Weekly Threat Briefing: Australia Bushfire Donation Site Suffered MageCart Attack

The intelligence in this week’s iteration discuss the following threats: APT40, APT28, data-breach, Trickbot, phishing, targeted attacks, JhoneRAT, Pegasus. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious activity.

Figure 1 – IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.

Microsoft Warns Attackers Are Exploiting Zero Day In Internet Explorer Scripting Engine

As reported by SC Magazine, hackers are actively exploiting a zero day vulnerability in Internet Explorer, prompting a warning from the Department of Homeland Security (DHS) Cybersecurity & Infrastructure Security Agency (CISA). “Microsoft is aware of limited targeted attacks” in a remote code execution (RCE) vulnerability [CVE-2020-0674] in the scripting engine of Internet Explorer across all versions of Windows that would let a hacker obtain the same rights as a current user, Microsoft warned Friday.

Why People Keep Asking Elizabeth Warren Whether She Can Win

At a campaign event in southeastern Iowa in December, a graduate student named Charlotte Moser was waiting to ask Sen. Elizabeth Warren a question. As we sat and talked in a crowded union hall before the event began, Charlotte told me she felt a little guilty that it wasn’t about Warren’s plans or policies. But what she really wanted to know, she said, was how Warren coped with sexism on the campaign trail. “She’s faced a lot of that recently — being called elitist and unlikable and angry,” she said.

Tracking Privacy from a Risk Standpoint

One of the lasting impacts of GDPR, the European privacy regulation that went into effect in May of 2018, has been that the security function has gained an awareness of privacy. Privacy now carries with it a risk weight that has to be part of every conversation around policies and standards, says Ken Foster, head of global cyber risk governance at First Data, a global leader in commerce-enabling technology serving 4,000 companies in more than 100 countries around the world. But what’s keeping Foster up at night? The unintentional insider. His burning question: “How do we get people to pay attention?”

The Role PCI-DSS Plays in Security

If your business accepts credit card payments, then you need to comply with PCI-DSS standards. PCI-DSS stands for Payment Card Industry Data Security Standard. These are sets of rules established to protect against credit card fraud, hacking, and other security breaches. Credit card issuers and companies that store, process, and transmit card information implement the rules defined by the PCI-DSS. Here’s what you need to know about these standards.