Welcome to your Daily Threat Brief. Every morning we transmit a succinct summary of threat activities designed to inform your decision-making. Learn things your adversaries wished you didn’t. 

Sign Up For The Daily Threat Brief

Top Ten Cybersecurity Predictions For 2019

With less than two months left in the year, security researchers and businesses are already looking to the future to see which threats and trends will continue to make an impact in the world of cybersecurity in 2019. Ian Kilpatrick, EVP of cybersecurity at the Nuvias Group has outlined his… Read more

Cyberattacks Top Business Risks in North America, Europe, EAP

A new report from the World Economic Forum (WEF) shows cyberattacks are the business risk of greatest concern in North America, Europe, and East Asia and Pacific (EAP) regions. The WEF polled 12,000 private-sector decision makers from about 130 countries to compile its new report, which illustrates regional impact of… Read more

Who Hijacked Google’s Web Traffic?

Google says it is investigating an unorthodox routing of internet traffic that on Monday sent traffic bound for its cloud services instead to internet service providers in Nigeria, Russia and China. The routing problems persisted for about two hours before they were fixed, says Alex Henthorn-Iwane, vice president of product marketing… Read more

Internet Explorer scripting engine becomes North Korean APT’s favorite target in 2018

Internet Explorer’s scripting engine was the favorite target of a North Korean cyber-espionage group this year, after the hackers deployed two zero-days, but also crafted new exploits for two other older vulnerabilities. The group’s name is DarkHotel, a cyber-espionage group that McAfee and many other cyber-security firms have already linked to the… Read more

Emotet Campaign Ramps Up with Mass Email Harvesting Module

A large-scale spam campaign has launched, spreading the Emotet malware. Emotet is technically a banking trojan, but it’s most often used as a dropper for a variety of secondary payloads, with credential-stealing, network propagation, sensitive information harvestin and other capabilities. Recently, Emotet added a new module to up the ante on its ability… Read more

Cylance researchers discover powerful new nation-state APT

When a Belgian locksmith attacked the Pakistani Air Force, researchers at Cylance took notice. The locksmith probably never knew his website had been taken over by a nation-state hacking group as a command-and-control server, nor that exploit-laden Microsoft Word documents crafted to spear-phish Pakistani Air Force officers were hosted there… Read more

WebCobra Malware Uses Victims’ Computers to Mine Cryptocurrency

McAfee Labs researchers have discovered new Russian malware, dubbed WebCobra, which harnesses victims’ computing power to mine for cryptocurrencies. WebCobra silently drops and installs the Cryptonight miner or Claymore’s Zcash miner, depending on the architecture WebCobra finds. This cryptocurrency mining malware is uncommon in that it drops a different miner depending… Read more

Cyber criminals abuse US Postal Service Informed Delivery for ID theft

The U.S. Secret Service issued an internal alert to law enforcement partners about identity thieves abusing the U.S. Postal Service’s Informed Delivery, a service that allows you to digitally preview your mail and manage package delivery. ID thieves have been using the Informed Delivery service “to identify and intercept mail, and… Read more

France Seeks Global Talks on Cyberspace Security

The French government announced on Monday a “Paris Call” for talks to lay out a common framework for ensuring internet security, following a surge in cyberattacks which has dented confidence in global networks. The move aims to relaunch negotiations on a “code of good conduct” which have stalled since last… Read more

What You Should Know About Grayware (and What to Do About It)

Everyone has seen them: applications that come on many new systems offering services with unfamiliar names, or apps that have familiar names but are offered on sites that aren’t from their publishers. They’re grayware – or “potentially unwanted applications” – and they’re an ongoing issue for computer security. Grayware’s nature… Read more

Recently-Patched Adobe ColdFusion Flaw Exploited By APT

An Adobe ColdFusion vulnerability, patched two months ago, was being exploited in the wild by a China-linked APT group, researchers found. The vulnerability, CVE-2018-15961, is a critical unrestricted file upload bug that could also lead to arbitrary code-execution, researchers at Volexity, who discovered the exploitation, have said. “Volexity recently observed… Read more

Linux CryptoMiners Are Now Using Rootkits to Stay Hidden

As the popularity of cryptocurrency rises, so does the amount of cryptominer Trojans that are being created and distributed to unsuspecting victims. One problem for cryptominers, though, is that the offending process is easily detectable due to their heavy CPU utilization. To make it harder to spot a cryptominer process that is… Read more

Hackers Exploit Flaw in GDPR Compliance Plugin for WordPress

A critical security flaw affecting a GDPR compliance plugin for WordPress has been exploited in the wild to take control of vulnerable websites, users have been warned. The WordPress GDPR Compliance plugin, which has over 100,000 active installations, is designed to help the administrators of websites become compliant with the EU’s General… Read more

This banking malware just added password and browser history stealing to its playbook

The Trickbot banking malware has added yet another tool to its arsenal, allowing crooks to steal passwords as well as steal browser data including web history and usernames. The malware first appeared in 2016, initially focused on stealing banking credentials — but Trickbot is highly customisable and has undergone a series… Read more

“Inception Attackers” Combine Old Exploit and New Backdoor

A malicious group known as the “Inception attackers” has been using a year-old Office exploit and a new backdoor in recent attacks, Palo Alto Networks security researchers warn. Active since at least 2014, the group has used custom malware and against targets spanning various industries worldwide, with a special interest… Read more

Gain Deeper Insights Into The Threat

Sign up to gain access to our special reports on threat actors and their tactics as well as daily Threat Brief.

Your support will enable us to continue our production of action-oriented content and help us help you stay informed on the latest in adversary activities.

Try our free two week trial.

Sign Up For Free Trial of The Daily Threat Brief