01 January 2021

This alert was created automatically by our award-winning intelligence product Silobreaker Online. Story selection is determined by an algorithm and based on a set of queries initially set by a Silobreaker user. Contact us here for more information.

Heat – Trending Malware and Threat Actors
Name Heat 1 Heat 7 Vol 1 Vol 7
Golang Malware 3 3
Shade Ransomware 2 3
VandaTheGod 2 5
Android BankBot 1 1
BPlug Trojan 1 1
Cosmic Lynx 1 1
Unit 74455 1 2
W97M.Downloader 1 1
Android.HiddenAds 1 1
TA542 1 2
Data Breaches
As 2020 draws to a close, it still takes too long to detect and notify patients of most breachesOffice of Inadequate Security – Dec 31 2020 14:48The press release below the separator includes the kind of timeline that we often see in breach disclosures where an…
Metacurity – T-Mobile data breach exposed phone numbers, call records https://t.co/CLZHmv1U8xMetacurity – Twitter – Dec 31 2020 11:33T-Mobile data breach exposed phone numbers, call records https://www.bleepingcomputer.com/news/security/t-mobile-data-breach-exposed-phone-numbers-call-records/#.X-23AIwQACc.twitter
securityaffairs – T-Mobile data breach: CPNI (Customer Proprietary Network Information) exposed.
https://t.co/c2fzwp89VV
#securityaffairs #hacking #Tmobile
securityaffairs – Twitter – Dec 31 2020 09:36T-Mobile data breach: CPNI (Customer Proprietary Network Information) exposed.

T-Mobile data breach: CPNI (Customer Proprietary Network Information) exposed


#securityaffairs #hacking #Tmobile

securityaffairs – T-Mobile data breach: CPNI (Customer Proprietary Network Information) exposed
https://t.co/c2fzwp89VV
#securityaffairs #hacking #Tmobile
securityaffairs – Twitter – Dec 31 2020 21:53T-Mobile data breach: CPNI (Customer Proprietary Network Information) exposed

T-Mobile data breach: CPNI (Customer Proprietary Network Information) exposed


#securityaffairs #hacking #Tmobile

Hacker Groups
anon_indonesia – The Anonymous Indonesia News Daily is out! https://t.co/HrSeyxCi9p Stories via @AnonymousPressanon_indonesia – Twitter – Jan 01 2021 03:14The Anonymous Indonesia News Daily is out! https://paper.li/anon_indonesia/1435572762?edition_id=81b16950-4bdf-11eb-a9a9-002590a5ba2d Stories via @AnonymousPress
gh0std4ncer – RT @WylieNewmark: In the latest installment of our industry’s tradition of analytically problematic blogs (https://t.co/Mp8jjf3v3w), a vend…gh0std4ncer – Twitter – Dec 31 2020 13:11RT @WylieNewmark: In the latest installment of our industry’s tradition of analytically problematic blogs (https://www.recordedfuture.com/solarwinds-attribution/), a vendor has apparently attributed to ShadowBrokers to GRU Unit 74455 — which I have…
iHeartMalware – @NeePscambaiting I have a strange feeling you’ll enjoy our Cosmic Lynx report. 😀

https://t.co/haiteySsCniHeartMalware – Twitter – Dec 31 2020 15:36@NeePscambaiting I have a strange feeling you'll enjoy our Cosmic Lynx report. 😀

https://www.agari.com/cyber-intelligence-research/whitepapers/acid-agari-cosmic-lynx.pdf

RecordedFuture – SolarWinds Breach Attribution: While many have accused Russia, this report explores the possibility of other actors… https://t.co/Naoujqdz9QRecordedFuture – Twitter – Dec 31 2020 18:35SolarWinds Breach Attribution: While many have accused Russia, this report explores the possibility of other actors or nation states, including APT41 — explore our in-depth analysis here: https://go.recordedfuture.com/hubfs/reports/pov-2020-1230.pdf…
Malware
InfoSecHotSpot – Emotet Returns with Updated Modules and New Campaign The Emotet malware is back after a hiatus of a couple of month… https://t.co/jxn3vXgrj8InfoSecHotSpot – Twitter – Dec 31 2020 07:58Emotet Returns with Updated Modules and New Campaign The Emotet malware is back after a hiatus of a couple of months, according to new research. The malware is now using updated payloads the operators implemented to avoid detection. Emotet operators…
What’s Next for Ransomware in 2021?Threatpost.com – Dec 31 2020 14:00Ransomware response demands a whole-of-business plan before the next attack, according to our roundtable of experts.
Microsoft Internal Solorigate Investigation UpdateMicrosoft Research Blog – Dec 31 2020 18:00As we said in our recent blog, we believe the Solorigate incident is an opportunity to work together in important ways, to share information, strengthen defenses and respond to attacks. Like other SolarWinds customers, we have been actively looking…
SamSam Ransomware 101: How It Works and How to Avoid ItHeimdal Security Blog – Dec 31 2020 14:30Malware traditionally spreads through nefarious social engineering practices, phishing campaigns, and malicious attachments. In this way, it manages to profit off of users that are not well-versed in matters of cybersecurity. SamSam ransomware…
Vulnerabilities
CVEnew – CVE-2018-19945 A vulnerability has been reported to affect earlier QNAP devices running QTS 4.3.4 to 4.3.6. Caused… https://t.co/9O8qOV3iG8CVEnew – Twitter – Dec 31 2020 17:45CVE-2018-19945 A vulnerability has been reported to affect earlier QNAP devices running QTS 4.3.4 to 4.3.6. Caused by improper limitations of a pathname to a restricted directory, this vulnerability allows for renaming arbitrary files on the target…
CVEnew – CVE-2018-19941 A vulnerability has been reported to affect QNAP NAS. If exploited, this vulnerability allows an att… https://t.co/95rYYgq0JXCVEnew – Twitter – Dec 31 2020 17:45CVE-2018-19941 A vulnerability has been reported to affect QNAP NAS. If exploited, this vulnerability allows an attacker to access sensitive information stored in cleartext inside cookies via certain widely-available tools. QNAP have already fixed…
CVEnew – CVE-2018-19944 A cleartext transmission of sensitive information vulnerability has been reported to affect certain… https://t.co/SoVGrTC8qmCVEnew – Twitter – Dec 31 2020 17:45CVE-2018-19944 A cleartext transmission of sensitive information vulnerability has been reported to affect certain QTS devices. If exploited, this vulnerability allows a remote attacker to gain access to sensitive information. QNAP have already fixed…
cybersecboardrm – A New SolarWinds Flaw Likely Had Let Hackers Install SUPERNOVA Malware #Cybersecurity #security https://t.co/AiltxMH5Ikcybersecboardrm – Twitter – Dec 31 2020 22:42A New SolarWinds Flaw Likely Had Let Hackers Install SUPERNOVA Malware #Cybersecurity #security https://thehackernews.com/2020/12/a-new-solarwinds-flaw-likely-had-let.html?&web_view=true
Ongoing Campaigns
A Security Flaw could Lead to Cross-layer and DNS Poisoning AttacksCyware – Dec 31 2020 08:28A new attack technique called cross-layer attack has been identified, which combines vulnerabilities across multiple network protocol layers to attack the target system. It is estimated that one in every 20 web servers could be vulnerable to a…
New Golang-based Crypto worm infects Windows and Linux serversSecurity Affairs – Dec 31 2020 14:20Experts from Intezer discovered a new and self-spreading Golang-based malware that targets Windows and Linux servers. Experts from Intezer discovered a Golang-based worm that targets Windows and Linux servers. The malware has been active…
SMiShing Spawns the Need for a Better AI Mobile Phishing DefenseSecurity Bloggers Network – Jan 01 2021 01:32There has been a 600 percent increase in mobile SMS phishing attacks (also known as SMiShing) in 2020, and there is no end in sight. We’ve seen creative scammers use AI to send text messages with fake tracking codes and delivery preference updates…
Emotet campaign hits Lithuania’s National Public Health Center and several state institutionsSecurity Affairs – Dec 31 2020 10:52An Emotet campaign hit Lithuania, the malware has infected systems at the National Center for Public Health (NVSC) and several municipalities. A large-scale Emotet campaign hit Lithuania, the malware has infected the networks of Lithuania’s…

Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal