Security researcher publishes proof-of-concept code for recent Android zero-day
www.zdnet.com/article/security-researcher-publishes-proof-of-concept-code-for-recent-android-zero-day/ Qu1ckR00t app can root an Android device using the CVE-2019-2215 zero-day.
Operation Ghost: The Dukes arent back they never left
www.welivesecurity.com/2019/10/17/operation-ghost-dukes-never-left/ ESET researchers describe recent activity of the infamous espionage group, the Dukes, including three new malware families. We believe Operation Ghost started in 2013 and it is still ongoing as of this writing. Our research shows that the Ministries of Foreign Affairs in at least three different countries in Europe are affected by this campaign. We have also discovered an infiltration by the Dukes at the Washington, DC embassy of a European Union country.. full report
The Untold Story of the 2018 Olympics Cyberattack, the Most Deceptive Hack in History
www.wired.com/story/untold-story-2018-olympics-destroyer-cyberattack/ How digital detectives unraveled the mystery of Olympic Destroyerand why the next big attack will be even harder to crack.
European Airport Systems Infected With Monero-Mining Malware
www.bleepingcomputer.com/news/security/european-airport-systems-infected-with-monero-mining-malware/ More than 50% of all computing systems at a European international airport were recently found to be infected with a Monero cryptominer linked to the Anti-CoinMiner campaign Zscaler spotted during August 2018.. see also
Trump Campaign Website Left Open to Email Server Hijack
threatpost.com/trump-campaign-website-allowed-email-hijack/149278/ A misconfigured website development tool exposed hundreds of email servers to takeover, including President Donald Trumps official campaign website.
Feds Shut Down Largest Dark Web Child Abuse Site; South Korean Admin Arrested
thehackernews.com/2019/10/dark-web-child-abuse.html The United States Department of Justice said today that they had arrested hundreds of criminals in a global crackdown after taking down the largest known child porn site on the dark web and tracing payments made in bitcoins.
When Card Shops Play Dirty, Consumers Win
krebsonsecurity.com/2019/10/when-card-shops-play-dirty-consumers-win/ Cybercrime forums have been abuzz this week over news that BriansClub one of the undergrounds largest shops for stolen credit and debit cards has been hacked, and its inventory of 26 million cards shared with security contacts in the banking industry. Now it appears this brazen heist may have been the result of one of BriansClubs longtime competitors trying to knock out a rival.
Microsoft Adds Azure AD Sign-In History to Detect Unusual Activity
www.bleepingcomputer.com/news/microsoft/microsoft-adds-azure-ad-sign-in-history-to-detect-unusual-activity/ Microsoft announced the addition of an Azure Active Directory (AD) sign-in history feature that would allow users to get an overview of past sign-ins and quickly detect any unusual login activity.