02 February 2021

This alert was created automatically by our award-winning intelligence product Silobreaker Online. Story selection is determined by an algorithm and based on a set of queries initially set by a Silobreaker user. Contact us here for more information.

Heat – Trending Malware and Threat Actors
Name Heat 1 Heat 7 Vol 1 Vol 7
Trickbot Malware 22 80
Fonix Ransomware 8 23
Babuk Locker 7 9
Volatile Cedar APT 5 29
Rocke Group 4 20
Repter Ransomware 3 4
XINOF Ransomware 3 5
Explosive RAT 3 7
FonixCrypter 4 27
Pro-Ocean Malware 3 18
Data Breaches
European volleyball org’s Azure bucket exposed reporter passportsBleepingComputer.com – Feb 01 2021 15:45A publicly exposed cloud storage bucket was found to contain images of hundreds of passports and identity documents belonging to journalists and volleyball players from around the world. […]
Data on 3.2 million DriveSure clients exposed on hacking forumSC Magazine US – Feb 02 2021 01:44Hackers published data on 3.2 million users lifted from DriveSure data on the Raidforums hacking forum late last month. To prove the data’s quality, threat actor “pompompurin” detailed the leaked files and user information information in a lengthy…
Personal Data of 3 Million+ People Exposed In Drivesure HackSeclists.org – Data Loss – Feb 01 2021 15:52Posted by Destry Winant on Feb 01…
Data on 1.4 Million Washington State Residents Breached Unemployment data exposed via third-party software attack. hxxps://bit[.]ly/2MglriF hxxps://twitter[.]com/InfoSecHotSpot/status/1356429380050968581/photo/1InfoSecHotSpot – Twitter – Feb 02 2021 02:29Data on 1.4 Million Washington State Residents Breached Unemployment data exposed via third-party software attack. hxxps://bit[.]ly/2MglriF hxxps://twitter[.]com/InfoSecHotSpot/status/1356429380050968581/photo/1
Hacker Groups
Playbit – playing around with computers should be funYcombinator Hacker News – Feb 01 2021 15:52Comments
Lebanese Cedar Targeted Telecoms, Hosting’s, ISPs WorldwideE Hacking News – Feb 01 2021 09:45A "persistent attacker group" with supposed connections to Hezbollah has retooled its malware arsenal with a new version of a remote access Trojan (RAT) to break into organizations worldwide and extract significant data. In another report published…
No cyber threats as claimed by Anonymous Malaysia, says Ismail SabriMalay Mail – Feb 01 2021 13:32The hacker group Anonymous Malaysia has resurfaced after a long absence. — Facebook screenshot KUALA LUMPUR, Feb 1 — The country’s defence system and government websites are safe from any cyber threats thus far, said Senior Minister (Security Cluster)…
The Magecart: A look into a cyber attack on British AirwaysChase – Feb 01 2021 20:073:06 PM EST 2/01/2021 Illinois Institute of Technology, Chicago, IL February 01, 2021 (TechNews, provided by UWIRE, a division of Uloop via Comtex) — We all have heard about the cyber-crimes happening in today's world. Let's take a deep dive into the…
Malware
RT @Shadowserver: Reminder – Emotet dropped malware such as Trickbot and led to ransomware such as Ryuk. Infected systems need to be remediated quickly, since they may still have other active, ongoing infections inside their networks too.JRoosen – Twitter – Feb 01 2021 17:53RT @Shadowserver: Reminder – Emotet dropped malware such as Trickbot and led to ransomware such as Ryuk. Infected systems need to be remediated quickly, since they may still have other active, ongoing infections inside their networks too.
Fonix Ransomware Operators Close Shop, Release Decryption KeysSecurity Week – Feb 01 2021 15:18The cybercriminals behind the Fonix ransomware have announced plans to shut down their activity, and have already released the master decryption key for the malware. Also known as FonixCrypter and Xonif, the ransomware has been operating since June…
DanaBot Back to the GrindCyware – Feb 01 2021 19:24Danabot is a banking malware that was first identified in 2018. A fourth version of the malware has resurfaced after being dormant for seven months. The trojan is written in Delphi and has several anti-analysis attributes . About Danabot The trojan…
Cybersecurity Researchers Identifies an Updated Variant of ‘Pro-Ocean’ MalwareE Hacking News – Feb 01 2021 15:41Cybersecurity experts have discovered an updated version of ‘Pro-Ocean malware’, this malware was used as a weapon by a cybercriminal gang called Rocke Group to target cloud infrastructure with crypto-jacking strikes. Cybersecurity experts first…
Vulnerabilities
WordPress Pop-Up Builder Plugin Flaw Plagues 200K Sites | Threatpost hxxps://threatpost[.]com/wordpress-pop-up-builder-plugin-flaw-plagues-200k-sites/163500/Securityblog – Twitter – Feb 01 2021 08:11WordPress Pop-Up Builder Plugin Flaw Plagues 200K Sites | Threatpost hxxps://threatpost[.]com/wordpress-pop-up-builder-plugin-flaw-plagues-200k-sites/163500/
Google discloses a severe flaw in widely used Libgcrypt encryption librarySecurity Affairs – Feb 01 2021 11:59Google discovered a flaw in GNU Privacy Guard (GnuPG)’s Libgcrypt encryption library that could be exploited to get remote code execution. The popular white hat hacker Tavis Ormandy of Google Project Zero discovered a severe heap buffer overflow…
I have a ton of comments on “vulnerability reduction” as a deterrent, but a lot of them involve moving to securable platforms and keeping up with classes of vulnerabilities, and perhaps even reading Chris Eng’s analytic papers to get the information to guide this…daveaitel – Twitter – Feb 01 2021 13:34I have a ton of comments on "vulnerability reduction" as a deterrent, but a lot of them involve moving to securable platforms and keeping up with classes of vulnerabilities, and perhaps even reading Chris Eng's analytic papers to get the information…
ICYMI: Cyber Command, NSA warn to patch decade-old sudo vulnerability hxxps://www[.]cyberscoop[.]com/sudo-flaw-cyber-command-nsa-buffer-overflow/ by @shanvavCyberScoopNews – Twitter – Feb 01 2021 22:05ICYMI: Cyber Command, NSA warn to patch decade-old sudo vulnerability hxxps://www[.]cyberscoop[.]com/sudo-flaw-cyber-command-nsa-buffer-overflow/ by @shanvav
Ongoing Campaigns
The New Year in Cybersecurity: Supply Chain Attacks, Part 2Security Bloggers Network – Feb 01 2021 18:39Hello there, and welcome back! If you're just now tuning in, I've decided to do a collection of blog posts on what I think are going to be major cybersecurity topics this coming year.  In the first blog post, I introduced you to what a supply…
Trickbot Trojan Back from the Dead in New CampaignInfosecurity – Latest News – Feb 01 2021 10:35Trickbot Trojan Back from the Dead in New Campaign Security researchers are warning of a resurgence of prolific Trojan malware Trickbot, which had its infrastructure disrupted by a Microsoft-led coalition late last year. Menlo Security said…
Operation NightScout: supply chain attack on NoxPlayer Android emulatorSecurity Affairs – Feb 01 2021 18:45Experts uncovered a new supply chain attack leveraging the update process of NoxPlayer, a free Android emulator for PCs and Macs. A new supply chain attack made the headlines, a threat actor has compromised the update process of NoxPlayer, a free…
New Cryptojacking Malware Targeting Apache, Oracle, Redis ServersTHN : The Hacker News – Feb 01 2021 11:15A financially-motivated threat actor notorious for its cryptojacking attacks has leveraged a revised version of their malware to target cloud infrastructures using vulnerabilities in web server technologies, according to new research. Deployed by the…

Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.

Silobreaker Daily Cyber Alert

Sign up for the latest news on data breaches, hacker groups, malware and vulnerabilities.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal