DATA BREACH & DATA LOSS
- Facebook Hack Update – 30 Million Affected; More Details Exposed; No ID Protection
- Malware Campaign Distributes Data Stealer Trojan/RAT, Circumvents Anti-Malware
- Up to 35 Million 2018 Voter Records For Sale on Hacking Forum
- US voter records from 19 states sold on hacking forum
- Tens of Millions of U.S. Voter Records for Sale
- Pentagon Defense Department travel records data breach
- Did Jamal Khashoggi’s Apple Watch record his murder at Saudi consulate? Probably not
- New Gallmaker APT group eschews malware in cyber espionage campaigns
- Microsoft Incompletely Patches JET Database Vulnerability
- Old dog, new tricks – Analysing new RTF-based campaign distributing Agent Tesla, Loki with PyREbox
- Millions of Voter Records Found for Sale on the Dark Web
- Pentagon reveals cyber breach of travel records
- Pentagon Employee Data Breach, An Eye-Opener
- Facebook opens up about data breach details
- Facebook data breach: Victims will not be offered free identity theft protection
- A flaw in @Google Firebase #DatabaseSecurity allowed hackers to bypass security and leak data. Learn more about this #SecurityFlaw and
- Iceland hit by Biggest Cyber Attack on Record
- Scottish Ambulance Service Exposed Employees’ Data Online
- Pentagon Staff Hit by Major Data Breach
- FitMetrix data exposed on unprotected Elasticsearch servers
- Pentagon Data Breach Exposes up to 30,000 Travel Records
- Iceland's largest phishing campaign imitated police
- #Nymaim and #BankBot #Anubis PL campaign
hxxp://przelewy24[.]ml/
hxxp://faktura24[.]cf/
SHA256: 4cb0b471a2132a747abf78214fbdbf0e8d7f44857996117bdbb266d42a277970
C2: bilagoong[.]tk
@ThreatFabric @virqdroid @LukasStefanko
- Old dog, new tricks - Analysing new RTF-based campaign distributing Agent Tesla, Loki with PyREbox
- A Russian cyber vigilante is patching outdated MikroTik routers exposed online
- FitMetrix Unprotected Passwordless Database Exposed Millions of User Data
- Stringent password rules lower risk of personal data breaches
- Branch.io Flaws Exposed Tinder, Shopify, Yelp Users to XSS Attacks
DENIAL-OF-SERVICE
Nil
MALVERTISING
Nil
PHISHING
- Create an email phishing test to minimize attack vectors
- Learn how we are using #MachineLearning to detect mobile #phishing attacks with @thepacketrat and @dyngnosis: https://okt.to/W29vsS @PhishingAi @arstechnica
- Learn how hackers launched #phishing attacks against @netflix users with expert Michael Cobb of @thehairyITdog
- Hackers could use emoji domains to spread phishing attacks
- Iceland's largest phishing campaign imitated police
- Stringent password rules lower risk of personal data breaches
- According to #GroupIB experts, online market for counterfeit goods in Russia has reached $1,5 billion, while the number of phishing
- Google to Encrypt Android Cloud Backups With Your Lock Screen Password
WEB DEFACEMENT
Nil
BOTNET
Nil
RANSOMWARE
- Small businesses repeatedly falling victim to ransomware - Kaspersky
- Ransomware hits computer networks of North Carolina water utility
- Un nouveau rapport montre que les attaques par ransomware ont diminué au premier semestre 2018. Les pirates se tournent vers
CRYPTOMINING & CRYPTOCURRENCIES
- 400 Percent Increase in Cryptocurrency Mining Attacks Against iOS Devices
- Flash Updater Adds Cryptocurrency Miner
- iPhone a Growing Target of Crypto-Mining Attacks
- Economist Nouriel Roubini: Blockchain and bitcoin are the world’s biggest scams
- Fake Adobe update really *does* update Flash (while also installing cryptominer)
- Cryptomining Malware Infects Computers via Fake Adobe Updates
- September 2018’s Most Wanted Malware: Cryptomining Attacks Against Apple Devices On The Rise
- Fake Adobe update really *does* update Flash (while also installing cryptominer)
- 'Flash update' scam serves up legit software, but with a side of cryptominer
- How a #cryptocurrency mining #malware infects systems
- What are blockchain’s smart contracts? And how to secure them
- Android Apps Pretend to Mine Unmineable CryptoCurrencies to Just Show Ads
- SpankChain hacker steals the virtual currency and returns stolen ethereum
MALWARE
- Malware Campaign Distributes Data Stealer Trojan/RAT, Circumvents Anti-Malware
- New Gallmaker APT group eschews malware in cyber espionage campaigns
- Octopus Trojan exploits Telegram ban fears to snag diplomatic targets across Asia
- At the 2018 @RSAConference, researchers discussed the rise of stegware -- #malware that uses #steganography techniques to avoid detection. Learn
- Cryptomining Malware Infects Computers via Fake Adobe Updates
- September 2018’s Most Wanted Malware: Cryptomining Attacks Against Apple Devices On The Rise
- #Mobile #malware is on the rise. With mobile devices, hackers are able to access data far more sensitive than what
- .@TrendMicro researchers discovered #FacexWorm, a #malware that uses a #ChromeExtension and @Facebook Messenger to spread. Learn which users are at
- How does the MnuBot banking Trojan use unusual C&C servers?
- How a #cryptocurrency mining #malware infects systems
- @ThreatFabric Gaetan van Diemen showed us the actual situation and future predictions of Mobile Banking Malware. Thx for that awesome
- Godzilla Loader and the Long Tail of Malware
- Sony PS4 encounters malicious code attack and receives malicious messages
EXPLOIT
- New Technique Recycles Exploit Chain to Keep Antivirus Silent
VULNERABILITY
- FDA Warns of Flaws in Medtronic Programmers
- Microsoft Incompletely Patches JET Database Vulnerability
- Apple VoiceOver iOS Vulnerability Permits Hacker Access To User Photos
- .@TenableSecurity research finds new exploits of an already patched #MikroTik router vulnerability that could enable hackers to launch remote code
- Sony working on a fix for bug that's crashing PlayStation 4 consoles
- Apple VoiceOver iOS vulnerability permits hacker access to user photos
- Multiple Vulnerabilities Discovered in PHP Lead to Arbitrary Code Execution, DoS
- Details of Vulnerability in Google PDFium’s JBIG2 Revealed
- A flaw in @Google Firebase #DatabaseSecurity allowed hackers to bypass security and leak data. Learn more about this #SecurityFlaw and
- Branch.io Flaws may have affected as many as 685 million individuals
- Branch.io Flaws Exposed Tinder, Shopify, Yelp Users to XSS Attacks
ASIA
- Did Jamal Khashoggi’s Apple Watch record his murder at Saudi consulate? Probably not
- Octopus-infested seas of Central Asia
WORLD
- US voter records from 19 states sold on hacking forum
- Tens of Millions of U.S. Voter Records for Sale
- Pentagon Defense Department travel records data breach
- FDA Warns of Flaws in Medtronic Programmers
- New Gallmaker APT group eschews malware in cyber espionage campaigns
- Millions of Voter Records Found for Sale on the Dark Web
- Pentagon Employee Data Breach, An Eye-Opener
- Economist Nouriel Roubini: Blockchain and bitcoin are the world’s biggest scams
- TeleBots APT Group - Links to Industroyer, NotPetya and BlackEnergy
- September 2018’s Most Wanted Malware: Cryptomining Attacks Against Apple Devices On The Rise
- Iceland hit by Biggest Cyber Attack on Record
- Scottish Ambulance Service Exposed Employees’ Data Online
- Pentagon Staff Hit by Major Data Breach
- Russia-linked BlackEnergy backed new cyber attacks on Ukraine’s state bodies
- Pentagon Data Breach Exposes up to 30,000 Travel Records
- Un nouveau rapport montre que les attaques par ransomware ont diminué au premier semestre 2018. Les pirates se tournent vers
- Octopus-infested seas of Central Asia
- Iceland's largest phishing campaign imitated police
- Old dog, new tricks - Analysing new RTF-based campaign distributing Agent Tesla, Loki with PyREbox
- @ThreatFabric Gaetan van Diemen showed us the actual situation and future predictions of Mobile Banking Malware. Thx for that awesome
- Branch.io Flaws may have affected as many as 685 million individuals
- A Russian cyber vigilante is patching outdated MikroTik routers exposed online
- According to #GroupIB experts, online market for counterfeit goods in Russia has reached $1,5 billion, while the number of phishing
- Stopping Hidden Threats: How to Defend Against Fileless Attacks
- SpankChain hacker steals the virtual currency and returns stolen ethereum
ATTACKS
- Create an email phishing test to minimize attack vectors
- Facebook Hack Update – 30 Million Affected; More Details Exposed; No ID Protection
- Malware Campaign Distributes Data Stealer Trojan/RAT, Circumvents Anti-Malware
- Up to 35 Million 2018 Voter Records For Sale on Hacking Forum
- US voter records from 19 states sold on hacking forum
- Tens of Millions of U.S. Voter Records for Sale
- Pentagon Defense Department travel records data breach
- Did Jamal Khashoggi’s Apple Watch record his murder at Saudi consulate? Probably not
- New Gallmaker APT group eschews malware in cyber espionage campaigns
- Microsoft Incompletely Patches JET Database Vulnerability
- Old dog, new tricks – Analysing new RTF-based campaign distributing Agent Tesla, Loki with PyREbox
- Millions of Voter Records Found for Sale on the Dark Web
- Learn how we are using #MachineLearning to detect mobile #phishing attacks with @thepacketrat and @dyngnosis: https://okt.to/W29vsS @PhishingAi @arstechnica
- Learn how hackers launched #phishing attacks against @netflix users with expert Michael Cobb of @thehairyITdog
- Hackers could use emoji domains to spread phishing attacks
- Pentagon reveals cyber breach of travel records
- Pentagon Employee Data Breach, An Eye-Opener
- Facebook opens up about data breach details
- Facebook data breach: Victims will not be offered free identity theft protection
- A flaw in @Google Firebase #DatabaseSecurity allowed hackers to bypass security and leak data. Learn more about this #SecurityFlaw and
- Iceland hit by Biggest Cyber Attack on Record
- Scottish Ambulance Service Exposed Employees’ Data Online
- Pentagon Staff Hit by Major Data Breach
- FitMetrix data exposed on unprotected Elasticsearch servers
- Pentagon Data Breach Exposes up to 30,000 Travel Records
- Iceland's largest phishing campaign imitated police
- #Nymaim and #BankBot #Anubis PL campaign
hxxp://przelewy24[.]ml/
hxxp://faktura24[.]cf/
SHA256: 4cb0b471a2132a747abf78214fbdbf0e8d7f44857996117bdbb266d42a277970
C2: bilagoong[.]tk
@ThreatFabric @virqdroid @LukasStefanko
- Old dog, new tricks - Analysing new RTF-based campaign distributing Agent Tesla, Loki with PyREbox
- A Russian cyber vigilante is patching outdated MikroTik routers exposed online
- FitMetrix Unprotected Passwordless Database Exposed Millions of User Data
- Stringent password rules lower risk of personal data breaches
- Branch.io Flaws Exposed Tinder, Shopify, Yelp Users to XSS Attacks
- According to #GroupIB experts, online market for counterfeit goods in Russia has reached $1,5 billion, while the number of phishing
- Google to Encrypt Android Cloud Backups With Your Lock Screen Password
THREATS
- Small businesses repeatedly falling victim to ransomware - Kaspersky
- 400 Percent Increase in Cryptocurrency Mining Attacks Against iOS Devices
- Flash Updater Adds Cryptocurrency Miner
- Ransomware hits computer networks of North Carolina water utility
- Malware Campaign Distributes Data Stealer Trojan/RAT, Circumvents Anti-Malware
- FDA Warns of Flaws in Medtronic Programmers
- New Gallmaker APT group eschews malware in cyber espionage campaigns
- Microsoft Incompletely Patches JET Database Vulnerability
- Apple VoiceOver iOS Vulnerability Permits Hacker Access To User Photos
- .@TenableSecurity research finds new exploits of an already patched #MikroTik router vulnerability that could enable hackers to launch remote code
- iPhone a Growing Target of Crypto-Mining Attacks
- Octopus Trojan exploits Telegram ban fears to snag diplomatic targets across Asia
- Sony working on a fix for bug that's crashing PlayStation 4 consoles
- Economist Nouriel Roubini: Blockchain and bitcoin are the world’s biggest scams
- At the 2018 @RSAConference, researchers discussed the rise of stegware -- #malware that uses #steganography techniques to avoid detection. Learn
- Fake Adobe update really *does* update Flash (while also installing cryptominer)
- Apple VoiceOver iOS vulnerability permits hacker access to user photos
- Cryptomining Malware Infects Computers via Fake Adobe Updates
- September 2018’s Most Wanted Malware: Cryptomining Attacks Against Apple Devices On The Rise
- Fake Adobe update really *does* update Flash (while also installing cryptominer)
- Multiple Vulnerabilities Discovered in PHP Lead to Arbitrary Code Execution, DoS
- Details of Vulnerability in Google PDFium’s JBIG2 Revealed
- A flaw in @Google Firebase #DatabaseSecurity allowed hackers to bypass security and leak data. Learn more about this #SecurityFlaw and
- #Mobile #malware is on the rise. With mobile devices, hackers are able to access data far more sensitive than what
- Un nouveau rapport montre que les attaques par ransomware ont diminué au premier semestre 2018. Les pirates se tournent vers
- .@TrendMicro researchers discovered #FacexWorm, a #malware that uses a #ChromeExtension and @Facebook Messenger to spread. Learn which users are at
- 'Flash update' scam serves up legit software, but with a side of cryptominer
- How does the MnuBot banking Trojan use unusual C&C servers?
- How a #cryptocurrency mining #malware infects systems
- @ThreatFabric Gaetan van Diemen showed us the actual situation and future predictions of Mobile Banking Malware. Thx for that awesome
- Branch.io Flaws may have affected as many as 685 million individuals
- Godzilla Loader and the Long Tail of Malware
- Branch.io Flaws Exposed Tinder, Shopify, Yelp Users to XSS Attacks
- What are blockchain’s smart contracts? And how to secure them
- Android Apps Pretend to Mine Unmineable CryptoCurrencies to Just Show Ads
- SpankChain hacker steals the virtual currency and returns stolen ethereum
- Sony PS4 encounters malicious code attack and receives malicious messages
CRIME
- Online ads: a potential way in for XSS attacks
- Facebook data breach: Victims will not be offered free identity theft protection
- September 2018’s Most Wanted Malware: Cryptomining Attacks Against Apple Devices On The Rise
- Octopus-infested seas of Central Asia
- Iceland's largest phishing campaign imitated police
- 'Flash update' scam serves up legit software, but with a side of cryptominer
- Old dog, new tricks - Analysing new RTF-based campaign distributing Agent Tesla, Loki with PyREbox
- A Russian cyber vigilante is patching outdated MikroTik routers exposed online
- SpankChain hacker steals the virtual currency and returns stolen ethereum
POLITICS
- Pentagon Defense Department travel records data breach
- New Gallmaker APT group eschews malware in cyber espionage campaigns
- A week in security (October 8 – 14)
- Gallmaker - Threat Group Targeting Governments and Militaries
- Octopus-infested seas of Central Asia
- Old dog, new tricks - Analysing new RTF-based campaign distributing Agent Tesla, Loki with PyREbox
- A Russian cyber vigilante is patching outdated MikroTik routers exposed online
TRANSNATIONAL / UNKNOWN
- DDoS Attacks Hit Games Like Assassin’s Creed and Final Fantasy XIV
- Security Affairs newsletter Round 184 – News of the week
CHINA
Nil
INDIA
Nil
NORTH KOREA
Nil
PAKISTAN
Nil
VIETNAM
Nil
IRAN
Nil
IRAQ
Nil
LEBANON
Nil
PALESTINE
Nil
SAUDI ARABIA
Nil
SYRIA
Nil
TURKEY
Nil
UNITED ARAB EMIRATES
Nil
YEMEN
Nil
RUSSIA
- Security Affairs newsletter Round 184 – News of the week
SERBIA
Nil
UKRAINE
Nil
DATA BREACH & DATA LOSS
- My Health Record privacy amendments 'woefully inadequate': Labor
- #NetSpectre exploits speculative execution to leak data remotely via side-channel attacks. Learn how this #SecurityVulnerability affects the #cloud from expert
- Web Hosting Provider Suffers Data Breach Second Time in a Year
- Find out how #TLBleed abuses @Intel's HTT chip feature to leak data via TLB
- Microsoft still has not completely solved the Microsoft JET database engine vulnerability
- See how SearchLight identifies when your data is exposed, your brand is abused, or your company is mentioned on the
- Pentagon Discloses Data Breach, More Than 30,000 Workers Have Affected
- A @Google security audit uncovered a glitch in #GooglePlus that exposed data from nearly 500,000 accounts, causing the company to
- PHASE 4 – INFORMATION GATHERING AND PLANNING
Meet Eric, a control systems engineer working for a third-party integrator.
He’s guy who uploaded
DENIAL-OF-SERVICE
- DDoS Attacks Hit Games Like Assassin’s Creed and Final Fantasy XIV
MALVERTISING
Nil
PHISHING
Nil
WEB DEFACEMENT
Nil
BOTNET
Nil
RANSOMWARE
- New @ESET research finds APT group dubbed #TeleBots was behind #Industroyer #malware attacks, #NotPetya #ransomware outbreaks, and a recent Exaramel
CRYPTOMINING & CRYPTOCURRENCIES
- Fake Flash Updates pushing Malware to Inject XMRig Cryptocurrency Miners
MALWARE
- Week in review: Enterprise cybersecurity PKIs, keeping your cloud malware-free
- New @ESET research finds APT group dubbed #TeleBots was behind #Industroyer #malware attacks, #NotPetya #ransomware outbreaks, and a recent Exaramel
- .@ThreatFabric researchers uncovered a #malware that uses overlay techniques to avoid detection. Learn from @lewisnic how this new #Androidmalware --
- At the 2018 @RSAConference, researchers discussed the rise of stegware -- #malware that uses #steganography techniques to avoid detection. Learn
- How a remote access #Trojan checks for
- Fake Flash Updates pushing Malware to Inject XMRig Cryptocurrency Miners
EXPLOIT
- Expert released PoC Code Microsoft Edge Remote Code Execution flaw
- Exploiting Windows Using Microsoft Office DDE Exploit (MACROLESS)
VULNERABILITY
- Microsoft fixed the Zero-Day for JET flaw, but the fix is incomplete
- A2SV – SSL Vulnerability Analysis Tool
- Microsoft patch for JET flaw zero-day is ‘incomplete,’ Windows still vulnerable
- Microsoft still has not completely solved the Microsoft JET database engine vulnerability
- Expert released PoC Code Microsoft Edge Remote Code Execution flaw
ASIA
Nil
WORLD
- My Health Record privacy amendments 'woefully inadequate': Labor
- Week in review: Enterprise cybersecurity PKIs, keeping your cloud malware-free
- Web Hosting Provider Suffers Data Breach Second Time in a Year
- Security Affairs newsletter Round 184 – News of the week
- Expert released PoC Code Microsoft Edge Remote Code Execution flaw
- Pentagon Discloses Data Breach, More Than 30,000 Workers Have Affected
- A @Google security audit uncovered a glitch in #GooglePlus that exposed data from nearly 500,000 accounts, causing the company to
ATTACKS
- My Health Record privacy amendments 'woefully inadequate': Labor
- #NetSpectre exploits speculative execution to leak data remotely via side-channel attacks. Learn how this #SecurityVulnerability affects the #cloud from expert
- Web Hosting Provider Suffers Data Breach Second Time in a Year
- Find out how #TLBleed abuses @Intel's HTT chip feature to leak data via TLB
- Microsoft still has not completely solved the Microsoft JET database engine vulnerability
- See how SearchLight identifies when your data is exposed, your brand is abused, or your company is mentioned on the
- Pentagon Discloses Data Breach, More Than 30,000 Workers Have Affected
- A @Google security audit uncovered a glitch in #GooglePlus that exposed data from nearly 500,000 accounts, causing the company to
- PHASE 4 – INFORMATION GATHERING AND PLANNING
Meet Eric, a control systems engineer working for a third-party integrator.
He’s guy who uploaded
THREATS
- Microsoft fixed the Zero-Day for JET flaw, but the fix is incomplete
- Week in review: Enterprise cybersecurity PKIs, keeping your cloud malware-free
- A2SV – SSL Vulnerability Analysis Tool
- New @ESET research finds APT group dubbed #TeleBots was behind #Industroyer #malware attacks, #NotPetya #ransomware outbreaks, and a recent Exaramel
- .@ThreatFabric researchers uncovered a #malware that uses overlay techniques to avoid detection. Learn from @lewisnic how this new #Androidmalware --
- Microsoft patch for JET flaw zero-day is ‘incomplete,’ Windows still vulnerable
- At the 2018 @RSAConference, researchers discussed the rise of stegware -- #malware that uses #steganography techniques to avoid detection. Learn
- Microsoft still has not completely solved the Microsoft JET database engine vulnerability
- Expert released PoC Code Microsoft Edge Remote Code Execution flaw
- How a remote access #Trojan checks for
- Fake Flash Updates pushing Malware to Inject XMRig Cryptocurrency Miners
CRIME
- Security Affairs newsletter Round 184 – News of the week
- Expert released PoC Code Microsoft Edge Remote Code Execution flaw
POLITICS
- Security Affairs newsletter Round 184 – News of the week
- Pentagon Discloses Data Breach, More Than 30,000 Workers Have Affected
TRANSNATIONAL / UNKNOWN
Nil
CHINA
Nil
INDIA
Nil
NORTH KOREA
Nil
PAKISTAN
Nil
VIETNAM
Nil
IRAN
Nil
IRAQ
Nil
LEBANON
Nil
PALESTINE
Nil
SAUDI ARABIA
Nil
SYRIA
Nil
TURKEY
Nil
UNITED ARAB EMIRATES
Nil
YEMEN
Nil
RUSSIA
- Security researchers found that Industroyer and NotPetya belong to the Russian hacker group
SERBIA
Nil
UKRAINE
Nil
DATA BREACH & DATA LOSS
- Pentagon Defense Department travel records data breach
- A combination of #SecurityFlaws and inadequate back-end development of the @Google Firebase database led to #DataLeaks and #SecurityVulnerabilities including HospitalGown.
- 'Only' 30 million accounts were compromised in Facebook hack
- Researchers @proofpoint have been tracking a downloader dubbed #AdvisorsBot as a first-stage payload in campaigns since May 2018.
- Facebook Clarifies Extent of Data Breach
- An Assessment of Google's Data Leak
- ArangoDB v3.3.18 releases: native multi-model database
- Facebook Now Revealed Hackers Stolen 29 Million Facebook Users Personal Data
- Microsoft Fix for Windows JET Database Bug Not Perfect, Micropatch Available
- Breach of Pentagon travel records exposes defense personnel PII
DENIAL-OF-SERVICE
Nil
MALVERTISING
Nil
PHISHING
- Hackers launched @netflix #phishing attacks by obtaining TLS certificates. Learn how hackers mimic popular websites to spoof users and steal
- This skyscraper reminds me of those really long ANSI art BBS login screens.
Cc: @sixteencolors @blocktronics @velikani
WEB DEFACEMENT
Nil
BOTNET
Nil
RANSOMWARE
- [SingCERT] Updated Advisory on Ransomware
- APT group called #TeleBots linked to #Industroyer #malware and #NotPetya #ransomware, according to @ESET researchers. By @MaddieBacon11
CRYPTOMINING & CRYPTOCURRENCIES
- Criminals' Cryptocurrency Addiction Continues
- .@alienvault researchers recently discovered #MassMiner, a #cryptocurrency mining #malware that has the ability to infect systems across the web. Discover
- Cryptocurrency Miners trick the user through Fake Flash Updates
- Blockchain and Healthcare in Today’s World
MALWARE
- GPlayed – New Malware Posed as Google Play App to Spy & Steal Data From Your Entire Android Phone
- Researchers @proofpoint have been tracking a downloader dubbed #AdvisorsBot as a first-stage payload in campaigns since May 2018.
- .@alienvault researchers recently discovered #MassMiner, a #cryptocurrency mining #malware that has the ability to infect systems across the web. Discover
- Hackers use Googlebot in mining malware attacks
- Researchers at @TrendMicro found a new strain of #malware -- dubbed #FacexWorm -- that targets users through a malicious #ChromeExtension.
- APT group called #TeleBots linked to #Industroyer #malware and #NotPetya #ransomware, according to @ESET researchers. By @MaddieBacon11
EXPLOIT
Nil
VULNERABILITY
- Now this might be going out on a limb, but here's how a branch.io bug left '685 million' netizens open to website hacks
- Review Shows Glaring Flaws In Xiongmai IoT Devices
- Microsoft JET vulnerability still open to attacks, despite recent patch
- DOM-based XSS Vulnerability Affected 685 Million Users of Tinder, Shopify, Western Union, and Imgur
- A patched #MikroTik router vulnerability amps up severity rating as @TenableSecurity researchers find new potential exploits with more critical consequences.
- Microsoft Fix for Windows JET Database Bug Not Perfect, Micropatch Available
- Vulnerabilities affect Shopify, Tinder and many other sites
ASIA
- Review Shows Glaring Flaws In Xiongmai IoT Devices
WORLD
- Pentagon Defense Department travel records data breach
- Security researchers found that Industroyer and NotPetya belong to the Russian hacker group
ATTACKS
- Pentagon Defense Department travel records data breach
- Hackers launched @netflix #phishing attacks by obtaining TLS certificates. Learn how hackers mimic popular websites to spoof users and steal
- This skyscraper reminds me of those really long ANSI art BBS login screens.
Cc: @sixteencolors @blocktronics @velikani
- A combination of #SecurityFlaws and inadequate back-end development of the @Google Firebase database led to #DataLeaks and #SecurityVulnerabilities including HospitalGown.
- 'Only' 30 million accounts were compromised in Facebook hack
- Researchers @proofpoint have been tracking a downloader dubbed #AdvisorsBot as a first-stage payload in campaigns since May 2018.
- Facebook Clarifies Extent of Data Breach
- An Assessment of Google's Data Leak
- ArangoDB v3.3.18 releases: native multi-model database
- Facebook Now Revealed Hackers Stolen 29 Million Facebook Users Personal Data
- Microsoft Fix for Windows JET Database Bug Not Perfect, Micropatch Available
- Breach of Pentagon travel records exposes defense personnel PII
THREATS
- GPlayed – New Malware Posed as Google Play App to Spy & Steal Data From Your Entire Android Phone
- [SingCERT] Updated Advisory on Ransomware
- Researchers @proofpoint have been tracking a downloader dubbed #AdvisorsBot as a first-stage payload in campaigns since May 2018.
- Now this might be going out on a limb, but here's how a branch.io bug left '685 million' netizens open to website hacks
- Review Shows Glaring Flaws In Xiongmai IoT Devices
- Criminals' Cryptocurrency Addiction Continues
- .@alienvault researchers recently discovered #MassMiner, a #cryptocurrency mining #malware that has the ability to infect systems across the web. Discover
- Cryptocurrency Miners trick the user through Fake Flash Updates
- Microsoft JET vulnerability still open to attacks, despite recent patch
- DOM-based XSS Vulnerability Affected 685 Million Users of Tinder, Shopify, Western Union, and Imgur
- A patched #MikroTik router vulnerability amps up severity rating as @TenableSecurity researchers find new potential exploits with more critical consequences.
- Blockchain and Healthcare in Today’s World
- Microsoft Fix for Windows JET Database Bug Not Perfect, Micropatch Available
- Hackers use Googlebot in mining malware attacks
- Vulnerabilities affect Shopify, Tinder and many other sites
- Researchers at @TrendMicro found a new strain of #malware -- dubbed #FacexWorm -- that targets users through a malicious #ChromeExtension.
- APT group called #TeleBots linked to #Industroyer #malware and #NotPetya #ransomware, according to @ESET researchers. By @MaddieBacon11
CRIME
- ArangoDB v3.3.18 releases: native multi-model database
- Facebook Now Revealed Hackers Stolen 29 Million Facebook Users Personal Data
POLITICS
- Pentagon Defense Department travel records data breach
- GPlayed – New Malware Posed as Google Play App to Spy & Steal Data From Your Entire Android Phone
- Security researchers found that Industroyer and NotPetya belong to the Russian hacker group
