DXC Security Threat Intelligence Report

Opatch has released an unofficial patch for an actively exploited security flaw in Microsoft Windows that lets files signed with malformed signatures bypass Mark-of-the-Web (MotW) protection.

Cranefly espionage hackers that target employees dealing with corporate transactions have now been linked to a new backdoor called Danfuan. The previously unseen malware executes received C# code.

The Raspberry Robin worm, which spreads to Windows systems through USB drives, is becoming an access-as-a-service malware for deploying other payloads to thousands of endpoints. 

Medibank, one of the largest Australian private health insurance providers, disclosed that an October 26^th  breach exposed all of its customer data, including health claims and personal information.

The U.S. has charged a 26-year-old Ukrainian national with participating in a Raccoon Stealer malware-as-a-service (MaaS) operation that has helped steal 50 million unique credentials globally.

The U.S. Federal Trade Commission (FTC) has sued education technology company Chegg for exposing the sensitive information of millions of students in four data breaches in three years.

Threat actors used credentials stolen in a phishing attack to steal 130 code repositories from one of Dropbox’s GitHub accounts with information about employees, customers, sales leads and vendors.  

The U.S. has charged a 34-year-old UK national for operating The Real Deal, which sold hacking tools and stolen login credentials, including for U.S. agencies, Twitter and LinkedIn.