Cybersecurity Highlights

This section registers the most relevant incidents or public events related to the cybersecurity and information and communication technologies (ICT), in a way that a chronological history of them is available, together with their main links, references and information sources.

Post related to: Tool

ASUS tool infected by Operation ShadowHammer

Kaspersky Lab has discovered a new Advanced Persistent Threat (APT) campaign that has affected more than one million users through an ASUS software supply chain attack. The investigation revealed...

References:

securelist.com

kaspersky.com

motherboard.vice.com

symantec.com

asus.com

xataka.com

unaaldia.hispasec.com

kaspersky.es

Tags:

Detected a spam campaign that distributes malware via email

Taking advantage of the dissemination of news about the Boeing 737 Max 8 accidents, a new spam campaign is being carried out that distributes malware via email.Those affected receive an email with...

References:

bleepingcomputer.com

securityaffairs.co

2-spyware.com

malware-board.com

Tags:

Malware

Tool

Transport

New vulnerability in Intel processors called SPOILER

Researchers at the Worcester Polytechnic Institute and the University of Lübeck have discovered a new vulnerability called SPOILER in Intel processors.This security flaw affects all Intel...

References:

arxiv.org

theregister.co.uk

forbes.com

vandal.elespanol.com

hardwaresfera.com

Tags:

0day

Tool

Vulnerability

Malware uses Google Drive services as its C&C server

A new variant of the RogueBin Trojan uses Google Drive as its Command & Control (C&C) server. The Trojan infects the victim's computers when the user opens a Microsoft Excel file containing...

References:

thehackernews.com

2-spyware.com

welivesecurity.com

globalnotary.es

Tags:

VisionDirect suffers data leakage caused by MageCart script

VisionDirect, an online store that sells contact lenses, has reported that it suffered a data leak from November 3-8, 2018. As indicated in their announcement, only people who logged into the...

References:

visiondirect.co.uk

theregister.co.uk

bleepingcomputer.com

sectorx.com.ar

Tags:

e-commerce

Information leakage

Tool

CamuBot, a new financial malware, attacks banking clients in Brazil

Researchers at IBM X-Force have discovered a new malware for now attacks Brazilian banks, through clients who perform operations through commercial banking. In August 2018 the first attacks were...

References:

threatpost.com

spamfighter.com

securityintelligence

techcrunch.com

cso.computerworld.es

Tags:

A captcha plugin with "backdoors" in WordPress affects 300,000 web pages

A widely used plugin that implements the verification system "captcha" for websites with WordPress, is responsible for about 300,000 websites are vulnerable with a backdoor implemented in it,...

References:

thehackernews.com

wordfence.com

bleepingcomputer.com

theregister.co.uk

wpbody.com

Tags:

Tool

Vulnerability

CMS

Possible spyware preinstalled on HP computers

The computer equipment manufacturer HP would have been affected by spyware due to a tool pre-installed in the equipment it manufactures.This is the "HP Touchpoint Analytics Service" tool, which...

References:

omicrono.elespanol.com

extremetech.com

xataka.com

techradar.com

Tags:

Cyberespionage

Tool

Vault 8, the new Wikileaks leak on CIA spy tools

Following the release of Vault7, Wikileaks continues its series of publications on the CIA's alleged cyber spying program under the name of Vault 8.In its first release, the new Wikileaks...

References:

certsi.es

thehackernews.com

motherboard.vice.com

wikileaks.org

genbeta.com

Tags:

Dragonfly 2.0: new campaign of intrusion in the electric sector

A new campaign known as Dragonfly 2.0 is attacking with the aim of infiltrating energy sector infrastructures in Turkey, Switzerland and the United States. The security company Symantec has...

References:

symantec.com

arstechnica.com

thehackernews.com

certsi.es

Tags:

Industrial Control System

Tool

Energy

Cybercrime

Corporate access

Cybersecurity Highlights

ASUS tool infected by Operation ShadowHammer

Detected a spam campaign that distributes malware via email

New vulnerability in Intel processors called SPOILER

Malware uses Google Drive services as its C&C server

VisionDirect suffers data leakage caused by MageCart script

CamuBot, a new financial malware, attacks banking clients in Brazil

A captcha plugin with "backdoors" in WordPress affects 300,000 web pages

Possible spyware preinstalled on HP computers

Vault 8, the new Wikileaks leak on CIA spy tools

Dragonfly 2.0: new campaign of intrusion in the electric sector

Pages