Threat Post

1. Panda Threat Group Mines for Monero With Updated Payload, Targets

   Though harboring unsophisticated payloads, the Panda threat group has updated its tactics - from targets to infrastructure - and successfully mined hundreds of thousands of dollars using cryptomining malware.

2. AMD Radeon Graphics Cards Open VMware Workstations to Attack

   Bug impacts VMware Workstation 15 running 64-bit versions of Windows 10 as the guest VM.

3. Cisco Extends Patch for IPv6 DoS Vulnerability

   The bug was first found in 2016.

4. Google Calendar Settings Gaffes Exposes Users’ Meetings, Company Details

   A configuration setting in Google Calendars does not sufficiently warn users that it makes their calendars public to all, a researcher argues.

5. LastPass Fixes Bug That Leaks Credentials

   The company has patched a vulnerability that could allow malicious sites unauthorized access to usernames and passwords.

6. Marketing Analytics Company Leaks Deep Profiles of Entire Ecuador Population

   Julian Assange is among those impacted.

7. Asus, Lenovo and Other Routers Riddled with Remotely Exploitable Bugs

   Independent researchers found 125 different CVEs across 13 different router and NAS models.

8. U.S. Sanctions North Korean Group Behind WannaCry, Sony Hacks

   Three North Korean threat groups have been sanctioned in the U.S. as part of a larger U.S. initiative against North Korea-linked malicious cyber activity.

9. New Threat Actor Fraudulently Buys Digital Certificates to Spread Malware

   ReversingLabs identified cybercriminals duping certificate authorities by impersonating legitimate entities and then selling the certificates on the black market.

10. WordPress XSS Bug Allows Drive-By Code Execution

    Sites that use the Gutenberg (found in WordPress 5.0 to 5.2.2) are open to complete takeover.