Cyber Alert – 01 July 2020
This alert was created automatically by our award-winning intelligence product Silobreaker Online. Story selection is determined by an algorithm and based on a set of queries initially set by a Silobreaker user. Contact productinfo[at]silobreaker[dot]com for more information.
| Heat – Trending Malware and Threat Actors | ||||
|---|---|---|---|---|
| Name | Heat 1 | Heat 7 | Vol 1 | Vol 7 |
| Promethium Group |  |
 |
20 | 22 |
| AZORult Stealer | |
 |
9 | 13 |
| Mailto Ransomware |  |
 |
9 | 25 |
| NotPetya Ransomware | |
|
6 | 17 |
| StrongPity3 | |
|
3 | 4 |
| Sekhmet Ransomware | |
|
3 | 3 |
| KeRanger Ransomware | |
|
2 | 2 |
| PwnPOS | |
|
2 | 2 |
| Patcher Ransomware | |
|
2 | 2 |
| Phorpiex Malware | |
|
2 | 2 |
| Data Breaches |
| SecurityWeek – e-Learning Platform OneClass Exposed Data on Students, Lecturers https://t.co/WSURC6YQ5g |
| SecurityWeek – Twitter – Jul 01 2020 03:56 |
| e-Learning Platform OneClass Exposed Data on Students, Lecturers https://www.securityweek.com/e-learning-platform-oneclass-exposed-data-students-lecturers |
| E-Learning Platform OneClass Exposed Data On Students, Lecturers |
| SecurityPhresh – Jul 01 2020 03:49 |
| An Elasticsearch database pertaining to e-learning platform OneClass was found to expose data on over one million students and lecturers, vpnMentor reveals.read more |
| EduardKovacs – RT @SecurityWeek: e-Learning Platform OneClass Exposed Data on Students, Lecturers https://t.co/WSURC6YQ5g |
| EduardKovacs – Twitter – Jul 01 2020 04:40 |
| RT @SecurityWeek: e-Learning Platform OneClass Exposed Data on Students, Lecturers https://www.securityweek.com/e-learning-platform-oneclass-exposed-data-students-lecturers |
| Personal data of thousands of users from the UK, Australia, South Africa, the US, Singapore exposed in bitcoin scam |
| Security Affairs – Jun 30 2020 12:49 |
| Group-IB discovered thousands of personal records of users from multiple countries exposed in a targeted multi-stage bitcoin scam. Group-IB, a global threat hunting and intelligence company headquartered in Singapore, has discovered thousands… |
| Hacker Groups |
| Promethium APT attacks surge, new Trojanized installers uncovered |
| ZDNet | Zero Day RSS – Jun 30 2020 12:35 |
| The hacking group behind StrongPity is ignoring constant exposure by researchers in its quest for global intelligence and surveillance. |
| Hacking Timeline: Fxmsp’s Rise and Apparent Fall |
| CyberSecurityBoard.com – RSS – Jun 30 2020 06:47 |
| How long does it take to become a reliable, trusted seller in the cybercrime-as-a-service ecosystem? For the Fxmsp hacking collective, experts say the answer is … … |
| Cyber-Espionage Group StrongPity Focuses on Kurdish Community |
| CERT-EU – Latest Articles Ongoing Threats – RSS – Jul 01 2020 04:28 |
| . Recent attacks associated with the threat actor known as StrongPity appear to focus on the Kurdish community in Turkey and Syria, Bitdefender security researchers say. Active since at least 2012 and also tracked as Promethium, the threat actor was… |
| StrongPity APT Back with Kurdish-Aimed Watering Hole Attacks |
| TSecurity.de – Jun 30 2020 18:02 |
| The spy malware is being delivered via a complex infrastructure with multiple layers, in an effort to avoid analysis…. |
| Malware |
| OSX.EvilQuest ransomware targets Macs; Ransom X blamed for TxDOT attack |
| SC Magazine US – Jun 30 2020 22:44 |
| The crowded ransomware market is now home to three newly discovered players that recently gained the attention of security researchers and malware analysts — including one that targets Mac users and another blamed for a recent attack on the Texas… |
| UCSF Pays $1.14M After NetWalker Ransomware Attack |
| Threatpost.com – Jun 30 2020 16:12 |
| UCSF has paid more than $1 million after a ransomware attack encrypted data related to "important" academic research on several servers. |
| Business giant Xerox allegedly suffers Maze Ransomware attack |
| BleepingComputer.com – Jun 30 2020 16:25 |
| Maze ransomware operators have updated their list of victims adding Xerox Corporation to the roster. It appears that the encryption routine had completed on June 25. […] |
| InfoSecHotSpot – UCSF Pays $1.14M After NetWalker Ransomware Attack UCSF has paid more than $1 million after a ransomware attack enc… https://t.co/gd9wXDdPMi |
| InfoSecHotSpot – Twitter – Jul 01 2020 00:58 |
| UCSF Pays $1.14M After NetWalker Ransomware Attack UCSF has paid more than $1 million after a ransomware attack encrypted data related to "important" academic research on several servers. https://bit.ly/2VyR0FC… |
| Vulnerabilities |
| InfoSecHotSpot – Critical flaw opens Palo Alto Networks firewalls and VPN appliances to attack, patch ASAP! Palo Alto Networks has p… https://t.co/dW0F60lKE3 |
| InfoSecHotSpot – Twitter – Jun 30 2020 13:28 |
| Critical flaw opens Palo Alto Networks firewalls and VPN appliances to attack, patch ASAP! Palo Alto Networks has patched a critical and easily exploitable vulnerability (CVE-2020-2021) affecting PAN-OS, the custom operating system running on its… |
| securityaffairs – #PaloAltoNetworks fixes a critical flaw in #firewall PAN-OS https://t.co/AxaUiF8AoA #securityaffairs #hacking… |
| securityaffairs – Twitter – Jun 30 2020 12:39 |
| #PaloAltoNetworks fixes a critical flaw in #firewall PAN-OS
|
| Not All Vulnerabilities Are Created Alike: Focus on What Matters Most |
| Tenable Blog – Jun 30 2020 18:41 |
| As the number of security vulnerabilities continues to skyrocket, prioritization is necessary for organizations to effectively reduce their cyber risk. For more than two years, I’ve explained to security professionals at all levels that the… |
| securityaffairs – #PaloAltoNetworks fixes a critical flaw in #firewall PAN-OS https://t.co/AxaUiF8AoA #securityaffairs #hacking |
| securityaffairs – Twitter – Jun 30 2020 18:41 |
| #PaloAltoNetworks fixes a critical flaw in #firewall PAN-OS
|
| Ongoing Campaigns |
| Geopolitical targets figuring in latest StrongPity/Promethium attacks |
| SC Magazine US – Jun 30 2020 21:44 |
| StrongPity/Promethium, a potentially state-sponsored APT group active since 2012, isn’t letting exposed campaigns in recent years stop it from trying to install malware around the world, particularly in warzones such as Syria. Two separate reports… |
| Advanced StrongPity Hackers Target Syria and Turkey with Retooled Spyware |
| THN : The Hacker News – Jun 30 2020 07:45 |
| Cybersecurity researchers today uncovered new details of watering hole attacks against the Kurdish community in Syria and Turkey for surveillance and intelligence exfiltration purposes. The advanced persistent threat behind the operation, called… |
| PROMETHIUM Expands Threat Reach via “StrongPity3” |
| TechNadu – Jun 30 2020 09:18 |
| PROMETHIUM is expanding its targeting to more countries while deploying new malware as well. The actors are using trojanized apps as decoys to plant their payloads, and have updated their C2 infrastructure. The goal is to scan the infected systems for… |
| Faulty Drivers Fuel ATM Hacking Problem, Say Researchers |
| Infosecurity – Latest News – Jun 30 2020 18:52 |
| Faulty Drivers Fuel ATM Hacking Problem, Say Researchers Faulty Windows drivers are to blame for many attacks against ATM and point-of-sale (POS) devices, according to research from Portland, Oregon–based hardware security research company … |
Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.