DATA BREACH & DATA LOSS
- California Girl Scouts branch suffers data breach
- IT Security Culture Evolution of Businesses Exposed
- Canada Post Leaked Personal Data of 4,500 Cannabis Customers
- 689,272 plaintext records of Amex India customers exposed online
- 3.6 Billion Records Exposed in Data Breaches Until the End September 2018
- DJI Drone Flight Logs, Photos and Videos Exposed to Unauthorized Access
- Canada Post Leaked Personal Data On Cannabis Smokers
- Drone Vulnerability Could Compromise Enterprise Data
- Oracle's VirtualBox Vulnerability Leaked By Disgruntled Researcher
- Radisson Loyalty Program Compromised
- Test Your Employees with Internal Phishing Campaigns
- DJI Drone Vulnerability Exposed Customer Data, Flight Logs, Photos and Videos
- Business email compromise attacks cost over $676 million in 2017, according to the @FBI's Internet #CrimeReport. Learn how to recognize
- According to the 2018 Cost of a Data Breach Study by @PonemonPrivacy & @IBM, the global average cost of a
- Canada Post leaked personal data, orders of thousands of cannabis smokers
- HSBC Bank Alerts US Customers to Data Breach
- StatCounter platform compromised to infect gate.io exchange with bitcoin-stealing code
- Users Stop Engaging With Brands After Data Breaches, Report Finds
- Phishing extortion campaign using new, more effective methods
- Gamasutra user privacy fragged following IP leak discovery
- HSBC confirms data theft in the United States
- Increasing value of personal data a 21st century challenge
DENIAL-OF-SERVICE
- Cambodia's ISPs Hit By Massive DDoS Attacks
- DerpTroll Admits To DDoS On EA, Steam, Sony Game Servers
- 4 Cambodia’s ISPs Attacked by DDoS
- DDoS attack on Cambodia’s top ISPs reached 150Gbps
- Man Behind DDoS Attacks on Gaming Companies Pleads Guilty
- To Pay or Not to Pay: A Large Retailer Responds to #DDoS Extortion
Find out what happened here:
- Cambodia's ISPs hit by some of the biggest DDoS attacks in the country's history
- Hacker Behind Series of DoS Attack Targeting Gaming Companies Pleaded Guilty
MALVERTISING
Nil
PHISHING
- Test Your Employees with Internal Phishing Campaigns
- Most IT Security Pros Underestimate Phishing Risks
- Most Enterprises Fail to Implement Proper Protection Against Phishing Attacks
- Phishing extortion campaign using new, more effective methods
- How many of these bad password habits do you have?
- Good article about the password problem and a statistic that shows just how bad a problem it has now become...
WEB DEFACEMENT
Nil
BOTNET
- Botnet Infects 100,000 Routers to Send Outlook, Hotmail, and Yahoo Spam
- New Spam Botnet Likely Infected 400,000 Devices
- Spam-spewing IoT botnet infects 100,000 routers using five-year-old flaw
- Spam-spewing IoT botnet infects 100,000 routers using five-year-old flaw
- Spam Botnet of Over 100K Routers Abuses UPnP
RANSOMWARE
- Dharma Ransomware Hits Altus Baytown Hospital's Systems
CRYPTOMINING & CRYPTOCURRENCIES
- Hackers Charged for Creating 6K Strong Cryptojacking Network
- Can Blockchain Solve The Problem of Blood Diamonds?
- Hackers Attack Crypto Exchange With Bitcoin-Stealing Malware
- Managing the Intersection of Cryptocurrency and Compliance
- Hackers from North Korea still breaking into PCs for mining crypto-currencies
- SIM Swapping Hacker Group Who Managed to Steal $80,000 Worth of Cryptocurrency Got Arrested
- Cryptocurrency Mining Malware uses Various Evasion Techniques, Including Windows Installer, as Part of its Routine
- Beware of scams! Elon Musk is not giving away bitcoin on Twitter
- StatCounter platform compromised to infect gate.io exchange with bitcoin-stealing code
- Canadian University Undergoes A Forced Shutdown After Cryptojacking Attack
- StatCounter Analytics Code Hijacked to Steal Bitcoins from Cryptocurrency Users
MALWARE
- Triton Malware Spearheads Latest Generation of Attacks on Industrial Systems
- Pentagon Draws Back the Veil on APT Malware with Sudden Embrace of VirusTotal
- Google: Newer Android versions are less affected by malware
- Attack uses malicious InPage document and outdated VLC media player to give attackers backdoor access to targets
- Symantec Uncovers North Korean Group's ATM Attack Malware
- Metamorfo Banking Trojan Keeps Its Sights on Brazil
- Hackers Attack Crypto Exchange With Bitcoin-Stealing Malware
- The Pentagon has suddenly started uploading #malware samples from APTs and other nation-state sources to the website VirusTotal.
- Symantec researchers dissect North Korean malware used in ATM attacks
- Banking Malware Takes Aim at Brazilians
- Cryptocurrency Mining Malware uses Various Evasion Techniques, Including Windows Installer, as Part of its Routine
- The Cyber National Mission Force will share unclassified U.S. Cyber Command #malware samples to #VirusTotal and one expert hopes there
- U.S. Cyber Command CNMF Shares unclassified malware samples via VirusTotal
- US Cyber Command starts uploading foreign APT malware to VirusTotal
- U.S. Cyber Command malware samples to be logged in VirusTotal
- Metamorfo Banking Trojan Keeps Its Sights on Brazil
- Spyware disguised as Spanish banking apps removed from Google Play
- Unclassified #malware samples from U.S. Cyber Command will be shared with @virustotal by the Cyber National Mission Force. @MalwareJake @stephengillett
- Did you miss yesterday's #blog? Catch up on how fileless #malware is changing the way we as organizations are treating
- "The presence of the insecure remote access software on systems used for election management raised concerns that malicious #ThreatActors --
- U.S. Cyber Command Shares Malware via VirusTotal
- US Cyber Command starts uploading foreign APT malware to VirusTotal
EXPLOIT
- Cisco hunts for Apache Struts 2 FileUpload bug and finds DIRTY CoW exploit
- Cisco Accidentally Released Dirty Cow Exploit Code in Software
- VirtualBox zero-day flaw released on Github; working exploit available but no patch
- Unpatched VirtualBox Zero-Day Vulnerability and Exploit Released Online
VULNERABILITY
- Companies swamped by critical vulnerabilities – Tenable
- Cisco hunts for Apache Struts 2 FileUpload bug and finds DIRTY CoW exploit
- Bleedingbit Vulnerabilities Could Affect Enterprises Worldwide
- Steam bug could have given you access to all the CD keys of any game
- Drone Vulnerability Could Compromise Enterprise Data
- Oracle's VirtualBox Vulnerability Leaked By Disgruntled Researcher
- [SingCERT] Alert on Nginx Vulnerabilities (CVE-2018-16843, CVE-2018-16844, and CVE-2018-16845)
- Active Exploitation of Newly Patched ColdFusion Vulnerability (CVE-2018-15961)
- Several Vulnerabilities Patched in nginx
- Flaws in several self-encrypting SSDs allows attackers to decrypt data they contain
- WooCommerce Plugin file deletion vulnerability exposes WordPress 'failing open' design flaw
- VirtualBox zero-day flaw released on Github; working exploit available but no patch
- DJI Drone Vulnerability Exposed Customer Data, Flight Logs, Photos and Videos
- DJI Patches Forum Bug That Allowed Drone Account Takeovers
- Spam-spewing IoT botnet infects 100,000 routers using five-year-old flaw
- Ranting researcher publishes VM-busting zero-day without warning
- Spam-spewing IoT botnet infects 100,000 routers using five-year-old flaw
- DJI Drone Vulnerability
- iOS 12.1 Vulnerability
- Encryption flaws in solid state drives enable unauthorised data access
- Microsoft Bug is Deactivating Windows 10 Pro Licenses and Downgrading to Home
- Ranting researcher publishes #VM-busting zero-day without warning
- We don' need no stinkin' bounties: VirtualBox guest-to-host escape zero-day lands at GitHub
- Vulnerabilities In Major Self-Encrypting SSDs Allow Encryption Bypass and Affect Bitlocker
- [SingCERT] Alert on Critical Apache Struts 2 Remote Code Execution Vulnerability (CVE-2016-1000031)
- XSS flaw in Evernote allows attackers to execute commands and steal files
- Critical authentication flaw in DJI drone web app fixed
- Commoditization of Computing Hardware and the Bugs It Contains
- 4 Million Shops Installed WooCommerce Plugin RCE Flaw Allows Attacker to Gain WordPress Sites Admin Access
- A year later, @amarekano's Android overlay bug has been included in the AOSP November 2018 patched notes as CVE-2018-9524
- Unpatched VirtualBox Zero-Day Vulnerability and Exploit Released Online
ASIA
- Triton Malware Spearheads Latest Generation of Attacks on Industrial Systems
- 689,272 plaintext records of Amex India customers exposed online
- Cambodia's ISPs Hit By Massive DDoS Attacks
- Attack uses malicious InPage document and outdated VLC media player to give attackers backdoor access to targets
- Active Exploitation of Newly Patched ColdFusion Vulnerability (CVE-2018-15961)
- Symantec Uncovers North Korean Group's ATM Attack Malware
- Lazarus Group Targets Bank Networks to Rob ATMs
- 4 Cambodia’s ISPs Attacked by DDoS
- Hackers from North Korea still breaking into PCs for mining crypto-currencies
- DDoS attack on Cambodia’s top ISPs reached 150Gbps
- Symantec researchers dissect North Korean malware used in ATM attacks
- SIM Swapping Hacker Group Who Managed to Steal $80,000 Worth of Cryptocurrency Got Arrested
- Spam Botnet of Over 100K Routers Abuses UPnP
- Cambodia's ISPs hit by some of the biggest DDoS attacks in the country's history
- HSBC confirms data theft in the United States
- Commoditization of Computing Hardware and the Bugs It Contains
WORLD
- Bleedingbit Vulnerabilities Could Affect Enterprises Worldwide
- Triton Malware Spearheads Latest Generation of Attacks on Industrial Systems
- Canada Post Leaked Personal Data of 4,500 Cannabis Customers
- 689,272 plaintext records of Amex India customers exposed online
- Canada Post Leaked Personal Data On Cannabis Smokers
- Attack uses malicious InPage document and outdated VLC media player to give attackers backdoor access to targets
- Active Exploitation of Newly Patched ColdFusion Vulnerability (CVE-2018-15961)
- Metamorfo Banking Trojan Keeps Its Sights on Brazil
- Lazarus Group Targets Bank Networks to Rob ATMs
- Hackers Attack Crypto Exchange With Bitcoin-Stealing Malware
- Flaws in several self-encrypting SSDs allows attackers to decrypt data they contain
- Most IT Security Pros Underestimate Phishing Risks
- Hackers from North Korea still breaking into PCs for mining crypto-currencies
- Symantec researchers dissect North Korean malware used in ATM attacks
- Banking Malware Takes Aim at Brazilians
- Cryptocurrency Mining Malware uses Various Evasion Techniques, Including Windows Installer, as Part of its Routine
- iOS 12.1 Vulnerability
- Beware of scams! Elon Musk is not giving away bitcoin on Twitter
- Spam Botnet of Over 100K Routers Abuses UPnP
- The Cyber National Mission Force will share unclassified U.S. Cyber Command #malware samples to #VirusTotal and one expert hopes there
- U.S. Cyber Command CNMF Shares unclassified malware samples via VirusTotal
- Encryption flaws in solid state drives enable unauthorised data access
- Canada Post leaked personal data, orders of thousands of cannabis smokers
- HSBC Bank Alerts US Customers to Data Breach
- US Cyber Command starts uploading foreign APT malware to VirusTotal
- U.S. Cyber Command malware samples to be logged in VirusTotal
- Metamorfo Banking Trojan Keeps Its Sights on Brazil
- Spyware disguised as Spanish banking apps removed from Google Play
- Unclassified #malware samples from U.S. Cyber Command will be shared with @virustotal by the Cyber National Mission Force. @MalwareJake @stephengillett
- Canadian University Undergoes A Forced Shutdown After Cryptojacking Attack
- U.S. Cyber Command Shares Malware via VirusTotal
- HSBC confirms data theft in the United States
- US Cyber Command starts uploading foreign APT malware to VirusTotal
ATTACKS
- California Girl Scouts branch suffers data breach
- IT Security Culture Evolution of Businesses Exposed
- Canada Post Leaked Personal Data of 4,500 Cannabis Customers
- 689,272 plaintext records of Amex India customers exposed online
- 3.6 Billion Records Exposed in Data Breaches Until the End September 2018
- DJI Drone Flight Logs, Photos and Videos Exposed to Unauthorized Access
- Canada Post Leaked Personal Data On Cannabis Smokers
- Drone Vulnerability Could Compromise Enterprise Data
- Oracle's VirtualBox Vulnerability Leaked By Disgruntled Researcher
- Radisson Loyalty Program Compromised
- Test Your Employees with Internal Phishing Campaigns
- Most IT Security Pros Underestimate Phishing Risks
- DJI Drone Vulnerability Exposed Customer Data, Flight Logs, Photos and Videos
- Business email compromise attacks cost over $676 million in 2017, according to the @FBI's Internet #CrimeReport. Learn how to recognize
- Most Enterprises Fail to Implement Proper Protection Against Phishing Attacks
- According to the 2018 Cost of a Data Breach Study by @PonemonPrivacy & @IBM, the global average cost of a
- Canada Post leaked personal data, orders of thousands of cannabis smokers
- HSBC Bank Alerts US Customers to Data Breach
- StatCounter platform compromised to infect gate.io exchange with bitcoin-stealing code
- Users Stop Engaging With Brands After Data Breaches, Report Finds
- Phishing extortion campaign using new, more effective methods
- Gamasutra user privacy fragged following IP leak discovery
- How many of these bad password habits do you have?
- HSBC confirms data theft in the United States
- Increasing value of personal data a 21st century challenge
- Good article about the password problem and a statistic that shows just how bad a problem it has now become...
THREATS
- Companies swamped by critical vulnerabilities – Tenable
- Cisco hunts for Apache Struts 2 FileUpload bug and finds DIRTY CoW exploit
- Bleedingbit Vulnerabilities Could Affect Enterprises Worldwide
- Triton Malware Spearheads Latest Generation of Attacks on Industrial Systems
- Pentagon Draws Back the Veil on APT Malware with Sudden Embrace of VirusTotal
- Google: Newer Android versions are less affected by malware
- Hackers Charged for Creating 6K Strong Cryptojacking Network
- Dharma Ransomware Hits Altus Baytown Hospital's Systems
- Steam bug could have given you access to all the CD keys of any game
- Drone Vulnerability Could Compromise Enterprise Data
- Oracle's VirtualBox Vulnerability Leaked By Disgruntled Researcher
- [SingCERT] Alert on Nginx Vulnerabilities (CVE-2018-16843, CVE-2018-16844, and CVE-2018-16845)
- Attack uses malicious InPage document and outdated VLC media player to give attackers backdoor access to targets
- Can Blockchain Solve The Problem of Blood Diamonds?
- Active Exploitation of Newly Patched ColdFusion Vulnerability (CVE-2018-15961)
- Symantec Uncovers North Korean Group's ATM Attack Malware
- Several Vulnerabilities Patched in nginx
- Metamorfo Banking Trojan Keeps Its Sights on Brazil
- Hackers Attack Crypto Exchange With Bitcoin-Stealing Malware
- The Pentagon has suddenly started uploading #malware samples from APTs and other nation-state sources to the website VirusTotal.
- Flaws in several self-encrypting SSDs allows attackers to decrypt data they contain
- WooCommerce Plugin file deletion vulnerability exposes WordPress 'failing open' design flaw
- Managing the Intersection of Cryptocurrency and Compliance
- VirtualBox zero-day flaw released on Github; working exploit available but no patch
- Hackers from North Korea still breaking into PCs for mining crypto-currencies
- DJI Drone Vulnerability Exposed Customer Data, Flight Logs, Photos and Videos
- DJI Patches Forum Bug That Allowed Drone Account Takeovers
- Spam-spewing IoT botnet infects 100,000 routers using five-year-old flaw
- Symantec researchers dissect North Korean malware used in ATM attacks
- SIM Swapping Hacker Group Who Managed to Steal $80,000 Worth of Cryptocurrency Got Arrested
- Ranting researcher publishes VM-busting zero-day without warning
- Spam-spewing IoT botnet infects 100,000 routers using five-year-old flaw
- Banking Malware Takes Aim at Brazilians
- DJI Drone Vulnerability
- Cryptocurrency Mining Malware uses Various Evasion Techniques, Including Windows Installer, as Part of its Routine
- iOS 12.1 Vulnerability
- Beware of scams! Elon Musk is not giving away bitcoin on Twitter
- The Cyber National Mission Force will share unclassified U.S. Cyber Command #malware samples to #VirusTotal and one expert hopes there
- U.S. Cyber Command CNMF Shares unclassified malware samples via VirusTotal
- Encryption flaws in solid state drives enable unauthorised data access
- Microsoft Bug is Deactivating Windows 10 Pro Licenses and Downgrading to Home
- Ranting researcher publishes #VM-busting zero-day without warning
- We don' need no stinkin' bounties: VirtualBox guest-to-host escape zero-day lands at GitHub
- StatCounter platform compromised to infect gate.io exchange with bitcoin-stealing code
- Vulnerabilities In Major Self-Encrypting SSDs Allow Encryption Bypass and Affect Bitlocker
- [SingCERT] Alert on Critical Apache Struts 2 Remote Code Execution Vulnerability (CVE-2016-1000031)
- US Cyber Command starts uploading foreign APT malware to VirusTotal
- U.S. Cyber Command malware samples to be logged in VirusTotal
- Metamorfo Banking Trojan Keeps Its Sights on Brazil
- Spyware disguised as Spanish banking apps removed from Google Play
- XSS flaw in Evernote allows attackers to execute commands and steal files
- Unclassified #malware samples from U.S. Cyber Command will be shared with @virustotal by the Cyber National Mission Force. @MalwareJake @stephengillett
- Canadian University Undergoes A Forced Shutdown After Cryptojacking Attack
- Did you miss yesterday's #blog? Catch up on how fileless #malware is changing the way we as organizations are treating
- "The presence of the insecure remote access software on systems used for election management raised concerns that malicious #ThreatActors --
- U.S. Cyber Command Shares Malware via VirusTotal
- Critical authentication flaw in DJI drone web app fixed
- Commoditization of Computing Hardware and the Bugs It Contains
- 4 Million Shops Installed WooCommerce Plugin RCE Flaw Allows Attacker to Gain WordPress Sites Admin Access
- A year later, @amarekano's Android overlay bug has been included in the AOSP November 2018 patched notes as CVE-2018-9524
- StatCounter Analytics Code Hijacked to Steal Bitcoins from Cryptocurrency Users
- Unpatched VirtualBox Zero-Day Vulnerability and Exploit Released Online
- US Cyber Command starts uploading foreign APT malware to VirusTotal
CRIME
- California Girl Scouts branch suffers data breach
- 3.6 Billion Records Exposed in Data Breaches Until the End September 2018
- Can Blockchain Solve The Problem of Blood Diamonds?
- Radisson Loyalty Program Compromised
- Test Your Employees with Internal Phishing Campaigns
- Lazarus Group Targets Bank Networks to Rob ATMs
- Hackers Attack Crypto Exchange With Bitcoin-Stealing Malware
- Hackers from North Korea still breaking into PCs for mining crypto-currencies
- Business email compromise attacks cost over $676 million in 2017, according to the @FBI's Internet #CrimeReport. Learn how to recognize
- Symantec researchers dissect North Korean malware used in ATM attacks
- Top 5 Threats Healthcare Organizations Face and How to Combat Them
- Man Behind DDoS Attacks on Gaming Companies Pleads Guilty
- DerpTrolling game server DoS attacker pleads guilty
- HSBC Bank Alerts US Customers to Data Breach
- Phishing extortion campaign using new, more effective methods
- To Pay or Not to Pay: A Large Retailer Responds to #DDoS Extortion
Find out what happened here:
- Spyware disguised as Spanish banking apps removed from Google Play
- Hacker Behind Series of DoS Attack Targeting Gaming Companies Pleaded Guilty
- HSBC confirms data theft in the United States
POLITICS
- Triton Malware Spearheads Latest Generation of Attacks on Industrial Systems
- Active Exploitation of Newly Patched ColdFusion Vulnerability (CVE-2018-15961)
- Lazarus Group Targets Bank Networks to Rob ATMs
- 4 Cambodia’s ISPs Attacked by DDoS
- Flaws in several self-encrypting SSDs allows attackers to decrypt data they contain
- Hackers from North Korea still breaking into PCs for mining crypto-currencies
- "The presence of the insecure remote access software on systems used for election management raised concerns that malicious #ThreatActors --
TRANSNATIONAL / UNKNOWN
- Feds get guilty plea in 'DerpTrolling' attacks on video game sites
- Goblin Panda
- Weekly Threat Briefing: Scammers Ride on Popular Vote411 Voter Info Site to Push Scareware Alerts
CHINA
Nil
INDIA
Nil
NORTH KOREA
Nil
PAKISTAN
Nil
VIETNAM
Nil
IRAN
Nil
IRAQ
Nil
LEBANON
Nil
PALESTINE
Nil
SAUDI ARABIA
Nil
SYRIA
Nil
TURKEY
Nil
UNITED ARAB EMIRATES
Nil
YEMEN
Nil
RUSSIA
Nil
SERBIA
Nil
UKRAINE
Nil
DATA BREACH & DATA LOSS
- New Jersey AG Announces $200,000 Settlement with Business Associate and Permanent Ban for BA’s Owner due to 2016 Data Breach Affecting Over 1,650 Patients
- Half a Million People Potentially Affected by Data Breach at Bankers Life
- Data Of Nearly 700,000 Amex India Customers Exposed Via Unsecured MongoDB Server
- HSBC Bank Suffers Data Breach
- Amex India accounts exposed by misconfigured MongoDB installation
- Data of nearly 700,000 Amex India customers exposed via unsecured MongoDB server
- Hacker Leaked Unpatched Virtual Box Zero-day Vulnerability and its Exploit Online
- HSBC Bank Data Breach Exposed Customer’s Account Details and More
- HSBC US Customers Hit by Data Breach
- What do you think is the average cost of a data breach?
- HSBC now stands for Hapless Security, Became Compromised: Thousands of customer files snatched by crims
- ICO poised to fine Leave campaign and Arron Banks’ insurance biz £135,000
- HSBC suffers data breach, customer banking info exposed
- We recently detected an Android banking malware campaign (Anubis) actively targeting the Dutch market by #abusing the @PostNL brand. After
- New dropper campaign with at least 8 droppers in #GooglePlay (30k+ installs total), found with the help of @avast_antivirus @apklabio.
- How voting history data benefits political campaigns
- HSBC Bank Data Breach Exposed Account Numbers, Balances, Transaction History and Other Details
- Personal data of police and ministries employees leaked by Anonymous Italy
- Five Guys suffers employees’ data theft
- Rushed My Health Record changes still missing the point
- What businesses can learn from political campaigns about using big data
DENIAL-OF-SERVICE
Nil
MALVERTISING
Nil
PHISHING
- A Phishing Incident is Being Investigated by the Carthage Police
- Why you should use a password manager
- They stopped a phishing attack in 10 minutes. It used to take days.
- Password Grabber Module Added to Trickbot
- Why Password Management and Security Strategies Fall Short
- Learn About Phishing Incident Response on Nov 15
- Learn why @Google chose U2F authentication over OTP to eliminate #PhishingEmails from expert Michael Cobb of @thehairyITdog.
- A poor password is a key for the wrong person to get in.
WEB DEFACEMENT
Nil
BOTNET
- IoT Botnet Infects 100,000 Routers To Send Spam
- Rapidly Growing Router Botnet Takes Advantage of 5-Year-Old Flaw
- IoT botnet infects 100,000 routers to send Hotmail, Outlook, and Yahoo spam
- A fresh #botnet is rapidly growing by targeting a five-year-old #vulnerability.
So far, @360Netlab said hundreds of thousands of bot
- Linux servers and IoT devices, main targets of Shellbot botnet
RANSOMWARE
- Healthcare Targeted by 37 Percent of All Ransomware Attacks in Q3 2018
- Security Alert: New Dharma Ransomware Strains Alarmingly Go Undetected By Antivirus Engines
- #SamSam #ransomware targeted 67 organizations in 2018, according to @symantec research. By @MaddieBacon11
- How to Remove NOBAD Ransomware
- #Kraken #ransomware as a service is getting more popular after being bundled into the Fallout #ExploitKit and getting more update
- Managing Third-Party Risk in the Age of Ransomware
CRYPTOMINING & CRYPTOCURRENCIES
- Uni cans crypto-mining CPU raid by switching off whole IT network
- Salesforce Aims to Curb Spam With Blockchain
- Using Blockchain Technology to Solve Global Problems
- JavaScript attack aimed to reroute bitcoin transactions
- University shuts down network to thwart Bitcoin cryptojacking scheme
- Attackers breached Statcounter to steal cryptocurrency from gate.io users
- Elon Musk Bitcoin Scammers Hijack Verified Status Accounts
- #Kraken #ransomware as a service is getting more popular after being bundled into the Fallout #ExploitKit and getting more update
- Hackers seed StatCounter with nasty JavaScript in elaborate Bitcoin theft scheme
- Blockchain: The Good, the Bad and the Legal
- New cryptocurrencies offer better anonymity, new security challenges, from @CSOonline http://0fox.co/sSmx30i8vm4 ZeroFOX CTO weighs in on the #infosec challenges
- Bitcoin Cryptojacking Attack Forces University to Disable Entire Network
- Researchers rank cryptocurrency exchanges by how secure they are
MALWARE
- Cisco removed its seventh backdoor account this year, and that's a good thing
- 3,2 Million New Android Malicious Apps Detected Until the End of Q3 2018
- Not sure how to tell if your Android phone has a virus?
Android malware comes in many forms, ranging from spyware
- Weekly Threat Briefing: Scammers Ride on Popular Vote411 Voter Info Site to Push Scareware Alerts
- On the #blog today, we talk about how fileless malware is changing the way we as organizations treats #cyberthreats.
- We recently detected an Android banking malware campaign (Anubis) actively targeting the Dutch market by #abusing the @PostNL brand. After
- New dropper campaign with at least 8 droppers in #GooglePlay (30k+ installs total), found with the help of @avast_antivirus @apklabio.
- Coupa Simplifies Fragmented B2B Payments Process
- Turning Malware Trends into Proactive Behaviors
- DHS on Election Day: No malicious cyber-activity observed
- AMD and TSMC outline 7nm process products to be listed next year
EXPLOIT
- Hacker Leaked Unpatched Virtual Box Zero-day Vulnerability and its Exploit Online
- VirtualBox Guest-to-Host escape 0day and exploit released online
- According to @digitalshadows, attackers used a browser exploit to steal the private #Facebook messages of at least 81,000 people. Read
- #Virtualbox hat eine #Zeroday Sicherheitslücke. Tipp: Ändern Sie Ihren virtuellen Netzwerkadapter auf etwas anderes als Intel PRO/1000.
- VirtualBox Zero-Day Vulnerability Details and Exploit Are Publicly Available
VULNERABILITY
- U.S. Air Force announced Hack the Air Force 3.0, the third Bug Bounty Program
- Security Flaws Found in Widely Used Data Storage Devices | Avast
- A flaw in WooCommerce WordPress Plugin could be exploited to take over e-stores
- Flaw in Icecast streaming media server allows to take off online Radio Stations
- VirtualBox zero-day dumped on GitHub
- Security Researcher Drops VirtualBox Guest-to-Host Escape Zero-Day on GitHub
- WordPress Flaw Opens Millions of WooCommerce Shops to Takeover
- Rapidly Growing Router Botnet Takes Advantage of 5-Year-Old Flaw
- Flaw Leads to RCE in WordPress Plugins, WooCommerce
- Hacker education, inclusivity, and shifting perceptions of bug bounties
- Apache alerts developers of remote code execution flaw
- Evernote Flaw Allows Hackers to Steal Files, Execute Commands
- Top 20 application vulnerabilities in the enterprise are dominated by Adobe and Microsoft
- Equifax nemesis Apache Struts found vulnerable to 2-year old unpatched flaw; workaround available
- Rapid7 Wins Frost & Sullivan 2018 Global Vulnerability Management Market Leadership Award
- Hacker Leaked Unpatched Virtual Box Zero-day Vulnerability and its Exploit Online
- Zero-day flaw in VirtualBox details go public
- Erratic Windows 10 Bug Breaks Changing of Default File Associations
- Researcher discloses VirtualBox Zero-Day without reporting it to Oracle
- Serious XSS flaw discovered in Evernote for Windows, update now!
- Researchers say #Bleedingbit vulnerabilities could allow #RemoteCodeExecution on wireless access points, medical devices and any other products using the affected
- Enterprises Sinking Under 100+ Critical Flaws Per Day
- WordPress, WooCommerce flaws combine to allow website hijacking
- Apache Struts vulnerability would allow system take over
- Up to 4 million online merchants who use the popular @WooCommerce #WordPress plugin are vulnerable to a file deletion flaw.
- Researcher Drops Oracle VirtualBox Zero-Day
- Stop us if you've heard this one: Remote code hijacking flaw in Apache Struts, patch ASAP
- Bug bounty: Hack the US Air Force and Get Paid
- Microsoft, Google apps feature in the top 20 vulnerabilities in enterprise environments
- VirtualBox zero-day published by disgruntled researcher
- A fresh #botnet is rapidly growing by targeting a five-year-old #vulnerability.
So far, @360Netlab said hundreds of thousands of bot
- .@Siemens SICLOCK central plant clocks were recently found to be affected by several vulnerabilities, some of which have been rated
- Apache Struts users have to update FileUpload library to fix years-old flaws
- Zero-Day #Vulnerability Explained
- November Android Security Update Fixes Critical Bugs, Drops Media Library
- Researcher publishes new VirtualBox zero-day vulnerability
- Vulnerabilities in self encrypted SSD allow attackers to bypass disk encryption
- #Virtualbox hat eine #Zeroday Sicherheitslücke. Tipp: Ändern Sie Ihren virtuellen Netzwerkadapter auf etwas anderes als Intel PRO/1000.
- Popular WooCommerce WordPress Plugin Patches Critical Vulnerability
- Google's automated fuzz bot has found over 9,000 bugs in the past two years
- VirtualBox Zero-Day Vulnerability Details and Exploit Are Publicly Available
