02 September 2020

This alert was created automatically by our award-winning intelligence product Silobreaker Online. Story selection is determined by an algorithm and based on a set of queries initially set by a Silobreaker user. Contact us here for more information.

Heat – Trending Malware and Threat Actors
Name Heat 1 Heat 7 Vol 1 Vol 7
Shlayer Trojan 14 34
Carbanak 12 12
PIONEER KITTEN 12 25
The Joker Malware 5 5
CYRAT Ransomware 4 8
UltraRank 5 30
Mailto Ransomware 5 17
Lazarus Group 7 38
Armada Collective Group 2 3
Avaddon Ransomware 3 10
Data Breaches
5 Tips for Triaging Risk from Exposed CredentialsDark Reading: – Sep 02 2020 15:30Not all exposed usernames and passwords present a threat. Here's how to quickly identify the ones that do.
28,000 exposed printers hacked to highlight lack of printer securityHackRead – Sep 02 2020 14:21By Waqas Researchers forced 28,000 printers worldwide to print out guidelines on printer security. This is a post from HackRead.com Read the original post: …
Exposed Windows Domain Controllers Used in CLDAP DDoS Attacks, (Tue, Sep 1st)SANS Internet Storm Center, InfoCON: green – Sep 01 2020 18:04LDAP, like many UDP based protocols, has the ability to send responses that are larger than the request. With UDP not requiring any handshake before data is sent, these protocols make ideal amplifiers for reflective distributed denial of service…
cybersecboardrm – 5 Tips for Triaging Risk from Exposed Credentials #CyberSecurity https://t.co/GNgkx58xr0cybersecboardrm – Twitter – Sep 02 2020 16:105 Tips for Triaging Risk from Exposed Credentials #CyberSecurity https://www.darkreading.com/risk/5-tips-for-triaging-risk-from-exposed-credentials/d/d-id/1338800?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple
Hacker Groups
PIONEER KITTENIBM X-Force Exchange – Advisory Tag – RSS – Sep 01 2020 18:17Summary An Iran-based threat actor, dubbed PIONEER KITTEN (tracked by IBM as Hive0094) by CrowdStrike, has been observed carrying out cyber espionage campaigns, likely in support of the Iranian government. Threat Type Espionage Overview CrowdStrike has…
‘UltraRank’ Gang Sells Card Data It StealsCyberSecurityBoard.com – RSS – Sep 02 2020 00:47A cybercriminal gang dubbed "UltraRank" that has planted malicious JavaScript code in hundreds of e-commerce websites around the world over the last five … …
BeagleBoyz Ramp Up Cyber Attacks on American SoilCIO East Africa – Sep 02 2020 06:28A diagram that shows a method the BeagleBoyz use Since February 2020, North Korea’s BeagleBoyz have resumed attacking banks in several countries to initiate fraudulent international money transfers and ATM cash outs. The recent resurgence follows a…
DDoS against NZX continues. Pioneer Kitten’s revenue diversification. Mac notarization failure. Gaming’s black market.The CyberWire – Sep 01 2020 16:06The New Zealand Herald reports that, after a good start yesterday, New Zealand’s NZX stock exchange again sustained a disruptive distributed denial-of-service attack. The exchange was able to work through the attack and continue trading by deploying…
Malware
Apple Signs Shlayer, Legitimizes MalwareDark Reading: – Sep 01 2020 19:45Shlayer, a common macOS Trojan, received Apple's notary certification and place in the App Store — twice.
Securityblog – RT @thehellu: It turns out the RCSession family described by Secureworks is the same as the “Type 2” malware family that we described in ou…Securityblog – Twitter – Sep 01 2020 20:32RT @thehellu: It turns out the RCSession family described by Secureworks is the same as the "Type 2" malware family that we described in our report https://documents.trendmicro.com/assets/white_papers/wp-uncovering-DRBcontrol.pdf
So either…
malwrhunterteam – RT @malwrhunterteam: The Exorcist Ransomware is another ransomware that is checking for CIS countries in a way before any action: it checks…malwrhunterteam – Twitter – Sep 01 2020 17:55RT @malwrhunterteam: The Exorcist Ransomware is another ransomware that is checking for CIS countries in a way before any action: it checks locale.
Also, in the data it sends back, there is a "hasrukeys", which is based on GetKeyboardLayoutList…
InfoSecHotSpot – Apple Signs Shlayer, Legitimizes Malware Shlayer, a common macOS Trojan, received Apple’s notary certification and… https://t.co/S1u1udbqOqInfoSecHotSpot – Twitter – Sep 01 2020 23:58Apple Signs Shlayer, Legitimizes Malware Shlayer, a common macOS Trojan, received Apple's notary certification and place in the App Store — twice. https://bit.ly/3hStiNL https://twitter.com/InfoSecHotSpot/status/1300946126200287232/photo/1
Vulnerabilities
Securityblog – RT @McAfee_Labs: In our latest blog, we provide a more detailed analysis for one of the reported vulnerabilities, CVE-2020-11863, which was…Securityblog – Twitter – Sep 01 2020 20:26RT @McAfee_Labs: In our latest blog, we provide a more detailed analysis for one of the reported vulnerabilities, CVE-2020-11863, which was due to the use of uninitialized memory. This vulnerability is related to CVE-2020-11865. Read the deep dive,…
Comment: Latest Docker Container Attack Highlights Remote Networking FlawsInformation Security Buzz – Sep 02 2020 15:54It has been reported  that a security flaw that provides a backdoor through which Docker containers can be compromised via unsecured remote connections may require IT teams to revisit their approach to DevSecOps.
threatpost – #Cisco says hackers are actively exploiting unpatched #security flaws in its carrier-grade routers, allowing them t… https://t.co/UsVB3ck8i1threatpost – Twitter – Sep 02 2020 12:35#Cisco says hackers are actively exploiting unpatched #security flaws in its carrier-grade routers, allowing them to crash devices.
https://threatpost.com/cisco-warns-of-active-exploitation-of-flaw-in-carrier-grade-routers/158887/
Magento Sites Vulnerable to RCE Stemming From Magmi Plugin FlawsThreatpost.com – Sep 01 2020 20:19Two flaws – one of them yet to be fixed – are afflicting a third-party plugin used by Magento e-commerce websites.
Ongoing Campaigns
Weekly Threat Briefing: Malware, Lazarus Group, Vulnerabilities and MoreThreatStream Blog – Sep 02 2020 14:00The various threat intelligence stories in this iteration of the Weekly Threat Briefing discuss the following topics: APT, Cryptojacking, DDoS, North Korea, Shlayer, Trojan, and Vulnerabilities. The IOCs related to these…
Organizations facing surge in phishing attacks since the start of the pandemicHelp Net Security – News – Sep 02 2020 04:00The frequency of phishing threats has risen considerably since the pandemic started, with companies experiencing an average of 1,185 attacks every month, according to a survey from GreatHorn. Phishing attacks and the pandemic Additionally, 38%…
Cisco Says Hackers Targeting Zero-Days in Carrier-Grade RoutersSecurityWeek RSS Feed – Sep 01 2020 18:56Cisco has warned that hackers are targeting not one, but two unpatched vulnerabilities in the DVMRP feature of IOS XR software that runs on many carrier-grade routers.  …
SecurityWeek – Cisco Says Hackers Targeting Zero-Days in Carrier-Grade Routers – https://t.co/RJ0mHPHfh4 #NetSecSecurityWeek – Twitter – Sep 01 2020 18:56Cisco Says Hackers Targeting Zero-Days in Carrier-Grade Routers – https://www.securityweek.com/cisco-says-hackers-targeting-zero-days-carrier-grade-routers #NetSec

Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.

Silobreaker Daily Cyber Alert

Sign up for the latest news on data breaches, hacker groups, malware and vulnerabilities.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal