: Extends Artificial Intelligence Technology to Block Advanced Phishing Attacks for Enhanced Consumer Security
- AVG 2019 now includes enhanced phishing threat detection
WEB DEFACEMENT
BOTNET
Nil
RANSOMWARE
- Qihoo 360’s precise analysis of ransomware for September
- Costly cryptojacking overtakes ransomware in the enterprise threat stakes
CRYPTOMINING & CRYPTOCURRENCIES
- XMRig Cryptocurrency Miner Camouflages Itself as a Flash Updater
- Cops Arrest Infamous SIM Swapper Who Stole Crypto Currency
- Cops Arrest Infamous SIM Swapper Who Allegedly Stole $14 Million in Cryptocurrency
- Cryptomining malware discovered masquerading as Flash updates
- Fake Flash Updaters Push Cryptocurrency Miners
- Hackers Abusing Legitimate Googlebot Services to Inject Cryptomining Malware
- Researchers from @alienvault found a new #cryptocurrency mining malware -- dubbed #MassMiner -- that infects systems across the web. Learn
- Crypto-mining malware poses as Flash updates
- Dublin Information Sec: Protect your firm from 'Gold Rush' #cryptocurrency scammers: https://www.independent.ie/business/dublin-information-sec/dublin-information-sec-protect-your-firm-from-gold-rush-cryptocurrency-scammers-37286913.html … ( via @jimmychappell )
MALWARE
- Exaramel Malware Links Industroyer ICS malware and NotPetya wiper
- GPlayed Android Trojan Can Wipe Your Device, Steal Data, Make Calls, Send SMS
- Hackers Exploit Drupalgeddon2 to Install Backdoor
- Adaptable, All-in-One Android Trojan Shows the Future of Malware
- Talos: Android trojan resembling Play Store installs sophisticated spyware
- Most Malware Arrives Via Email
- Fake Adobe Flash Updates Hide Malicious Crypto Miners
- .@TrendMicro researchers discovered a malicious #ChromeExtension spreading #malware. Learn more with expert @lewisnic.
- GPlayed trojan – .Net playing with Google Market
- Cryptomining malware discovered masquerading as Flash updates
- This cryptojacking mining malware pretends to be a Flash update
- Hackers Abusing Legitimate Googlebot Services to Inject Cryptomining Malware
- Reaper Group Uses New Malware to Deploy RAT
- Cofense Report Reveals 10 Percent of User-Reported Emails Across Key Industries are Malicious, Over Half Tied to Credential Phishing
- Exaramel Malware Reinforces Link Between Industroyer and NotPetya
- New TeleBots backdoor: First evidence linking Industroyer to NotPetya
- New TeleBots backdoor: First evidence linking Industroyer to NotPetya
- New Android Trojan Gplayed Adapts to Attacker's Needs
- Researchers from @alienvault found a new #cryptocurrency mining malware -- dubbed #MassMiner -- that infects systems across the web. Learn
- Hackers launched #phishing attacks against @netflix users via malicious sites with TLS certificates. Learn how hackers mimic popular websites to
- Crypto-mining malware poses as Flash updates
- Who needs custom malware? 'Govt-backed' Gallmaker spy crew uses off-the-shelf wares
- Worker perks flinger Sodexo pulls Engage website after malware smackdown
- New Backdoor Ties NotPetya and Industroyer to TeleBots Group
- .@FarsightSecInc's @paulvixie says his company's new research into domain name lifespans and causes of death shows the need for new
- "Help! I have a #computer worm..oh wait is it a computer #virus?" These terms are often used interchangeably, but have
- The attached file promptly infects Peter’s laptop with the RAT, remote access trojan. It only takes about an hour from
- New Gallmaker APT group eschews malware in cyber espionage campaigns
- GPlayed Trojan - .Net playing with Google Market
- Canada-Based Restaurant Chain Hit with Malware Attack
- Hackers Use Hijacked Email Address To Send Malware as a Reply to Existing Email Thread
- JSRAT – Secret Command and Control Channel Backdoor to Control Victims Machine Using JavaScript
- How to Defeat Malicious Everything as-a-Service
EXPLOIT
- Hackers Exploit Drupalgeddon2 to Install Backdoor
- PoC Code Available for Microsoft Edge Remote Code Execution Bug
VULNERABILITY
- Multiple Vulnerabilities Dicovered In RouterOS That Affected MikroTik Routers
- Senate seeks internal memo on Google+ vulnerability
- Slow disclosure of Google+ flaw draws attention of senators
- PoC Code Available for Microsoft Edge Remote Code Execution Bug
- .@Google Firebase's lack of #DatabaseSecurity and inadequate #BackendDevelopment led to #DataLeaks and vulnerabilities, including HospitalGown. Learn more about this
- Network Time Protocol Bugs Sting Juniper Operating System
- Juniper Networks provides dozens of fix for vulnerabilities in Junos OS
- Audit Finds No Critical Flaws in Firefox Update System
- [SingCERT] Alert on 12 Critical Microsoft Vulnerabilities for October 2018 Patch Tuesday
- A patched #MikroTik router vulnerability amps up severity rating as @TenableSecurity researchers find new potential exploits with more critical consequences.
- Juniper fixes 30+ vulnerabilities in its routing, switching devices
- Adobe patches critical flaws in many of its software offerings
- Update now! Microsoft fixes 49 bugs, 12 are critical
- All WhatsApp Users Must Update: Zero Day Bug Found in WhatsApp
- VMware issues advisory for a DoS vulnerability
- .@TenableSecurity found new exploits of an already patched #MikroTik router vulnerability that could enable hackers to launch #RemoteCode execution attacks.
- Juniper Patches Serious Flaws in Junos OS
- Microsoft October Patch Tuesday fixed Win32k privilege vulnerability that used in targeted attacks
- Four Critical Flaws Patched In Adobe Digital Edition
Region brief for 2018-10-11
ASIA
- Cybersecurity Authorities Issue Alert About Publicly Available Hacking Tools
- AA18-284A: Publicly Available Tools Seen in Cyber Incidents Worldwide
- What would happen if an attack interrupted a country’s power supply?
- Reaper Group Uses New Malware to Deploy RAT
- Threats in the Netherlands
OCEANIA
- Cybersecurity Authorities Issue Alert About Publicly Available Hacking Tools
- AA18-284A: Publicly Available Tools Seen in Cyber Incidents Worldwide
NORTH AMERICA
- Cybersecurity Authorities Issue Alert About Publicly Available Hacking Tools
- The Reality of Self-Driving Cars and the Regulatory Hurdles
- AA18-284A: Publicly Available Tools Seen in Cyber Incidents Worldwide
- The EU and the US have investigated on data breaches on the Google+
- Researchers link tools used in NotPetya and Ukraine grid hacks
- What would happen if an attack interrupted a country’s power supply?
- Cops Arrest Infamous SIM Swapper Who Allegedly Stole $14 Million in Cryptocurrency
- Microsoft October Patch Tuesday fixed Win32k privilege vulnerability that used in targeted attacks
- Threats in the Netherlands
- Italian Police Finally Identified 25-Year-old Italian Hacker who have Defaced NASA Websites
- Canada-Based Restaurant Chain Hit with Malware Attack
SOUTH AMERICA
EUROPE
- Exaramel Malware Links Industroyer ICS malware and NotPetya wiper
- Cybersecurity Authorities Issue Alert About Publicly Available Hacking Tools
- Adaptable, All-in-One Android Trojan Shows the Future of Malware
- Talos: Android trojan resembling Play Store installs sophisticated spyware
- AA18-284A: Publicly Available Tools Seen in Cyber Incidents Worldwide
- Researchers link tools used in NotPetya and Ukraine grid hacks
- What would happen if an attack interrupted a country’s power supply?
- Reaper Group Uses New Malware to Deploy RAT
- Worker perks flinger Sodexo pulls Engage website after malware smackdown
- Defending Against Business Email Compromise Attacks
- Heathrow Airport, the busiest airport in the United Kingdom, has been fined £120,000 (about $158,173) following a data breach caused
- Threats in the Netherlands
- New Gallmaker APT group eschews malware in cyber espionage campaigns
- Italian Police Finally Identified 25-Year-old Italian Hacker who have Defaced NASA Websites
- GPlayed Trojan - .Net playing with Google Market
AFRICA
Nil
Subscribe to:
Posts (Atom)