02 January 2021

This alert was created automatically by our award-winning intelligence product Silobreaker Online. Story selection is determined by an algorithm and based on a set of queries initially set by a Silobreaker user. Contact us here for more information.

Heat – Trending Malware and Threat Actors
Name Heat 1 Heat 7 Vol 1 Vol 7
Avaddon Ransomware 3 3
VandaTheGod 4 9
Magecart Group 2 4
SilentFade 1 1
King Engine Ransomware 1 1
TroubleGrabber 1 1
Derusbi Malware 1 1
KPOT Stealer Malware 1 1
Blackrota 1 1
APT21 1 1
Data Breaches
nicoleperlroth – RT @cjcmichel: Again, this is a massive testament to all those who exposed the rot these anonymous shell companies led to, especially the j…nicoleperlroth – Twitter – Jan 01 2021 22:18RT @cjcmichel: Again, this is a massive testament to all those who exposed the rot these anonymous shell companies led to, especially the journalists who exposed the laundering networks and civil society activists pressuring legislators to make this…
IndiGo Says Some Data May be Compromised in Server BreachOffice of Inadequate Security – Jan 01 2021 14:46Ragini Saxena reports: IndiGo, India’s biggest airline, said some segments of its data servers were breached in a hacking…
Dinosn – T-Mobile confirms another data breach exposing user call records, phone numbers https://t.co/Nq0YIMt8RqDinosn – Twitter – Jan 01 2021 16:47T-Mobile confirms another data breach exposing user call records, phone numbers https://www.hackread.com/t-mobile-breach-user-call-records-phone-numbers-exposed/
cybersecboardrm – T-Mobile confirms another data breach exposing user call records, phone numbers #Cybersecurity #security https://t.co/OsiBtHb3Yocybersecboardrm – Twitter – Jan 01 2021 15:30T-Mobile confirms another data breach exposing user call records, phone numbers #Cybersecurity #security https://www.hackread.com/t-mobile-breach-user-call-records-phone-numbers-exposed/
Hacker Groups
binitamshah – A detailed analysis of Derusbi DLL Backdoor used by APT19 (Codoso, C0d0so, Sunshop Group) : https://t.co/SK8B7cvrOn… https://t.co/dCvIM7c6fhbinitamshah – Twitter – Jan 01 2021 17:12A detailed analysis of Derusbi DLL Backdoor used by APT19 (Codoso, C0d0so, Sunshop Group) : https://cybergeeks.tech/analyzing-apt19-malware-using-a-step-by-step-method/

Dissecting APT21 samples using a step-by-step approach :…

vysecurity – @cglyer @PyroTek3 APT1, Cobalt Gang, Ocean Lotus, and maybe Lazarus 😶vysecurity – Twitter – Jan 01 2021 19:10@cglyer @PyroTek3 APT1, Cobalt Gang, Ocean Lotus, and maybe Lazarus 😶
Magecart Active Again with New Multi-platform SkimmerCyware – Jan 01 2021 19:24A multi-platform credit card skimmer has been identified that targets online stores based on popular platforms, including Shopify, Zencart, Woocommerce, and BigCommerce. The skimmer can be used to harvest payment details on compromised stores and is…
anon_indonesia – The Anonymous Indonesia News Daily is out! https://t.co/SLX1JqzVub Stories via @sureshdranon_indonesia – Twitter – Jan 02 2021 03:14The Anonymous Indonesia News Daily is out! https://paper.li/anon_indonesia/1435572762?edition_id=abcd0950-4ca8-11eb-a9a9-002590a5ba2d Stories via @sureshdr
Malware
What’s Next For Ransomware In 2021?News ≈ Packet Storm – Jan 01 2021 16:20
Securityblog – Blackrota, a heavily obfuscated backdoor written in Go https://t.co/NpUiPQwOyoSecurityblog – Twitter – Jan 01 2021 22:34Blackrota, a heavily obfuscated backdoor written in Go https://blog.netlab.360.com/blackrota-an-obfuscated-backdoor-written-in-go-en/
binitamshah – How to Unpack Ramnit Dropper – Malware Unpacking (Part 2) : https://t.co/6qYBAOUL8h

How to unpack FlawedAmmyy (Pa… https://t.co/cL7KYkOryDbinitamshah – Twitter – Jan 01 2021 17:19How to Unpack Ramnit Dropper – Malware Unpacking (Part 2) : https://www.youtube.com/watch?v=l6ZunH6YG0A

How to unpack FlawedAmmyy (Part 1) : https://youtu.be/D1-O19AwW8U credits @GuidedHacking

InfoSecHotSpot – Strings 2021, (Fri, Jan 1st) This year, for my diary entries with malware analysis, I will check each time if a mal… https://t.co/IojX98zHZlInfoSecHotSpot – Twitter – Jan 01 2021 16:28Strings 2021, (Fri, Jan 1st) This year, for my diary entries with malware analysis, I will check each time if a malware sample can be analyzed with the strings command (or a variant). And if it does, I&#;x26;#;39;ll write-up a second analysis…
Vulnerabilities
Securityblog – CVE-2020–2950 — Turning AMF Deserialize bug to Java Deserialize bug | by PeterJson | Medium https://t.co/cuQu0TXjCUSecurityblog – Twitter – Jan 01 2021 22:31CVE-2020–2950 — Turning AMF Deserialize bug to Java Deserialize bug | by PeterJson | Medium https://medium.com/@peterjson/cve-2020-2950-turning-amf-deserialize-bug-to-java-deserialize-bug-2984a8542b6f
daveaitel – It’s always very amusing when the defensive community thinks patching is the solution to vulnerabilities like thisdaveaitel – Twitter – Jan 02 2021 04:10It's always very amusing when the defensive community thinks patching is the solution to vulnerabilities like this
bad_packets – Mass scanning activity detected from 13.65.144.193 (🇺🇸) targeting Fortinet VPN servers vulnerable to unauthenticate… https://t.co/FoPA3yDC3Ebad_packets – Twitter – Jan 02 2021 00:04Mass scanning activity detected from 13.65.144.193 (🇺🇸) targeting Fortinet VPN servers vulnerable to unauthenticated arbitrary file read (CVE-2018-13379) leading to disclosure of usernames and passwords in plaintext. #threatintel…
daveaitel – RT @campuscodi: -As @ankit_anubhav points out, Zyxel should have learned its lesson from the 2006 “zyad5001” backdoor incident (CVE-2016-10…daveaitel – Twitter – Jan 02 2021 04:05RT @campuscodi: -As @ankit_anubhav points out, Zyxel should have learned its lesson from the 2006 "zyad5001" backdoor incident (CVE-2016-10401), which was abused by many threat actors
-I expect this one to be abused even more
-Looking forward to a…
Ongoing Campaigns
Cyber Attackers Still Punching Hard Against Healthcare OrganizationsCyware – Jan 01 2021 19:24The healthcare sector is already facing the challenges posed by the COVID-19 global pandemic, however, the ongoing rampant cyberattacks are making it more difficult to handle the situation. Recently, espionage attacks on COVID-19 research and…
New Malware Strain Abuses GitHub and ImgurCyware – Jan 01 2021 19:24A new malware strain has been discovered that uses Word files with macros to download a PowerShell script hosted on GitHub . Further, the script downloads a legitimate image file from the image-sharing community, Imgur, which is used for decoding a…
Microsoft reveals hackers viewed its source codeHackRead – Jan 01 2021 18:23By Deeba Ahmed Microsoft confirmed that viewing source code doesn’t elevate the risk. Here's what happened and what Mircosoft said about the attack. This is a post from HackRead.com Read the original post: …
TheHackersNews – RT @TheHackersNews: Microsoft admits that hackers behind the #SolarWinds supply chain attack were also able to access a small number of its…TheHackersNews – Twitter – Jan 02 2021 06:24RT @TheHackersNews: Microsoft admits that hackers behind the #SolarWinds supply chain attack were also able to access a small number of its internal accounts and viewed source code in a number of repositories.

Read details:…

Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal