01 May 2021

This alert was created automatically by our award-winning intelligence product Silobreaker Online. Story selection is determined by an algorithm and based on a set of queries initially set by a Silobreaker user. Contact us here for more information.

Heat – Trending Malware and Threat Actors
Name Heat 1 Heat 7 Vol 1 Vol 7
Fivehands Ransomware 11 22
WeSteal 10 13
UNC2447 10 18
SombRAT 7 16
RoyalRoad 6 6
Babuk Locker 14 79
TA428 4 4
Karma Panda 4 4
HelloKitty Ransomware 4 9
DarkSide Ransomware 5 18
Data Breaches
DigitalOcean admits data breach exposed customers’ billing detailsGraham Cluley – Apr 30 2021 08:53DigitalOcean, the popular cloud-hosting provider, has told some of its customers that their billing details were exposed due to what it described as a “flaw.” In an email sent out to affected users, DigitalOcean explained that an unauthorised party…
British Prime Minister’s Cell Phone Number ExposedInfosecurity – Latest News – Apr 30 2021 16:56British Prime Minister’s Cell Phone Number Exposed A personal cell phone number belonging to the UK's prime minister, Boris Johnson, has reportedly been publicly accessible online for fifteen years.  Johnson's number was…
Credit Scores of Americans were Exposed Through Experian APIE Hacking News – Apr 30 2021 09:03According to a researcher, almost every American's credit score was leaked due to an API platform used by the Experian credit bureau that was left accessible on a lender's website without even basic security safeguards. Experian, for its part,…
@samuelbarabas So have them *and* some decent logic around not using passwords from previous breaches. It’s not hard.troyhunt – Twitter – Apr 30 2021 19:28@samuelbarabas So have them *and* some decent logic around not using passwords from previous breaches. It’s not hard.
Hacker Groups
RT @MJDutch: UNC2447 Exploits VPN Zero-Day With One-Two Punch Backdoor and Ransomware: Financially motivated group, UNC2447, exploiting a VPN zero-day vulnerability prior to a patch being available and deploying sophisticated malware previously reported as SOMBRAT hxxps://www[.]fireeye[.]com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.htmlx0rz – Twitter – Apr 30 2021 06:38RT @MJDutch: UNC2447 Exploits VPN Zero-Day With One-Two Punch Backdoor and Ransomware: Financially motivated group, UNC2447, exploiting a VPN zero-day vulnerability prior to a patch being available and deploying sophisticated malware previously…
Transparent Tribe Operating with a New Variant of Crimson RATCyble Blog – Apr 30 2021 09:08Transparent Tribe is an Advanced Persistence Threat (APT) group that has been active since 2013. Also known as PROJECTM and MYTHIC LEOPARD, the group is highly active and has been engaged in conducting various…
Water Pamola Attackers Target Online Shops With Malicious Orders | Decipher hxxps://duo[.]com/decipher/attackers-swap-up-tactics-in-delivering-malware-to-online-shopsSecnewsbytes – Twitter – Apr 30 2021 08:10Water Pamola Attackers Target Online Shops With Malicious Orders | Decipher hxxps://duo[.]com/decipher/attackers-swap-up-tactics-in-delivering-malware-to-online-shops
UNC2447 cybercrime gang exploited SonicWall Zero-Day before it was fixedSecurity Affairs – Apr 30 2021 16:25UNC2447 cybercrime gang exploited a zero-day in the Secure Mobile Access (SMA), addressed by SonicWall earlier this year, before the vendor released a fix. Researchers from FireEye’s Mandiant revealed that a sophisticated cybercrime gang tracked as…
Malware
Malware Analysis: Ragnarok Ransomware hxxps://www[.]reddit[.]com/r/ReverseEngineering/comments/n1771o/malware_analysis_ragnarok_ransomware/Dinosn – Twitter – Apr 30 2021 11:55Malware Analysis: Ragnarok Ransomware hxxps://www[.]reddit[.]com/r/ReverseEngineering/comments/n1771o/malware_analysis_ragnarok_ransomware/
Babuk to Close Ransomware Operation After DC Police AttackBankInfoSecurity – Apr 30 2021 16:41Gang Will Provide Malware Code to…
Babuk closes one shop, switches to RaaS?DataBreaches.net – Apr 30 2021 18:25In an update on Babuk’s site today, the threat actors write: I not so long ago wrote about the closure of babuk, yes, you all correctly understood babuk as a partensky program will be closed, but it will live in its new understanding, we are a…
Babuk quits ransomware encryption, focuses on data-theft extortionBleepingComputer.com – Apr 30 2021 19:28A new message today from the operators of Babuk ransomware clarifies that the gang has decided to close the affiliate program and move to an extortion model that does not rely on encrypting victim computers. […]
Vulnerabilities
CVE-2021-20266 A flaw was found in RPM’s hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability. hxxps://cve[.]mitre[.]org/cgi-bin/cvename.cgi?name=CVE-2021-20266CVEnew – Twitter – Apr 30 2021 12:45CVE-2021-20266 A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability….
Ransomware Gang Exploits SonicWall Zero-Day FlawBankInfoSecurity – Apr 30 2021 20:40FireEye: Attacks Happened Before Patch Issued…
Microsoft warns of BadAlloc flaws in OT, IoT devicesSecurity Affairs – Apr 30 2021 11:46Microsoft researchers are warning of major security vulnerabilities affecting OT and IoT devices and high-risks for businesses using them. Researchers from Microsoft’s Section 52 team recently uncovered several critical memory…
Command injection flaw in PHP Composer allowed supply-chain attacks hxxps://securityaffairs[.]co/wordpress/117366/security/php-composer-flaw.html?utm_source=feedly&utm_medium=rss&utm_campaign=php-composer-flawDinosn – Twitter – Apr 30 2021 11:55Command injection flaw in PHP Composer allowed supply-chain attacks hxxps://securityaffairs[.]co/wordpress/117366/security/php-composer-flaw.html?utm_source=feedly&utm_medium=rss&utm_campaign=php-composer-flaw
Ongoing Campaigns
Previously undocumented backdoor targets Microsoft’s Equation EditorCSO Online News – Apr 30 2021 12:57Researchers from Cybereason Nocturnus Team have detected anomalous characteristics in a newly discovered RoyalRoad weaponizer that delivers a previously undocumented backdoor. The researchers have been tracking recent developments in the RoyalRoad…
Cyberspies target military organizations with new Nebulae backdoorDataBreaches.net – Apr 30 2021 11:50Sergiu Gatlan reports: A Chinese-speaking threat actor has deployed a new backdoor in multiple cyber-espionage operations spanning roughly two years and targeting military organizations from Southeast Asia. For at least a decade, the hacking group…
Darkside Ransomware Returns with a VengeanceCyware – Apr 30 2021 08:28In January, cybersecurity firm Bitdefender had released a free tool to help victims of the DarkSide ransomware recover their encrypted files for free. However, this did not deter the spirit of the operators and they are back with a new set of threats…
QNAP warns of AgeLocker ransomware attacks against NAS devicesDataBreaches.net – Apr 30 2021 11:41Catalin Cimpanu reports: Taiwanese hardware vendor QNAP said today that its network-attached storage (NAS) devices are under attack by a ransomware operation known as AgeLocker. In a security advisory, the Taiwanese company urged customers to…

Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.

Silobreaker's Daily Cyber Alert

Sign up for the latest news on data breaches, hacker groups, malware and vulnerabilities.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal