03 January 2021

This alert was created automatically by our award-winning intelligence product Silobreaker Online. Story selection is determined by an algorithm and based on a set of queries initially set by a Silobreaker user. Contact us here for more information.

Heat – Trending Malware and Threat Actors
Name Heat 1 Heat 7 Vol 1 Vol 7
TA505 2 3
VandaTheGod 2 11
ZagreuS 1 1
Raccoon Malware 1 3
WastedLocker 1 1
Stuxnet 1 2
DoppelPaymer Ransomware 2 4
NotPetya Ransomware 1 4
APT32 2 3
SUPERNOVA Webshell 1 35
Data Breaches
Georgia optometrist notifies patients of breachOffice of Inadequate Security – Jan 02 2021 14:42So many breach disclosures get overlooked during the last week of the year as people focus on family and other issues. In…
HackRead – RT @QuiteHacker: 🚨 -> #TMobile revealed attackers accessed its Customer proprietary network information (CPNI), putting the private data o…HackRead – Twitter – Jan 02 2021 14:45RT @QuiteHacker: 🚨 -> #TMobile revealed attackers accessed its Customer proprietary network information (CPNI), putting the private data of hundreds of thousands of customers at risk.

#databreach #cybercrime #CyberSec

©️@HackRead…

MA: Mattapan Community Health Center notifies patients of breachOffice of Inadequate Security – Jan 02 2021 14:12Well, I thought maybe the Prestera press release might be the last one of the year for my December PHI breach tracking…
troyhunt – Weekly update is up! NZBGeek, IndiGo, Red Gate Data and (maybe) Long & McQuade Breaches; Aussies Targeted by COVID… https://t.co/6sOdwLF3mGtroyhunt – Twitter – Jan 02 2021 07:37Weekly update is up! NZBGeek, IndiGo, Red Gate Data and (maybe) Long & McQuade Breaches; Aussies Targeted by COVID Scams; CafePress Pays $2M for Breach https://www.troyhunt.com/weekly-update-224/
Hacker Groups
anon_indonesia – The Anonymous Indonesia News Daily is out! https://t.co/Dc1AefaXmJ Stories via @AnonymousPress @AnonymousSwizz #jakpostanon_indonesia – Twitter – Jan 03 2021 03:15The Anonymous Indonesia News Daily is out! https://paper.li/anon_indonesia/1435572762?edition_id=eef46790-4d71-11eb-a9a9-002590a5ba2d Stories via @AnonymousPress @AnonymousSwizz #jakpost
yarai1978 – RT @Blackmond_: Using Qiling Framework to Unpack TA505 packed samples https://t.co/u0yswpDMDFyarai1978 – Twitter – Jan 02 2021 14:12RT @Blackmond_: Using Qiling Framework to Unpack TA505 packed samples https://www.blueliv.com/cyber-security-and-cyber-threat-intelligence-blog-blueliv/using-qiling-framework-to-unpack-ta505-packed-samples/#ta505-packer
Securityblog – RT @LabsSentinel: APT32 Multi-stage macOS Trojan Innovates on Crimeware Scripting Technique – SentinelLabs https://t.co/7xM9BKTwgWSecurityblog – Twitter – Jan 02 2021 17:59RT @LabsSentinel: APT32 Multi-stage macOS Trojan Innovates on Crimeware Scripting Technique – SentinelLabs https://labs.sentinelone.com/apt32-multi-stage-macos-trojan-innovates-on-crimeware-scripting-technique/
Malware
da_667 – Zagreus to literally everyone https://t.co/k5cWQbQWcUda_667 – Twitter – Jan 03 2021 06:24Zagreus to literally everyone https://twitter.com/da_667/status/1345617023078965248/photo/1
Kaspersky system watcher VS 56 ransomwareMalwareTips.com – Jan 02 2021 19:18Kaspersky System Watcher VS Every 56 Ransomware – YouTube
Securityblog – RT @LetsDefendIO: Emotet is one of the most detected malware in 2020. Did you investigate compromised machine by #Emotet malware before?

Y…Securityblog – Twitter – Jan 02 2021 20:54RT @LetsDefendIO: Emotet is one of the most detected malware in 2020. Did you investigate compromised machine by #Emotet malware before?

You can test your blue team skills on http://letsdefend.io

#DFIR #cybersecurity #blueteam…

HU: Brendon notifies customers of ransomware attackOffice of Inadequate Security – Jan 02 2021 15:18HVG.hu reports (translated): On Wednesday morning, Brendon Gyermekáruház Kft. Informed its customers by e-mail that its…
Vulnerabilities
bad_packets – Mass scanning activity detected from 45.91.94.163 (🇦🇹) checking for SolarWinds Orion hosts vulnerable to CVE-2020-1… https://t.co/abnhTu2ejVbad_packets – Twitter – Jan 02 2021 21:24Mass scanning activity detected from 45.91.94.163 (🇦🇹) checking for SolarWinds Orion hosts vulnerable to CVE-2020-10148 (https://www.kb.cert.org/vuls/id/843464). #threatintel
Securityblog – RT @_odisseus: Undocumented user account in #Zyxel products (CVE-2020-29583)

“The user is not visible in the interface and its password ca…Securityblog – Twitter – Jan 02 2021 15:30RT @_odisseus: Undocumented user account in #Zyxel products (CVE-2020-29583)

"The user is not visible in the interface and its password cannot be changed. …. It seemed the vulnerability had been introduced in the latest firmware version."

Patch…

circl_lu – “Tenda N300 F3 12.01.01.48 devices allow remote attackers to obtain sensitive information (possibly including an ht… https://t.co/3iiZacm53kcircl_lu – Twitter – Jan 02 2021 08:26"Tenda N300 F3 12.01.01.48 devices allow remote attackers to obtain sensitive information (possibly including an http_passwd line) via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg, a related issue to CVE-2017-14942….
Securityblog – RT @circl_lu: “Tenda N300 F3 12.01.01.48 devices allow remote attackers to obtain sensitive information (possibly including an http_passwd…Securityblog – Twitter – Jan 02 2021 17:14RT @circl_lu: "Tenda N300 F3 12.01.01.48 devices allow remote attackers to obtain sensitive information (possibly including an http_passwd line) via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg, a related issue to CVE-2017-14942….
Ongoing Campaigns
A Backdoor Account Is Present in 100,000 ‘Zyxel’ Network Equipment ProductsTechNadu – Jan 02 2021 09:03A large number of networking devices from Zyxel are vulnerable to remote exploitation. Anyone can ssh into port 443 using cleartext passwords that are stored in the firmware. The company planted the backdoor itself by mistake, for auto-updating…
Top stories of 2020Security Affairs – Jan 02 2021 14:40Below the list of the top stories of 2020. December 21 – SUPERNOVA, a backdoor found while…
Microsoft Reveals that SolarWinds Hackers Accessed its Source CodeTechNadu – Jan 02 2021 13:03Microsoft has found that the SolarWinds hackers accessed some of its source code repositories. The company confirms that the actors made no changes and says there’s no additional risk for security. The event is still grave even for a company that…
A Credential Stealer Written in AutoHotkey Scripting LanguageCyware – Jan 02 2021 19:24A new credential stealer has been identified that is written in AutoHotkey (AHK) scripting language. In an ongoing attack campaign that started in early 2020, threat actors were found to be distributing this infostealer, focusing on customers of…

Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal