Daily Alert – 20 January 2020

Archive for the ‘Threat Reports’ Category

Daily Alert – 20 January 2020

Silobreaker’s Daily Cyber Alert is created and distributed automatically by using our award-winning intelligence product Silobreaker Online.

Heat – Trending Malware and Threat Actors
Name Heat 1 Heat 7 Vol 1 Vol 7
NOTROBIN 2 8
The Joker Malware 1 3
5ss5c Ransomware 1 10
APT28 1 11
Sodinokibi Ransomware 3 26
Maze Ransomware 1 11
Data Breaches
Why Microsoft, Google and Apple want you to get rid of your passwords
DigitalMunitionJan 19 2020 22:05
Passwords are a very serious and expensive security risk. A report by Verizon looked at 2,013 confirmed data breaches and found that 29% of those breaches involved the use of stolen credentials. Another study by the Ponemon Institute and IBM Security…
admin wrote a new post, Don’t Ignore Chrome’s New Password Checkup Feature
DigitalMunitionJan 19 2020 12:08
A strong password is one that's difficult for a human or computer to guess or force. It'll be lengthy, for a start, with characters into the double figures. It should also include combination of uppercase and lowercase letters, numbers, and special…
Security researchers — and journalists — need legislative protection in India for disclosing vulnerabilities
Office of Inadequate SecurityJan 19 2020 13:02
If there is anything positive at all about the legal bullshit 1to1Help,net has perpetrated to cover up their data leak and…
Security Affairs newsletter Round 247
Security AffairsJan 19 2020 12:05
A new round of the weekly newsletter arrived! The best news of the week with Security Affairs Google removed 1.7K+ Joker…
Hacker Groups
Security Affairs newsletter Round 247
Security AffairsJan 19 2020 12:05
A new round of the weekly newsletter arrived! The best news of the week with Security Affairs Google removed 1.7K+ Joker…
Malware
Hackers patch Citrix servers to deploy their own backdoor
Security AffairsJan 19 2020 09:32
Attacks on Citrix servers are intensifying, one of the threat actors behind them is patching them and installing its own backdoor to lock out other attackers. Security experts are monitoring a spike in the number of attacks against …
New Jersey Synagogue Suffers Sodinokibi Ransomware Attack
DataBreaches.netJan 20 2020 02:45
Lawrence Abrams reports: Temple Har Shalom in Warren, New Jersey had their network breached by the actors behind the Sodinokibi Ransomware who encrypted numerous computers on the network. In an email seen by BleepingComputer, Temple Har Shalom…
Security Affairs newsletter Round 247
Security AffairsJan 19 2020 12:05
A new round of the weekly newsletter arrived! The best news of the week with Security Affairs Google removed 1.7K+ Joker…
Travelex recovering from ransomware, but more firms at risk of VPN exploit
SC Magazine USJan 20 2020 04:28
Beleaguered foreign currency exchange company Travelex confirmed on Friday that the first of its U.K.-based customer-facing systems were back up and running after the New Year’s Eve discovery of Sodinokibi ransomware on its network prompted a…
Vulnerabilities
Microsoft to Patch Internet Explorer Vulnerability Exploited in Targeted Attacks
Security WeekJan 20 2020 05:17
Microsoft announced on Friday that it’s in the process of developing a patch for a zero-day vulnerability in Internet Explorer that has been exploited in targeted attacks. Until a fix becomes available, the company has shared some workarounds and…
Security Affairs newsletter Round 247
Security AffairsJan 19 2020 12:05
A new round of the weekly newsletter arrived! The best news of the week with Security Affairs Google removed 1.7K+ Joker…
Imperva Mitigates Exploits of Citrix Vulnerability – Right Out of the Box
Imperva Data Security BlogJan 19 2020 15:00
On December 17, Citrix issued a Security Bulletin on an unauthenticated remote code execution vulnerability (CVE-2019-19781) affecting its Citrix…
Hackers patch Citrix servers to deploy their own backdoor
Security AffairsJan 19 2020 09:32
Attacks on Citrix servers are intensifying, one of the threat actors behind them is patching them and installing its own backdoor to lock out other attackers. Security experts are monitoring a spike in the number of attacks against …
Ongoing Campaigns
Juice Jacking, the Threat That Travelers Need to Know About
CywareJan 19 2020 12:23
| These attacks often occur at public charging stations in airports and hotels. Once installed, the malware may lock the device or export data and passwords directly to the scammers. Juice jacking is becoming a real threat for people, especially for…
Hackers patch Citrix servers to deploy their own backdoor
Security AffairsJan 19 2020 09:32
Attacks on Citrix servers are intensifying, one of the threat actors behind them is patching them and installing its own backdoor to lock out other attackers. Security experts are monitoring a spike in the number of attacks against …
New Jersey Synagogue Suffers Sodinokibi Ransomware Attack
DataBreaches.netJan 20 2020 02:45
Lawrence Abrams reports: Temple Har Shalom in Warren, New Jersey had their network breached by the actors behind the Sodinokibi Ransomware who encrypted numerous computers on the network. In an email seen by BleepingComputer, Temple Har Shalom…
Security Affairs newsletter Round 247
Security AffairsJan 19 2020 12:05
A new round of the weekly newsletter arrived! The best news of the week with Security Affairs Google removed 1.7K+ Joker…

Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.

Daily Alert – 19 January 2020

Silobreaker’s Daily Cyber Alert is created and distributed automatically by using our award-winning intelligence product Silobreaker Online.

Heat – Trending Malware and Threat Actors
Name Heat 1 Heat 7 Vol 1 Vol 7
JhoneRAT 2 11
Pseudo Darkleech 1 1
PyCL ransomware 1 1
Spora Ransomware 1 1
CryptoShield Ransomware 1 1
PsiXBot 1 1
Ramnit 1 2
Pony Trojan 1 2
Cerber Ransomware 1 2
EITest Campaign 1 1
Data Breaches
Weekly Update 174
Troy Hunt’s BlogJan 18 2020 19:01
Presently sponsored by: Shape –…
Cybercrime Statistics in 2019
Security AffairsJan 18 2020 11:57
I’m preparing the slides for my next speech and I decided to create this post while searching for interesting cybercrime statistics in 2020 Cybercrime will cost as much as $6 trillion annually by 2021. The global…
CA: Adventist Health Notifies 2,653 Patients After Phishing Incident
DataBreaches.netJan 19 2020 02:22
B. J. Hansen reports on a phishing incident that has resulted in Adventist Health Sonora notifying patients. According to the hospital, the incident was discovered on September 30, and an investigation was launched. On October 14, they discovered…
Researchers Find 8 Critical Risks in Android’s VoIP Components
CywareJan 18 2020 07:24
| Out of the eight cybersecurity risks the team found, six were remotely exploitable issues. The vulnerabilities could have enormous security consequences for telecoms first and then to the users. A group of Chinese researchers recently revealed the…
Hacker Groups
Amid Hacking Fears, Key Caucus States to Use App for Results
DigitalMunitionJan 18 2020 07:36
“I do think that we need to give the Iowa team a lot of credit for how seriously they looked at all these issues,” said Eric Rosenbach, co-director of the Belfer Center. DNC spokesman David Bergstein said national officials were coordinating with the…
Proof-of-thought exploits published for the Microsoft-NSA crypto worm – Invest Records
DigitalMunitionJan 19 2020 03:26
Security researchers maintain published earlier this day proof-of-thought (PoC) code for exploiting a lately-patched vulnerability within the Home windows working machine, a vulnerability that has been reported to Microsoft by the US National…
Malware
Researchers Warn About a New Sophisticated Malware Named ‘JhoneRAT’
TechNaduJan 18 2020 11:03
A new malware called JhoneRAT is infecting Arab computers and steals crucial information. The campaign uses multiple payloads and Cloud services so as to evade detection. JhoneRAT is particularly hard to detect as it won’t run on VMs and will blend…
JhoneRAT Is A New Malware Stealing Data From Arabic-Speaking Nations
DigitalMunitionJan 19 2020 04:39
A new RAT (Remote Access Trojan) in the wild is targeting specific Arabic-speaking nations by leveraging Google’s Drive and Microsoft documents for evading detection. Further, its execution from the direct cloud rather than internal memory helped…
New Jersey Synagogue Suffers Sodinokibi Ransomware Attack
BleepingComputer.comJan 18 2020 16:54
Temple Har Shalom in Warren, New Jersey had their network breached by the actors behind the Sodinokibi Ransomware who encrypted numerous computers on the network. […]
This Android Virus Takes Over Your Phone and Sends Out Offensive Messages
MalwareTips.comJan 18 2020 17:55
The latest iteration of Faketoken comes with added capabilities, technically becoming a mass texting tool that empties your bank account. Faketoken has been around for several years already, as the malware was first discovered back in 2014. Each…
Vulnerabilities
Microsoft provides mitigation for actively exploited CVE-2020-0674 IE Zero-Day
Security AffairsJan 18 2020 21:02
Microsoft published a security advisory to warn of an Internet Explorer (IE) zero-day vulnerability (CVE-2020-0674) that is currently being exploited in the wild. Microsoft has published a security advisory (…
Proof-of-thought exploits published for the Microsoft-NSA crypto worm – Invest Records
DigitalMunitionJan 19 2020 03:26
Security researchers maintain published earlier this day proof-of-thought (PoC) code for exploiting a lately-patched vulnerability within the Home windows working machine, a vulnerability that has been reported to Microsoft by the US National…
A Georgia election server was vulnerable to Shellshock and may have been hacked
ArsTechnicaJan 18 2020 15:41
(credit: …
BugTest Lab wrote a new post, CVE-2019-19781 Exploit PoC | Remote Code Execution
DigitalMunitionJan 18 2020 16:55
[embedded content] CVE-2019-19781 PoC – Remote Code Execution on Citrix Netscaler Gateway via Dir traversal Scripts: Scanner: https://github.com/trustedsec/cve-2019-19781/blob/master/cve-2019-19781_scanner.py Nmap Scanning Script:…
Ongoing Campaigns
Researchers Warn About a New Sophisticated Malware Named ‘JhoneRAT’
TechNaduJan 18 2020 11:03
A new malware called JhoneRAT is infecting Arab computers and steals crucial information. The campaign uses multiple payloads and Cloud services so as to evade detection. JhoneRAT is particularly hard to detect as it won’t run on VMs and will blend…
JhoneRAT Is A New Malware Stealing Data From Arabic-Speaking Nations
DigitalMunitionJan 19 2020 04:39
A new RAT (Remote Access Trojan) in the wild is targeting specific Arabic-speaking nations by leveraging Google’s Drive and Microsoft documents for evading detection. Further, its execution from the direct cloud rather than internal memory helped…
Microsoft Issues Mitigation for Actively Exploited IE Zero-Day
MalwareTips.comJan 18 2020 13:59
Microsoft published a security advisory containing mitigation measures for an actively exploited zero-day remote code execution (RCE) vulnerability impacting Internet Explorer. Redmond's advisory says that the company is aware of "limited…
New Jersey Synagogue Suffers Sodinokibi Ransomware Attack
BleepingComputer.comJan 18 2020 16:54
Temple Har Shalom in Warren, New Jersey had their network breached by the actors behind the Sodinokibi Ransomware who encrypted numerous computers on the network. […]

Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.

Daily Alert – 18 January 2020

Silobreaker’s Daily Cyber Alert is created and distributed automatically by using our award-winning intelligence product Silobreaker Online.

Heat – Trending Malware and Threat Actors
Name Heat 1 Heat 7 Vol 1 Vol 7
JhoneRAT 7 9
NOTROBIN 4 6
EMOTET Trojan 8 27
TA542 2 2
Anonymous Group 2 5
URSNIF 2 3
Trickbot Malware 3 10
Anonymous Iran 1 1
Shield Iran 1 1
Chthonic Trojan 1 1
Data Breaches
Aussie Bank Says Server Upgrade Led to Data Breach
CUInfoSecurityJan 17 2020 15:05
Third-Party Hosting Provider to Blame, P&N Bank Says P&N Bank in Perth, Australia, says a server upgrade gone wrong led to the breach of sensitive personal information in its customer relationship management system. The incident is another example how…
Law enforcement seized WeLeakInfo.com for selling access to data from data breaches
Security AffairsJan 17 2020 10:05
The FBI has seized the WeLeakInfo.com websites for selling subscriptions to data that were exposed in data breaches. WeLeakInfo.com is a data breach notification service that allows its customers to verify if their credentials been compromised in…
Ukraine Says Personal Data Leaked From Government Jobs Portal
Office of Inadequate SecurityJan 17 2020 19:55
Reuters reports: Ukraine’s top state security body acknowledged on Friday that some citizens’ personal data had…
Expert Comments On WeLeakInfo.com Seized For Selling Info From Data Breaches | Information Security Buzz
Information Security BuzzJan 17 2020 19:54
The UK NCA, the FBI and the German Bundeskriminalamt have coordinated to take ownership of WeLeakInfo.com, a domain for selling subscriptions to data exposed in breaches. We Leak Info claimed to have compiled almost 12.5 billion records stolen from…
Hacker Groups
Emotet back from Christmas break to wreak havoc on networks
SC Magazine UKJan 17 2020 11:56
1 hour ago Massive campaign by APT group targets pharma companies in the US, Mexico, Germany, Japan and Australia amongst other regions and sectors Emotet has returned to victim’s inboxes after a Christmas hiatus, according to security researchers. The…
Iran vs U.S., The Cyber Front Explained
DataBreaches.netJan 17 2020 15:20
On January 3, the U.S. announced the successful assassination of Qasem Soleimani, Iran’s top general. Dire warnings about retaliation immediately appeared in the news, and it wasn’t long before we began to see headlines claiming that Iran…
Return Of Emotet In New 2020 Campaign – Expert On Research
Information Security BuzzJan 17 2020 20:18
Researchers at cybersecurity firm Proofpoint have observed that the prolific botnet Emotet has returned to the email threat landscape after a hiatus at the end of 2019. The Trojan-turned-botnet is being distributed by threat group TA542, using…
Amid Hacking Fears, Key Caucus States to Use App for Results
DigitalMunitionJan 18 2020 07:36
“I do think that we need to give the Iowa team a lot of credit for how seriously they looked at all these issues,” said Eric Rosenbach, co-director of the Belfer Center. DNC spokesman David Bergstein said national officials were coordinating with the…
Malware
Clop Ransomware Not Just a CryptoMix Variant
Security Bloggers NetworkJan 17 2020 07:00
JhoneRAT Exploits Cloud To Attack Middle Eastern Countries
News ≈ Packet StormJan 17 2020 16:27
Renewed Emotet phishing activity targets UN, government and military users
SC Magazine USJan 17 2020 13:28
Since resuming operations after a holiday hiatus, the malicious actors behind the Emotet banking trojan network have reportedly targeted at least 82 countries with spam and crafted a special phishing campaign targeting the United Nations. Meanwhile,…
New JhoneRAT Malware Targets Middle East
Threatpost.comJan 17 2020 22:01
Researchers say that JhoneRAT has various anti-detection techniques – including making use of Google Drive, Google Forms and Twitter.
Vulnerabilities
Expert released PoC exploits for recently disclosed Cisco DCNM flaws
Security AffairsJan 17 2020 07:43
A researcher has publicly released some proof-of-concept (PoC) exploits and technical details for flaws in Cisco’s Data Center Network Manager (DCNM). Early this month, Cisco released …
Attacker Installs Backdoor, Blocks Others From Exploiting Citrix ADC Vulnerability
Security WeekJan 17 2020 20:07
A threat group targeting the recently disclosed critical vulnerability in Citrix Application Delivery Controller (ADC) is installing their own backdoor while cleaning up other malware infections and blocking others from exploiting the vulnerability,…
It’s Friday, the weekend has landed… and Microsoft warns of an Internet Explorer zero day exploited in the wild
ste williamsJan 18 2020 05:35
Roundup Welcome to another Reg roundup of security news. Still using Internet Explorer? Don’t. There’s another zero-day Microsoft let slip on Friday an advisory detailing an under-attack zero-day vulnerability (CVE-2020-0674) for Internet…
WordPress plugin vulnerability can be exploited for total website takeover
ZDNet SecurityJan 17 2020 13:10
The “easily exploitable” bug in WP Database Reset has serious consequences for webmasters.
Ongoing Campaigns
Emotet back from Christmas break to wreak havoc on networks
SC Magazine UKJan 17 2020 11:56
1 hour ago Massive campaign by APT group targets pharma companies in the US, Mexico, Germany, Japan and Australia amongst other regions and sectors Emotet has returned to victim’s inboxes after a Christmas hiatus, according to security researchers. The…
Iran vs U.S., The Cyber Front Explained
DataBreaches.netJan 17 2020 15:20
On January 3, the U.S. announced the successful assassination of Qasem Soleimani, Iran’s top general. Dire warnings about retaliation immediately appeared in the news, and it wasn’t long before we began to see headlines claiming that Iran…
Renewed Emotet phishing activity targets UN, government and military users
SC Magazine USJan 17 2020 13:28
Since resuming operations after a holiday hiatus, the malicious actors behind the Emotet banking trojan network have reportedly targeted at least 82 countries with spam and crafted a special phishing campaign targeting the United Nations. Meanwhile,…
Attacker Installs Backdoor, Blocks Others From Exploiting Citrix ADC Vulnerability
Security WeekJan 17 2020 20:07
A threat group targeting the recently disclosed critical vulnerability in Citrix Application Delivery Controller (ADC) is installing their own backdoor while cleaning up other malware infections and blocking others from exploiting the vulnerability,…

Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.

Daily Alert – 17 January 2020

Silobreaker’s Daily Cyber Alert is created and distributed automatically by using our award-winning intelligence product Silobreaker Online.

Heat – Trending Malware and Threat Actors
Name Heat 1 Heat 7 Vol 1 Vol 7
EMOTET Trojan 12 20
FakeToken 5 9
SNAKE Ransomware 3 8
Geodo Trojan 2 2
ELF Malware 2 2
Nemty Ransomware 2 5
WannaCry Ransomware 3 14
Trickbot Malware 3 14
Stop Ransomware 1 1
ROKRAT Trojan 1 1
Data Breaches
Court Approves Equifax Data Breach Settlement
SecurityWeek RSS FeedJan 16 2020 16:41
On January 13, 2020, a federal court approved the proposed settlement for the class action suit filed against Equifax over the massive data breach it revealed in September 2017. …
Uncle Sam compensates you for data leaks (yeah, right)
We use words to save the world | Kaspersky Lab Official BlogJan 16 2020 10:00
Data leaks of all sorts regularly crop up in the news, and recently so have fines, some potentially reaching into the …
FBI Seize WeLeakInfo.com For Selling Info From Data Breaches
BleepingComputer.comJan 17 2020 01:11
As a clear indication of how law enforcement views the commercial disclosure of stolen information, the FBI has seized the WeLeakInfo.com domain for selling subscriptions to data exposed in breaches. […]
2019 in Review: Data Breach Statistics and Trends
Security Bloggers NetworkJan 16 2020 18:26
What were the most significant data breaches in 2019? Will ransomware still be a threat in 2020? (Spoiler alert: It’s forecast to…
Hacker Groups
Russians Hack Ukrainian Gas Company – Experts Comments | Information Security Buzz
Information Security BuzzJan 16 2020 12:54
Russian military hackers have been boring into the Ukrainian gas company, Burisma, at the centre of the Trump impeachment affair, according to security experts. The hacking attempts against Burisma, on whose board Hunter Biden (Joe Biden’s son)…
Microsoft urges critical Windows 10 patch | Information Age
DigitalMunitionJan 16 2020 08:08
Microsoft has pushed out its latest security updates that include patches for severe vulnerabilities affecting Windows 10 and Windows Server 2016/2019. US security agencies published announcements encouraging system administrators to ensure updates…
European Skin Care Perricone websites Suffer Multiple MageCart Attacks Attribution link: https://latesthackingnews.com/2020/01/12/european-skin-care-perricone-websites-suffer-multiple-magecart-attacks/
Seclists.org – Data LossJan 16 2020 15:16
Posted by Destry Winant on Jan 16…
JhoneRAT: Cloud based python RAT targeting Middle Eastern countries
Talos Intelligence BlogJan 16 2020 19:18
Malware
Clop Ransomware Not Just a CryptoMix Variant
Security Bloggers NetworkJan 17 2020 07:00
5ss5c Ransomware emerges after Satan went down in the hell
Security AffairsJan 16 2020 07:05
The cybercrime group behind Satan ransomware and other malware seems to be involved in the development of a new threat named 5ss5c. The threat actors behind the …
Paradise Ransomware decryption tool
Security Bloggers NetworkJan 16 2020 13:20
We’re happy to announce a new decryptor for Paradise Ransomware. Paradise Ransomware, initially spotted in…
Emotet strikes again, targeting 600 United Nations personnel
Security Bloggers NetworkJan 16 2020 10:56
The Emotet Trojan, identified by security…
Vulnerabilities
PoC Exploits Released for Crypto Vulnerability Found by NSA
Security WeekJan 16 2020 14:13
Several proof-of-concept (PoC) exploits have already been created — and some of them have been made public — for CVE-2020-0601, the crypto-related Windows vulnerability that recently after being notified by the U.S. National Security Agency. The…
Two PoC exploits for CVE-2020-0601 NSACrypto flaw released
Security AffairsJan 16 2020 12:48
Researchers published proof-of-concept (PoC) code exploits for a recently-patched CVE-2020-0601 flaw in the Windows operating system reported by NSA. Security researchers have published two proof-of-concept (PoC) code exploits for the…
PoCs for Windows CryptoAPI Bug Are Out, Show Real-Life Exploit Risks
MalwareTips.comJan 16 2020 19:37
Proof-of-concept exploit code is now available for the Windows CryptoAPI spoofing vulnerability tracked as CVE-2020-0601 and reported by the National Security Agency (NSA), just two days after Microsoft released a patch. The PoC exploits for the flaw…
A Windows 10 Vulnerability Was Used to Rickroll the NSA and Github
DigitalMunitionJan 17 2020 01:03
Less than a day after Microsoft disclosed one of the most critical Windows vulnerabilities ever, a security researcher has demonstrated how attackers can exploit it to cryptographically impersonate any website or server on the internet. ARS TECHNICA Th…
Ongoing Campaigns
Emotet strikes again, targeting 600 United Nations personnel
HOTforSecurityJan 16 2020 10:56
Ako Ransomware Using Spam Attachments to Target Networks
Security Bloggers NetworkJan 16 2020 11:56
Security researchers observed that Ako ransomware is using malicious spam attachments to go after organizations’ networks. On January 14, AppRiver Senior Cybersecurity Analyst David Pickett contacted Bleeping Computer and told the computer…
Airbus researcher explores ‘Stuxnet-type attack’ for security training
Cyberscoop – NewsJan 16 2020 19:45
Stuxnet, the potent malware reportedly deployed by the U.S. and Israel to disrupt an Iranian nuclear facility a decade ago, helped change the way that many…
Five Major US Wireless Carriers Are Vulnerable to SIM Swapping
HOTforSecurityJan 16 2020 14:21

Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.

Threat Summary: 10 – 16 January 2020

10 – 16 January 2020

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Trending Vulnerable Products

Open Source
Name Heat 7d
CryptoAPI

Windows Server 2016

Windows 10

Microsoft Windows

Oracle Enterprise Manager
Deep & Dark Web
Name Heat 7d
CryptoAPI

Windows Server 2016

Mozilla Firefox

Windows 10

Windows 7

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches
Company Information Affected
btyDENTAL (US) The Alaska-based dentist is informing its patients of a ransomware attack on its servers that took place on November 17th, 2019. No evidence of unauthorised access to patient data was found. However, the attack may have exposed patients’ health information, including patients’ names and x-ray images. 2,008
NARA NW (US) The Native American Rehabilitation Association of the Northwest (NARA NW) became the victim of a phishing attack on November 4th, 2019, that resulted in an Emotet infection of email accounts containing patient data. Potentially accessed data includes names, home addresses, dates of birth, Social Security numbers, and medical record or patient ID numbers. In some cases, patient clinical information may also have been exposed. 344
CheckPeople (US) Security researcher Lynx discovered an exposed database which contains the personal information of 56.25 million US residents. The 22GB database contains information such as names, addresses, phone numbers, and more. Metadata on the database suggested that it belongs to the Florida-based company CheckPeople which provides people-finding services. The accessible information was being hosted from a Chinese IP address which is associated with Alibaba’s web hosting services. 56,250,000
The Center for Facial Restoration Inc (US) The Center for Facial Restoration Inc (TCFFR) was targeted in a ransomware attack on November 8th, 2019. TCFFR’s founder Richard Davis stated that the hackers claimed to have all of the company’s patient data, affecting up to 3,500 former and current patients. Compromised data may include driving licenses, passports, home addresses, email addresses, phone numbers, patient photographs, and credit card payment receipts. 3,500
Voogueme, Zeelool (US) Security Discovery researchers identified a publicly accessible database which contained references to eyewear retailers Voogueme and Zeelool. Data exposed in the breach included 186,000 sales records, 40.4 million visitor IP addresses, and information which could have allowed a malicious party to probe further into company systems. The sales records contained information such as email addresses, product types, billing amounts, and more. Unknown
Fresh Film Production (UK) An unsecured AWS S3 bucket storing over 1,500 files containing sensitive data was discovered by Verdict. Exposed data included the personal details of participants of one of Unilever’s Dove advertisement campaigns, such as names, addresses, email addresses, and more, as well as passport scans and flight details. Further files included the private data of individuals that had auditioned but were not selected, and files related to the crew, professional cast members and companies that Fresh Film Production works with. Unknown
CHS Consulting (UK) Researchers at vpnMentor discovered an unsecured AWS S3 bucket labelled ‘CHS.’ The researchers traced this back to London-based CHS Consulting, however the ownership has yet to be confirmed. The database contained files belonging to a number of UK-based consultancy firms, the majoirty of which were from 2014 to 2015. The types of files stored on the database included thousands of passport scans, extensive background checks, criminal records, and more. >1,000
Halyk Bank (Kazakhstan) A post on darknet site Migalki advertises an archive of 80,000 credit cards allegedly stolen from Kazakhstan’s largest bank. EHacking News notes that, because only cards from Halyk Bank are included, the cards were likely stolen ‘inside the structure’. Alternatively, it may be a honeypot set up by the bank to lure threat actors into attacking, and thus reveal their methods. 80,000
Bithouse Inc (China) Researchers at Twelve Security identified an exposed Elasticsearch database belonging to the company, who develop the Peekaboo Moments app. The database, which was 100GB in size, contained over 70 million log files dating from March 2019. Exposed information included approximately 800,000 email addresses, device data, links to photos and videos, and more. Unknown
LimeLeads (US) ZDNet was notified by a reader that a well-known data trader, operating under the alias Omnichorus, has been selling a database of 49 million business contacts on a hacking forum since October 2019. The information was exposed on an internal unsecured Elasticsearch server belonging to LimeLeads, which had been open since at least July 27th until September 17th, 2019. The exposed information contains full names, email addresses, titles, company addresses, phone numbers, and more. 49,000,000
PlanetDrugsDirect (US/Canada) Canadian-based online pharmaceutical company PlanetDrugsDirect notified customers of a data leak.The notification email failed to disclose details of the ‘data security incident’, instead stating that an investigation was ongoing. Potentially exposed information includes names, addresses, phone numbers, medical information, and payment information. Unknown
Alpha Bank, Piraeus Bank, Eurobank,National Bank of Greece (Greece) In response to reports of a few dozen compromised card details, Alpha Bank, Piraeus Bank, Eurobank and the National Bank of Greece announced that they are cancelling and replacing about 15,000 credit and debit cards of users who made a transaction on an unnamed online tourist service portal. Unknown
P&N Bank (Australia) P&N Bank notified customers of ‘online criminal activity’ which led to the exposure of their personal information. The company stated that the attack took place around December 12th, 2019, and involved a third-party hosting company.The attack compromised P&N Bank’s customer relationship management system and led to the exposure of names, addresses, account numbers, account balances, and more. Unknown
Europa Jobs The private data of 226,000 users of the now defunct Europa[.]jobs website was redistributed on a popular hacking forum following a data breach in August 2019. Exposed data includes email addresses and personal information, including names, dates of birth, job applications, and passwords. 226,000
PussyCash Researchers at vpnMentor identified an exposed Amazon S3 Bucket which belonged to adult entertainment company PussyCash.The database was 19.95GB in size and contained 875,000 files related to over 4,000 models. This included documents such as passports, ID cards, credit cards, model release forms, and birth certificates. Exposed information included names, birthdates, passport numbers, ID photos, signatures, fingerprints, and more. 4,000

This table shows a selection of leaks and breaches reported this week.

Malware Mentions in Banking

This chart shows the trending Malware related to Banking over the last week.

Weekly Industry View
Industry Information
Banking & Finance Researchers at Kaspersky identified thousands of attacks directed against major banks located in Sub-Saharan Africa that began in the first week of January 2020. The researchers urged all banks to remain vigilant. The malware involved suggests that the Russian speaking Silence hacker group is behind the attacks. The malware is written in Russian and has previously only been used by Silence. Silence are known for carrying out multiple successful campaigns against banks and financial organisations across the globe.
Government Researchers at Cofense identified a narrowly targeted campaign directed against email addresses associated with the United Nations. The attackers, who pose as the Permanent Mission of Norway to the United Nations in New York, sent emails to around 600 unique email addresses. The email states that an issue has arisen and asks the recipient to review an attached Word document. Opening the document prompts the user to ‘Enable Content’ or ‘Enable Editing’. Targets who comply with the request will inadvertently enable malicious Word macros that will download and install Emotet malware. Following the infection, Emotet will send out spam to other victims before downloading additional payloads such as Trickbot malware.
Technology ClearSky researchers discovered new malware, dubbed PowDesk, that targets hosts running LANDesk Management Agent. The researchers attribute it with a medium-high level of certainty to the Iranian APT34, as one of their main targets has previously been the IT sector. The malware also shares similarities with QUADAGENT, a malware previously linked to the group. Differences to QUADAGENT include the PowerShell code not being encoded or encrypted, allowing the researchers to read the commands in cleartext. Additionally, PowDesk communicates with its C2 via HTTP protocol and with a PHP page, as opposed to DNS tunnelling, as is the case with QUADAGENT.
Retail, Hospitality & Tourism Security researchers at RapidSpike discovered that the British, German, and Italian websites of skincare brand Perricone MD had been compromised by two competing MageCart groups. The attackers placed skimmers on the checkout pages of each website in an attempt to exfiltrate users’ card information. The first skimmer was placed on the websites on November 2018. However, a coding error prevented successful data exfiltration. In November 2019, a second script was placed on the sites by a rival group. This second script was more complex than the first and also contained functionality which prevented their rivals’ malicious scripts from working correctly. The researchers speculated that the attackers were able to deploy their malicious script due to a vulnerability in the Magento platform which is used to run the websites.
Education In November 2019 the Texas based Manor Independent School District inadvertently wired $2.3 million to a hacker. The details of the attack are unclear. The Register speculated that an attacker accessed school systems and changed account details, or a member of staff was tricked into changing details. The theft is currently being investigated by the Manor Police Department and the Federal Bureau of Investigations.

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.
The Silobreaker Team

Daily Alert – 16 January 2020

Silobreaker’s Daily Cyber Alert is created and distributed automatically by using our award-winning intelligence product Silobreaker Online.

Heat – Trending Malware and Threat Actors
Name Heat 1 Heat 7 Vol 1 Vol 7
5ss5c Ransomware 6 7
Satan Ransomware 6 7
DBGer Ransomware 4 5
Syrian Electronic Army 2 2
Bart Ransomware 2 2
FakeToken 2 4
Gaza Cybergang 2 2
WannaCry Ransomware 3 13
POWRUNER Backdoor 1 1
Casbaneiro 1 1
Data Breaches
2017 Data Breach Will Cost Equifax at Least $1.38 Billion
Dark Reading – All StoriesJan 15 2020 23:00
Company agrees to set aside a minimum of $380.5 million as breach compensation and spend another $1 billion on transforming its information security over the next five years. The 147 million US consumers affected by the breach have one week from…
P&N Bank Data Breach Exposes Trove Of User Data
SecurityPhreshJan 15 2020 20:11
PN Bank is reportedly sending out notifications to customers of a data breach that resulted in a large amount of sensitive information being compromised.read more
PussyCash adult webcam data breach exposes highly sensitive data of models
Graham CluleyJan 15 2020 15:48
You may have been expecting to reveal a lot by signing up as an adult webcam model, but I doubt this is quite what you had in mind.
WAs P&N Bank Hit By Data Breach
SecurityPhreshJan 16 2020 00:46
Non-sensitive data from CMS accessed.
Hacker Groups
Iranian Threat Actors: Preliminary Analysis
Security AffairsJan 15 2020 09:02
Nowadays Iran’s Cybersecurity capabilities are under the microscope, experts warn about a possible infiltration of the Iranian government. Nowadays Iran’s Cybersecurity capabilities are under microscope, many news sites, gov. agencies and security…
APT40 hacking group linked to 13 alleged front companies in Hainan, China
SC Magazine USJan 15 2020 18:27
The mysterious research group Intrusion Truth has unleashed a new series of reports claiming that 13 businesses based in the southern island province of Hainan, China are collectively a front for reputed Chinese state-sponsored hacking group APT40 . T…
Alien Labs 2019 Analysis of Threat Groups Molerats and APT-C-37
AlienVault BlogsJan 15 2020 14:00
In 2019, several industry analyst reports confused the threat groups Molerats and APT-C-37 due to their similarity, and this has led to some confusion and inaccuracy of attribution. For example, both groups target the Middle East and North…
Russian Phishers Hit Firm at Center of Trump Impeachment
Infosecurity – Latest NewsJan 15 2020 10:40
Russian Phishers Hit Firm at Center of Trump Impeachment An infamous Kremlin-backed hacking group has launched a coordinated phishing campaign aimed at Ukrainian firm Burisma Holdings, in what looks like an attempt to find internal information…
Malware
5ss5c Ransomware emerges after Satan went down in the hell
Security AffairsJan 16 2020 07:05
The cybercrime group behind Satan ransomware and other malware seems to be involved in the development of a new threat named 5ss5c. The threat actors behind the …
Satan Ransomware Rebrands As 5ss5c Ransomware
News ≈ Packet StormJan 15 2020 17:21
Faketoken malware sends expensive & offensive texts at your expense
HackReadJan 15 2020 15:52
Home » Security » Faketoken malware sends expensive & offensive texts at your expense
You Should Be Scared of the Latest Strains of Phobos Ransomware
DigitalMunitionJan 16 2020 02:40
In an unusual twist, it’s not actually the ransomware itself that makes the newer forms of Phobos so frightening; it’s the people behind the attacks that will have you worried. The Phobos family of ransomware has been around since late 2017 and has…
Vulnerabilities
Google Researchers Publish Technical Details of Critical iMessage Vulnerability
CywareJan 15 2020 15:35
| The vulnerability only affects the devices that are running iOS 12 or later versions. The security flaw has a CVSS score of 9.8. Google Project Zero security researchers have published technical details on the critical iMessage vulnerability that was…
Microsoft addresses CVE-2020-0601 flaw, the first issue ever reported by NSA
Security AffairsJan 15 2020 08:04
Microsoft has released a security update to address “a broad cryptographic vulnerability” that is impacting its Windows operating system. Microsoft Patch Tuesday updates for January 2020 address a total of 49 vulnerabilities in various products,…
The new critical vulnerability in Windows 10 has a solution: UPDATE NOW
MediaCenter Panda SecurityJan 15 2020 14:48
CVE-2020-0601 Followup, (Wed, Jan 15th)
SANS Internet Storm Center, InfoCON: greenJan 15 2020 18:47
Among the patches Microsoft released yesterday, the vulnerability in the CryptoAPI got by far the most attention. Here are some answers to questions we have received about this vulnerability. Many of these questions also came from our webcast…
Ongoing Campaigns
You Should Be Scared of the Latest Strains of Phobos Ransomware
DigitalMunitionJan 16 2020 02:40
In an unusual twist, it’s not actually the ransomware itself that makes the newer forms of Phobos so frightening; it’s the people behind the attacks that will have you worried. The Phobos family of ransomware has been around since late 2017 and has…
Alien Labs 2019 Analysis of Threat Groups Molerats and APT-C-37
AlienVault BlogsJan 15 2020 14:00
In 2019, several industry analyst reports confused the threat groups Molerats and APT-C-37 due to their similarity, and this has led to some confusion and inaccuracy of attribution. For example, both groups target the Middle East and North…
Emotet Used Phishing Emails to Target the United Nations
Security Bloggers NetworkJan 15 2020 12:33
The Emotet trojan recently leveraged a phishing campaign to target email addresses associated with users at the United Nations. In an email provided by Cofense to Bleeping Computer, Emotet’s handlers pretended to be representatives of Norway…
Texas School District Loses $2.3 Million to Phishing Scam, BEC 1/15/20 12:00 PM
Trend MicroJan 15 2020 10:12
Manor Independent School District (MISD) in Texas is investigating an email phishing attack after a series of seemingly normal school-vendor transactions resulted in the loss of an estimated US$2.3 million. According to the statement posted on…

Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.

Daily Alert – 15 January 2020

Silobreaker’s Daily Cyber Alert is created and distributed automatically by using our award-winning intelligence product Silobreaker Online.

Heat – Trending Malware and Threat Actors
Name Heat 1 Heat 7 Vol 1 Vol 7
APT28 7 9
The Shadow Brokers 2 2
WannaCry Ransomware 3 10
tRAT 1 1
Bureau 121 1 1
Jaff Ransomware 1 1
EncodeBase64 1 1
Satan Ransomware 1 1
Iron Ransomware 1 1
Lucky Ransomware 1 1
Data Breaches
“Real People,” real data leak: Production company leak exposed personal data of Dove ‘real people’ ad participants
Office of Inadequate SecurityJan 14 2020 18:32
Lucy Ingham reports: A data breach at UK-based Fresh Film Productions, which makes adverts for high-profile companies…
Baby’s First Data Breach: App Exposes Baby Photos, Videos
Office of Inadequate SecurityJan 14 2020 12:52
Jeremy Kirk reports on a data leak: Picture this: A short video features a bundled baby, snoring gently, who flashes a…
Washington State Attorney General’s Office 2019 Data Breach Report
Office of Inadequate SecurityJan 14 2020 15:56
For those who may not know, Washington State produces its own data breach report annually.  Here’s a snippet from…
IT Asset Disposition (ITAD) is the Slow Motion Data Breach Nobody notices
The Security Ledger – RSSJan 14 2020 15:29
Efforts to wall off sensitive corporate and government data from foreign adversaries have a gaping hole: IT asset disposition (ITAD), where vendors – many owned by Chinese firms – process discarded hardware and data with little oversight. T…
Hacker Groups
‘Fancy Bear’ Targets Ukrainian Oil Firm Burisma in Phishing Attack
Dark Reading – All StoriesJan 14 2020 20:30
The oil & gas company is at the heart of the ongoing US presidential impeachment case.
Aussie Bushfires Donation Site Hit by Magecart Thieves
Infosecurity – Latest NewsJan 14 2020 09:42
Aussie Bushfires Donation Site Hit by Magecart Thieves A website set-up to accept donations for victims of the devastating Australian bushfires has become a victim itself — of digital skimming code designed to harvest card details. Security…
China-linked APT40 group hides behind 13 front companies
Security AffairsJan 14 2020 07:02
A group of anonymous security researchers that calls itself Intrusion Truth have tracked the activity of a China-linked cyber–espionage group dubbed APT40. A group of anonymous security researchers that calls itself Intrusion Truth has discovered…
Russia’s Fancy Bear successfully hacked Burisma during impeachment probe
DigitalMunitionJan 14 2020 17:23
As the House Intelligence Committee held impeachment hearings last fall, members of the Russian GRU, known as Fancy Bear, successfully hacked Burisma, the Ukrainian energy company at the center of the impeachment investigation. In an echo of the 2016…
Malware
Nemty ransomware makers may be latest to adopt data leak strategy
SC Magazine USJan 14 2020 20:28
Following in the footsteps of Maze and Sodinokibi , it appears the makers another malicious encryption program plans to adopt the tactic of publishing data that’s been exfiltrated from targets. According to a BleepingComputer report , Nemty ransomware…
Sodinokibi Ransomware Publishes Stolen Data for the First Time
Seclists.org – Data LossJan 14 2020 15:18
Posted by Destry Winant on Jan 14…
Albany Airport Pays Ransom after Sodinokibi Ransomware Attack
HOTforSecurityJan 14 2020 14:24
Ryuk Ransomware Uses Wake-on-Lan To Encrypt Offline Devices
BleepingComputer.comJan 14 2020 08:30
The Ryuk Ransomware uses the Wake-on-Lan feature to turn on powered off devices on a compromised network to have greater success encrypting them. […]
Vulnerabilities
Microsoft’s January 2020 Patch Tuesday Kicks Off the New Year with 49 New CVEs
Tenable BlogJan 15 2020 00:15
Microsoft kicks off 2020 by patching 49 CVEs, eight of which are rated as critical. Microsoft rang in 2020 with 49 CVEs addressed in the …
Cable Haunt RCE vulnerability exposes millions of modems to exploitation
SC Magazine USJan 14 2020 10:28
Researchers have disclosed the discovery of a critical remote code execution vulnerability in millions of Broadcam cable modems, including about 200 million in Europe alone. Named Cable Haunt, the flaw consists of a combination of “lack of proper…
Windows User Urged to Patch A Cryptographic vulnerability on Windows
DigitalMunitionJan 15 2020 03:47
Windows users are recommended to immediately patch the critical Cryptographic vulnerability that existing in the Windows CryptoAPI (Crypt32.dll) that affected Windows cryptographic functionality in Windows 10, client and server. The vulnerability…
NSA Discloses Serious Windows Vulnerability to Microsoft
Security WeekJan 14 2020 20:18
The U.S. National Security Agency (NSA) has informed Microsoft that Windows is affected by a potentially serious spoofing vulnerability that could allow hackers to make a malicious file appear to come from a trusted source or conduct…
Ongoing Campaigns
Five Ley Cyber-Attack Trends for This Year
Infosec Island Latest ArticlesJan 14 2020 13:21
‘It’s not if, but when’ is a long-established trope in the world of cybersecurity, warning organizations that no matter how robust their defenses, nor how sophisticated their security processes, they cannot afford to be…
How to prevent a rootkit attack
Malwarebytes Labs BlogJan 14 2020 17:31
If you’re ever at the receiving end of a rootkit attack, then you’ll understand why they are considered one of the most dangerous cyberthreats today. …
Albany Airport Pays Ransom after Sodinokibi Ransomware Attack
HOTforSecurityJan 14 2020 14:24
Weekly Threat Briefing: Iranian Hackers Have Been ‘Password-Spraying’ the US Grid
ThreatStream BlogJan 14 2020 15:00
The intelligence in this week’s iteration discuss the following threats: APTs, Credential theft, Iran, Malware, Ransomware, and Vulnerabilities. The IOCs related to these stories are attached…

Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.

Daily Alert – 14 January 2020

Silobreaker’s Daily Cyber Alert is created and distributed automatically by using our award-winning intelligence product Silobreaker Online.

Heat – Trending Malware and Threat Actors
Name Heat 1 Heat 7 Vol 1 Vol 7
Sodinokibi Ransomware 12 69
APT40 4 4
SNAKE Ransomware 3 13
PowerTrick 3 18
FakeToken 2 2
Anonymous Group 2 2
Phobos Ransomware 2 4
Bronze President 2 5
APT33 2 16
APT34 2 13
Data Breaches
U.S. Healthcare Data Breach Cost $4 Billion in 2019. 2020 Won’t Be Any Better
Security Bloggers NetworkJan 13 2020 08:15
London: New data leak exposes owners of 400,000 anonymous companies
Office of Inadequate SecurityJan 13 2020 16:41
Richard L. Cassin reports: Millions of documents leaked from a corporate services firm with a posh London address are…
Man jailed for using data breach info leaks to claim over $12 million in IRS tax refunds
Seclists.org – Data LossJan 13 2020 15:27
Posted by Destry Winant on Jan 13…
Dixons Carphone fined £500,000 for massive data breach
Seclists.org – Data LossJan 13 2020 15:27
Posted by Destry Winant on Jan 13…
Hacker Groups
Report: Chinese hacking group APT40 hides behind network of front companies
ZDNet SecurityJan 13 2020 17:01
A group of anonymous security analysts have tracked down 13 front companies operating in the island of Hainan through which they say the Chinese state has been recruiting hackers.
Website Collecting Australian Fire Donations Hit by Magecart
Dark Reading – All StoriesJan 13 2020 22:00
The attack may have compromised donors' payment information.
[CPRadio] Domestic Kitten: An Iranian Surveillance Operation
Check Point Research – RSSJan 13 2020 23:53
The Middle East is a turbulent and explosive region, to put it mildly – and that is why when Aseel Kial, a Malware Analyst at CheckPoint, came across a new malware targeting ISIS operatives, she wasn’t terribly surprised. The surprise came,…
China-linked APT40 group hides behind 13 front companies
Security AffairsJan 14 2020 07:02
A group of anonymous security researchers that calls itself Intrusion Truth have tracked the activity of a China-linked cyber–espionage group dubbed APT40. A group of anonymous security researchers that calls itself Intrusion Truth has discovered…
Malware
The Faketoken Trojan sends out offensive texts
We use words to save the world | Kaspersky Lab Official BlogJan 13 2020 11:13
The inventiveness of virus makers knows no bounds. Some ransomware apps now have mining capabilities, and …
Nemty Ransomware to Start Leaking Non-Paying Victim’s Data
BleepingComputer.comJan 13 2020 20:05
The Nemty Ransomware has outlined plans to create a blog that will be used to publish stolen data for ransomware victims who refuse to pay the ransom. […]
Sodinokibi Hackers Now Use Stolen Data for Blackmail
HOTforSecurityJan 13 2020 13:59
Emotet Malware Restarts Spam Attacks After Holiday Break
BleepingComputer.comJan 13 2020 17:26
After almost a three-week holiday vacation, the Emotet trojan is back and targeting the over eighty countries with malicious spam campaigns.  […]
Vulnerabilities
Severe Citrix Flaw: Proof-of-Concept Exploit Code Released
BankInfoSecurityJan 13 2020 11:15
Attackers Probe for Vulnerable Systems, as Citrix…
Newly discovered ‘Cable Haunt’ flaw exposes nearly 200 million Broadcom-based modem cables to MITM attacks
CywareJan 13 2020 12:45
​ | The vulnerability impacts a standard component of Broadcom chips called a spectrum analyzer. The flaw can be exploited by tricking a victim into opening a specially crafted web page that contains malicious JavaScript code. Nearly 200 million cable…
Exploits Published for Citrix ADC Vulnerability, Patches Coming Soon
Security WeekJan 13 2020 12:18
Exploits targeting the recent Citrix Application Delivery Controller (ADC) vulnerability have already been published online, yet security patches will not be available for at least another week. Impacting both (previously known as NetScaler ADC and…
Cisco Webex vulnerability allows hackers to take control of your network
DigitalMunitionJan 13 2020 20:36
Vulnerability testing specialists report the presence of a critical security flaw in some Cisco products, including Webex , the popular video conferencing platform. If exploited, the vulnerability could allow a remote hacker to execute commands on…
Ongoing Campaigns
Sodinokibi Hackers Now Use Stolen Data for Blackmail
HOTforSecurityJan 13 2020 13:59
[CPRadio] Domestic Kitten: An Iranian Surveillance Operation
Check Point Research – RSSJan 13 2020 23:53
The Middle East is a turbulent and explosive region, to put it mildly – and that is why when Aseel Kial, a Malware Analyst at CheckPoint, came across a new malware targeting ISIS operatives, she wasn’t terribly surprised. The surprise came,…
Emotet Malware Restarts Spam Attacks After Holiday Break
BleepingComputer.comJan 13 2020 17:26
After almost a three-week holiday vacation, the Emotet trojan is back and targeting the over eighty countries with malicious spam campaigns.  […]
TrickBot developers have spun up a new backdoor for high-value targets
DigitalMunitionJan 13 2020 20:26
Written by Shannon Vavra Jan 9, 2020 | CYBERSCOOP The people behind banking trojan TrickBot have expanded the malware’s capability with a new backdoor meant to compromise high-value targets, according to new research from SentinelOne. The update should…

Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.

Daily Alert – 13 January 2020

Silobreaker’s Daily Cyber Alert is created and distributed automatically by using our award-winning intelligence product Silobreaker Online.

Heat – Trending Malware and Threat Actors
Name Heat 1 Heat 7 Vol 1 Vol 7
Sodinokibi Ransomware 5 62
The Joker Malware 1 6
ZeroCleare Wiper 1 7
TA2101 1 1
Dustman Wiper 1 11
FIN8 1 3
URSNIF 1 4
Shamoon Virus 1 10
Mirai Trojan 1 4
APT33 1 15
Data Breaches
admin wrote a new post, Wawa’s data breach and the weakness in our payment system
DigitalMunitionJan 12 2020 12:48
deniedmessage on Is it possible to intercept wifi speakers? b1tgoblin on Is it possible to intercept wifi speakers? dotnetx on Is it possible to intercept wifi speakers? 0_0_Mike on Is it safe to search online about hacking? idwpan on Is it safe to search…
Amazon Fires Employees for Leaking Customers Data
DigitalMunitionJan 13 2020 03:46
Amazon fires a number of employees who have leaked customer’s sensitive data such as Email addresses and phone numbers to unauthorized 3rd parties. Amazon disclosed this data leak to its customers via email and said that the actions committed by…
Lifelabs Data Breach, the Largest Ever in Canada, May Cost the Company Over $1 Billion in Class-Action Lawsuit
DigitalMunitionJan 12 2020 15:14
An October hack of medical testing company LifeLabs exposed the sensitive personal information of an estimated 15 million Canadians. The LifeLabs data breach was the largest yet in Canada in terms of personal record count, and the company may end up…
Medical practitioners expose over 1B records via unsecured databases
SiliconANGLEJan 13 2020 01:45
Over 1 billion medical images are believed to be exposed online as medical practitioners continue to upload to unsecured databases. Discovered by German cybersecurity firm Greenbone Networks, the finding follows on from a similar report from the…
Hacker Groups
Iranian hackers have been “password spraying” the US grid
ArsTechnicaJan 12 2020 12:05
Beware of New POS Attack, Warned Visa
LIFARS BlogJan 12 2020 16:11
Recently, Visa has discovered 3 separate attacks targeting gas station and hospitality merchant’s point of sale systems since the summer of 2019. The Payment Fraud Disruption department in Visa…
Maze Ransomware operators leak 14GB of files stolen from Southwire
Security AffairsJan 13 2020 07:31
The Maze ransomware gang has released 14GB of files that they claim were stolen from one of its victims, the Southwire cable manufacturer. The victims of the Maze Ransomware are facing another risk, after having their data encrypted now crooks are…
admin wrote a new post, “Dustman” malware Hits BAPCO; Shows Traces of Iran’s Involvement
DigitalMunitionJan 12 2020 10:05
Security analysts from the National Cyber Security Center (NCSC), a part of Saudi Arabia’s National Cyber Security Authority (NCSA), have discovered a new data wiping malware “Dustman” that hit BAPCO, Bahrain’s national oil company, on December 29,…
Malware
admin wrote a new post, “Dustman” malware Hits BAPCO; Shows Traces of Iran’s Involvement
DigitalMunitionJan 12 2020 10:05
Security analysts from the National Cyber Security Center (NCSC), a part of Saudi Arabia’s National Cyber Security Authority (NCSA), have discovered a new data wiping malware “Dustman” that hit BAPCO, Bahrain’s national oil company, on December 29,…
Sodinokibi Ransomware Publishes Stolen Data for the First Time
MalwareTips.comJan 12 2020 13:49
For the first time, the operators behind the Sodinokibi Ransomware have released files stolen from one of their victims because a ransom was not paid in time. Since last month, the representatives of the Sodinokibi, otherwise known as REvil, have…
Tops List For Being The Most Common Attacking Malware Of 2019
DigitalMunitionJan 12 2020 14:04
Heard of this infamous ransomware anywhere? If not, now you know it. WannaCry Ransomware infects computers wit its malware and locks down sensitive data files. In return, the malicious group asks ransom, mostly in cryptocurrencies as Bitcoins to get…
Maze Ransomware operators leak 14GB of files stolen from Southwire
Security AffairsJan 13 2020 07:31
The Maze ransomware gang has released 14GB of files that they claim were stolen from one of its victims, the Southwire cable manufacturer. The victims of the Maze Ransomware are facing another risk, after having their data encrypted now crooks are…
Vulnerabilities
If you haven’t shored up that Citrix hole, you were probably hacked over the weekend: Exploit code now available
The RegisterJan 13 2020 06:12
Plus: TikTok clocked, Honey in a sticky situation, Arm's PAN mechanisms sidestepped Roundup Welcome to another Register security roundup. Here are a few stories that caught our eye. Citrix vulnerability hit by working exploit Late last month Citrix…
Week in review: Citrix bug under attack, Windows 7 ransomware risk, ATT&CK for ICS
DigitalMunitionJan 12 2020 15:14
Here’s an overview of some of last week’s most interesting news and articles: Travelex extorted by ransomware gang, services still offline a week after the hit On the last day of 2019, foreign exchange company Travelex was hit by cyber attackers…
Iranian hackers have been “password spraying” the US grid
ArsTechnicaJan 12 2020 12:05
Ongoing Campaigns
Beware of New POS Attack, Warned Visa
LIFARS BlogJan 12 2020 16:11
Recently, Visa has discovered 3 separate attacks targeting gas station and hospitality merchant’s point of sale systems since the summer of 2019. The Payment Fraud Disruption department in Visa…
admin wrote a new post, “Dustman” malware Hits BAPCO; Shows Traces of Iran’s Involvement
DigitalMunitionJan 12 2020 10:05
Security analysts from the National Cyber Security Center (NCSC), a part of Saudi Arabia’s National Cyber Security Authority (NCSA), have discovered a new data wiping malware “Dustman” that hit BAPCO, Bahrain’s national oil company, on December 29,…
Iranian hackers have been “password spraying” the US grid
ArsTechnicaJan 12 2020 12:05
Tops List For Being The Most Common Attacking Malware Of 2019
DigitalMunitionJan 12 2020 14:04
Heard of this infamous ransomware anywhere? If not, now you know it. WannaCry Ransomware infects computers wit its malware and locks down sensitive data files. In return, the malicious group asks ransom, mostly in cryptocurrencies as Bitcoins to get…

Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.

Request a demo

Get in touch