03 March 2021

This alert was created automatically by our award-winning intelligence product Silobreaker Online. Story selection is determined by an algorithm and based on a set of queries initially set by a Silobreaker user. Contact us here for more information.

Heat – Trending Malware and Threat Actors
Name Heat 1 Heat 7 Vol 1 Vol 7
Gootkit 17 31
ObliqueRAT 14 15
Gootloader 13 26
ech0raix Ransomware 7 7
SunCrypt Ransomware 7 8
Ryuk Ransomware 10 47
Ploutus Malware 4 4
FlawedGrace 3 3
APT36 3 3
Unc0ver Team 3 7
Data Breaches
Data analytics firm Polecat data breach – 30TB of data exposed hxxps://www[.]hackread[.]com/polecat-data-analytics-data-breach-30tb-data-exposed/Dinosn – Twitter – Mar 02 2021 20:58Data analytics firm Polecat data breach – 30TB of data exposed hxxps://www[.]hackread[.]com/polecat-data-analytics-data-breach-30tb-data-exposed/
Data analytics firm Polecat data breach – 30TB of data exposedHackRead – Mar 02 2021 15:28By Waqas Polecat exposed an Elasticsearch server that wasn't protected with any authentication measures or any form of encryption. This is a post from HackRead[.]com Read the original post: …
🚨 🔥 From employee usernames, passwords to 6.5 billion tweets, and much more, the treasure trove of data was left exposed in plain-text.

Details: hxxps://www[.]hackread[.]com/polecat-data-analytics-data-breach-30tb-data-exposed/

#Security #Privacy #Breach #Polecat #DataAnalyticsHackRead – Twitter – Mar 02 2021 16:22🚨 🔥 From employee usernames, passwords to 6.5 billion tweets, and much more, the treasure trove of data was left exposed in plain-text.

Details: hxxps://www[.]hackread[.]com/polecat-data-analytics-data-breach-30tb-data-exposed/

#Security #Privacy…

Passwords, Private Posts Exposed in Hack of Gab Social Network #Cybersecurity #security hxxps://threatpost[.]com/hacktivists-gab-posts-passwords/164360/cybersecboardrm – Twitter – Mar 02 2021 09:24Passwords, Private Posts Exposed in Hack of Gab Social Network #Cybersecurity #security hxxps://threatpost[.]com/hacktivists-gab-posts-passwords/164360/
Hacker Groups
Chinese threat group ‘RedEcho’ targeting Indian power grid hxxps://bit[.]ly/37Xaud9InfoSecHotSpot – Twitter – Mar 02 2021 06:11Chinese threat group 'RedEcho' targeting Indian power grid hxxps://bit[.]ly/37Xaud9
“Zak_m[.]apk” sample seen from India: 80151e5971821b1f0abb13b049efb0eeb9b1626b2f5501fc9ac21918935a6c3e
Some engines detects as Donot APT, sounds correct…
@bl4ckh0l3z hxxps://twitter[.]com/malwrhunterteam/status/1366839536890900482/photo/1
malwrhunterteam – Twitter – Mar 02 2021 19:55"Zak_m[.]apk" sample seen from India: 80151e5971821b1f0abb13b049efb0eeb9b1626b2f5501fc9ac21918935a6c3e
Some engines detects as Donot APT, sounds correct…
@bl4ckh0l3z hxxps://twitter[.]com/malwrhunterteam/status/1366839536890900482/photo/1
unc0ver release latest jailbreak for iOS 14, eligible for devices running lower than iOS 14.3!Zing Gadget – Mar 02 2021 14:53unc0ver has once again released a new jailbreak tool version 6.0.1 which is suitable for Apple device running iOS 11 to 14.3. This jailbreak tool the advantage of the CVE-2021-1782 vulnerability which has been repaired in iOS 14.4 The iOS 14.4 solve…
Alleged China-linked APT41 group targets Indian critical infrastructuresSecurity Affairs – Mar 02 2021 13:01Recorded Future researchers uncovered a campaign conducted by Chinese APT41 group targeting critical infrastructure in India. Security researchers at Recorded Future have spotted a suspected Chinese APT actor targeting critical infrastructure…
Malware
Ransomware puzzle: These two pieces of malware look very different, but they evolved from the same rootZDNet Security – Mar 02 2021 15:05QNAPCrypt targets Linux, SunCrypt targets Windows and both have different methodologies of distribution and tactics – but researchers say they started life as the same thing and there's lessons to be learned from this.
‘Povlsomware’ Ransomware May Not Be Used Only by ResearchersTechNadu – Mar 02 2021 11:03An “educational” ransomware tool called Povlsomware could turn into a powerful commodity for malicious actors. The particular ransomware tool is set to be innocuous, but being open-source, it could be modified. The fact that Povlsomware features Cobalt…
Multi-payload Gootloader platform stealthily delivers malware and ransomware The delivery method for the six-year-old Gootkit financial malware has been developed into a complex and stealthy delivery system for a wide range of malware, including ransom… hxxps://bit[.]ly/3b3HxON hxxps://twitter[.]com/InfoSecHotSpot/status/1366685000251375621/photo/1InfoSecHotSpot – Twitter – Mar 02 2021 09:41Multi-payload Gootloader platform stealthily delivers malware and ransomware The delivery method for the six-year-old Gootkit financial malware has been developed into a complex and stealthy delivery system for a wide range of malware, including…
Compromised Website Images Camouflage ObliqueRAT MalwareMalwareTips.com – Mar 02 2021 17:23The ObliqueRAT malware is now cloaking its payloads as seemingly-innocent image files that are hidden on compromised websites. The remote access trojan (RAT), which has been operating… Click to expand……
Vulnerabilities
This is my thread for activity on MailPot, my personal Exchange honeypot network for
CVE-2021- 26855 CVE-2021-26857 CVE-2021- 26858 CVE-2021-27065
GossiTheDog – Twitter – Mar 02 2021 23:33This is my thread for activity on MailPot, my personal Exchange honeypot network for
CVE-2021- 26855 CVE-2021-26857 CVE-2021- 26858 CVE-2021-27065
CVE-2021-26854 Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078. hxxps://cve[.]mitre[.]org/cgi-bin/cvename.cgi?name=CVE-2021-26854CVEnew – Twitter – Mar 03 2021 00:45CVE-2021-26854 Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078….
CVE-2021-26857 Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078. hxxps://cve[.]mitre[.]org/cgi-bin/cvename.cgi?name=CVE-2021-26857CVEnew – Twitter – Mar 03 2021 00:45CVE-2021-26857 Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078….
CVE-2021-26855 Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078. hxxps://cve[.]mitre[.]org/cgi-bin/cvename.cgi?name=CVE-2021-26855CVEnew – Twitter – Mar 03 2021 00:45CVE-2021-26855 Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078….
Ongoing Campaigns
RT @pentest_swissky: WINDOWS KERNEL ZERO-DAY EXPLOIT (CVE-2021-1732) IS USED BY BITTER APT IN TARGETED ATTACK hxxps://ti[.]dbappsecurity[.]com[.]cn/blog/index.php/2021/02/10/windows-kernel-zero-day-exploit-is-used-by-bitter-apt-in-targeted-attack/Dinosn – Twitter – Mar 03 2021 06:04RT @pentest_swissky: WINDOWS KERNEL ZERO-DAY EXPLOIT (CVE-2021-1732) IS USED BY BITTER APT IN TARGETED ATTACK hxxps://ti[.]dbappsecurity[.]com[.]cn/blog/index.php/2021/02/10/windows-kernel-zero-day-exploit-is-used-by-bitter-apt-in-targeted-attack/
Gootloader exploits websites via SEO to spread ransomware, trojansHackRead – Mar 03 2021 00:52Researchers have warned that Gootloader campaigns generally target users in the US, Germany, France, and South Korea. The cybercriminal community has become quite sophisticated in its attack tactics to trick Google into displaying malicious search…
Anomali Cyber Watch: APT Groups, Cobalt Strike, Russia, Malware, and MoreThreatStream Blog – Mar 02 2021 15:00We are excited to announce Anomali Cyber Watch, your weekly intelligence digest. Replacing the Anomali Weekly Threat Briefing, Anomali Cyber Watch provides summaries of significant cybersecurity and threat intelligence events, analyst comments,…
ObliqueRAT returns with new campaign using hijacked websitesTalos Intelligence Blog – Mar 02 2021 13:04By Asheer Malhotra. Cisco Talos has observed another malware campaign that utilizes malicious Microsoft Office documents (maldocs) to spread the remote access trojan (RAT) ObliqueRAT. This campaign targets organizations in South Asia[.]ObliqueRAT has…

Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.

Silobreaker Daily Cyber Alert

Sign up for the latest news on data breaches, hacker groups, malware and vulnerabilities.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal