06 May 2021

This alert was created automatically by our award-winning intelligence product Silobreaker Online. Story selection is determined by an algorithm and based on a set of queries initially set by a Silobreaker user. Contact us here for more information.

Heat – Trending Malware and Threat Actors
Name Heat 1 Heat 7 Vol 1 Vol 7
Cuba Ransomware 7 7
UNC2529 5 9
DOUBLEDRAG 4 10
DOUBLEDROP 4 10
DOUBLEBACK 4 10
Bronze Butler APT 3 5
Pingback Malware 3 16
SpyAgent 2 2
Roaming Mantis 2 2
Android.SmsSpy 2 2
Data Breaches
Hotbit Crypto Exchange Confirmed It’s Hacked – Customers’ Personal Data ExposedSeclists.org – Data Loss – May 05 2021 15:36Posted by Destry Winant on May 05…
Open API at exercise equipment company Peloton exposed private user dataSiliconANGLE – May 06 2021 02:59Interactive exercise equipment company Peloton Interactive Inc. has suffered a potential data breach after it was discovered that its application programming interface exposed user data including private accounts. The revelation came on the same day…
A breach of patient information included limited data on 17,655 patients of Faxton St. Luke’s Healthcare.DataBreaches.net – May 05 2021 23:30WKTV reports that Faxton St. Luke’s Healthcare has disclosed that almost 18,000 of its patients were impacted by a breach at its business associate, CaptureRx. The breach occurred on February 6, and Faxton was notified on March 30….
Hacker Groups
APT in action: XDSpy and SandwormCyberNews – Security – May 05 2021 11:38Numerous advanced persistent threat (APT) groups have been attacking governments and the private…
Massive WHO scam busted – ‘DarkPath Scammers’ group suspectedSecurityBrief Asia – RSS – May 05 2021 20:35The scam campaign comprised a network of 134 websites that attempted to lure people in by asking them to take a survey for a monetary reward.
Anonymous took down Colombia’s Senate website and leaked legislators’ e-mailsThe Rio Times – May 05 2021 19:42On Tuesday, Anonymous not only claimed responsibility for the Colombian National Army's data leak but also took down the Colombian Senate's website and leaked the emails of legislators. RIO DE JANEIRO, BRAZIL – On Tuesday, May 4th, the hacker group…
UNC2529, a new sophisticated cybercrime gang that targets U.S. orgs with 3 malwareSecurity Affairs – May 05 2021 15:27A new cybercrime gang, tracked as UNC2529, has targeted many organizations in the US and other countries using new sophisticated malware. A new financially motivated threat actor, tracked by FireEye Experts as…
Malware
FireEye’s Mandiant researchers look at a global phishing campaign and three new malware families: DOUBLEDRAG, DOUBLEDROP and DOUBLEBACK. hxxps://www[.]fireeye[.]com/blog/threat-research/2021/05/unc2529-triple-double-trifecta-phishing-campaign.html hxxps://twitter[.]com/virusbtn/status/1389941964112543751/photo/1virusbtn – Twitter – May 05 2021 13:56FireEye's Mandiant researchers look at a global phishing campaign and three new malware families: DOUBLEDRAG, DOUBLEDROP and DOUBLEBACK. hxxps://www[.]fireeye[.]com/blog/threat-research/2021/05/unc2529-triple-double-trifecta-phishing-campaign.html…
Researchers at Trustwave SpiderLabs have analysed a new malware called ‘Pingback’. They describe how the malware achieves persistence, how it uses ICMP tunnelling for its backdoor communications, and how it operates with different modes. hxxps://www[.]trustwave[.]com/en-us/resources/blogs/spiderlabs-blog/backdoor-at-the-end-of-the-icmp-tunnel/ hxxps://twitter[.]com/virusbtn/status/1389919815117180928/photo/1virusbtn – Twitter – May 05 2021 12:28Researchers at Trustwave SpiderLabs have analysed a new malware called 'Pingback'. They describe how the malware achieves persistence, how it uses ICMP tunnelling for its backdoor communications, and how it operates with different modes….
Pingback Malware Uses ICMP to Avoid C&C DetectionHeimdal Security Blog – May 05 2021 10:31Cybersecurity analysts Lloyd Macrohon and Rodel Mendrez have recently inspected a new piece of malware that they’ve encountered during a breach investigation. Dubbed “Pingback”, the malware uses ICMP (Internet Control Message Protocol) tunneling…
BazarLoader Downloader is Using Social Engineering TechniquesCyware – May 05 2021 10:27BazarLoader downloader has been discovered in two separate cyberattack campaigns. Both the campaigns employed unique social engineering techniques and popular products used in many organizations. It was first spotted last April and since then,…
Vulnerabilities
Hundreds of millions Of #Dell #PCs affected by CVE-2021-21551 flaws
hxxps://securityaffairs[.]co/wordpress/117514/security/cve-2021-21551-dell-flaws.html
#securityaffairs
securityaffairs – Twitter – May 05 2021 08:08Hundreds of millions Of #Dell #PCs affected by CVE-2021-21551 flaws
hxxps://securityaffairs[.]co/wordpress/117514/security/cve-2021-21551-dell-flaws.html
#securityaffairs
These are the vulns:
CVE-2021-1870
CVE-2021-1871
CVE-2021-1879
CVE-2021-30661
CVE-2021-30663
CVE-2021-30665
CVE-2021-30666

Hat tip to @maddiestone for helping correct my math.lorenzoFB – Twitter – May 05 2021 15:42These are the vulns:
CVE-2021-1870
CVE-2021-1871
CVE-2021-1879
CVE-2021-30661
CVE-2021-30663
CVE-2021-30665
CVE-2021-30666

Hat tip to @maddiestone for helping correct my math.

Dell BIOS Driver Privilege Escalation FlawsSword & Shield Enterprise Security, Inc. – May 05 2021 16:24Summary of Dell Computer BIOS Driver Privilege Escalation Flaws May 4, 2021 Our Technology Partner SentinelOne announced today that hundreds of millions of Dell Computers (desktops, laptops, notebooks, and tablets), could be vulnerable to…
CVE-2021-20254 A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs) into unix group ids (gids). The code that performs this had a flaw that could allow it to read data beyond the end of the array in the case whe… hxxps://cve[.]mitre[.]org/cgi-bin/cvename.cgi?name=CVE-2021-20254CVEnew – Twitter – May 05 2021 14:45CVE-2021-20254 A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs) into unix group ids (gids). The code that performs this had a flaw that could allow it to read data beyond the end of the array in the case…
Ongoing Campaigns
Check Your Privilege – the Risks of Privilege Escalation In the CloudCheck Point – May 05 2021 11:00Facebook founder and CEO Mark Zuckerberg’s famous motto, ‘ move fast and break things’ is believed to be one of the drivers behind the company’s innovations and growth.  However, moving faster than you’d planned isn’t always a good thing, as…
Major EU country hit by crippling DDoS attacksHackRead – May 05 2021 16:29By Waqas Over 200 Belgian Websites Become Target of DDoS Attacks. Here's what happened and which institution was hit by the DDoS attack. This is a post from HackRead[.]com Read the original post: …
Timeline of a Hafnium AttackSecurity Bloggers Network – May 05 2021 15:13The attacks on Microsoft Exchange servers around the world by Chinese state-sponsored threat group Hafnium are believed to have affected over 21,000 organizations. The impact of these attacks is growing as the four zero-day vulnerabilities are…

Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.

Silobreaker Daily Cyber Alert

Sign up for the latest news on data breaches, hacker groups, malware and vulnerabilities.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal