07 February 2021

This alert was created automatically by our award-winning intelligence product Silobreaker Online. Story selection is determined by an algorithm and based on a set of queries initially set by a Silobreaker user. Contact us here for more information.

Heat – Trending Malware and Threat Actors
Name Heat 1 Heat 7 Vol 1 Vol 7
BazarBackdoor 3 4
Stuxnet 5 25
DoppelPaymer Ransomware 2 5
UNC1878 2 4
VandaTheGod 4 17
Hildegard Malware 2 24
Mondfoxia 1 1
Red Rabbit Team 1 1
Snatch Ransomware 1 1
Hayalim Almonim 1 2
Data Breaches
DE: Netcom-Kassel announces breachOffice of Inadequate Security – Feb 06 2021 19:57Seen on Netcom-Kassel (translation): Information according to Paragraph 109a TKG, 34 GDPR on a security incident (status:…
Alleged breaches impacting Indians, Malaysians, under investigationOffice of Inadequate Security – Feb 06 2021 13:34India: Airtel continues to deny that it had a breach affecting more than 2.5 million subscribers’ data, despite…
A phishing campaign’s collateral damage: Stolen passwords were publicly searchable  hxxps://www[.]cyberscoop[.]com/phishing-passwords-exposed-check-point/CyberScoopNews – Twitter – Feb 07 2021 05:47A phishing campaign's collateral damage: Stolen passwords were publicly searchable  hxxps://www[.]cyberscoop[.]com/phishing-passwords-exposed-check-point/
When it comes to personal information, better to keep it safe than exposed. Visit our #PrivacyChecker to see how you can optimize your social media privacy settings. hxxps://kas[.]pr/ff1q hxxps://twitter[.]com/kaspersky/status/1358143554107883520/video/1kaspersky – Twitter – Feb 06 2021 20:00When it comes to personal information, better to keep it safe than exposed. Visit our #PrivacyChecker to see how you can optimize your social media privacy settings. hxxps://kas[.]pr/ff1q…
Hacker Groups
RT @Unit42_Intel: TeamTNT is known for exploiting unsecured Docker daemons and deploying malicious container images. Read our description of the Hildegard malware campaign, the first time we’ve found TeamTNT targeting #Kubernetes environments. hxxps://bit[.]ly/3roLQK3 hxxps://twitter[.]com/Unit42_Intel/status/1357853271390576645/photo/1Secnewsbytes – Twitter – Feb 06 2021 10:44RT @Unit42_Intel: TeamTNT is known for exploiting unsecured Docker daemons and deploying malicious container images. Read our description of the Hildegard malware campaign, the first time we've found TeamTNT targeting #Kubernetes environments….
It’s called the ShinyHunters hack and there’s nothing sparkly about it with 125 million online identities being exposed. Don’t worry, we’re here with 5 steps you can take to keep yourself safer. hxxps://mcafee[.]ly/36N3j6S hxxps://twitter[.]com/McAfee/status/1358135145937698817/photo/1McAfee – Twitter – Feb 06 2021 19:27It's called the ShinyHunters hack and there's nothing sparkly about it with 125 million online identities being exposed. Don't worry, we're here with 5 steps you can take to keep yourself safer. hxxps://mcafee[.]ly/36N3j6S…
The Anonymous Indonesia News Daily is out! hxxps://paper[.]li/anon_indonesia/1435572762?edition_id=a0d8a8e0-68f2-11eb-8105-002590a5ba2d #jakpost #phishinganon_indonesia – Twitter – Feb 07 2021 03:14The Anonymous Indonesia News Daily is out! hxxps://paper[.]li/anon_indonesia/1435572762?edition_id=a0d8a8e0-68f2-11eb-8105-002590a5ba2d #jakpost #phishing
When Fancy Bear isn’t so Fancy: APT group’s “crude” methods continue to work hxxps://www[.]cyberscoop[.]com/fancy-bear-trend-micro-russia-espionage/CyberScoopNews – Twitter – Feb 06 2021 20:50When Fancy Bear isn’t so Fancy: APT group’s "crude" methods continue to work hxxps://www[.]cyberscoop[.]com/fancy-bear-trend-micro-russia-espionage/
Malware
Is computer safe if my av detected a malware during installation in Shadow defender shadow mode?MalwareTips.com – Feb 06 2021 21:18So i ran shadow defender and put all my drives into shadow mode. I then installed aimersoft imusic and upon installation, eset detected javascript password stealer malware. I then click clean……
Tycoon, Ryuk, and Revil were three of the most significant ransomware families of 2020.

Brett McFadden discusses how they work and shares some best practices to defend against ransomware infection.

hxxps://www[.]tripwire[.]com/state-of-security/security-data-protection/cyber-security/revil-ryuk-tycoon-ransomware/

#cybersecurity #ransomwareTripwireInc – Twitter – Feb 06 2021 22:59Tycoon, Ryuk, and Revil were three of the most significant ransomware families of 2020.

Brett McFadden discusses how they work and shares some best practices to defend against ransomware…

☑️The BazarBackdoor is not the first malware as documented a Nim-compiled malware.

We have previously seen a Nim-compiled ransomware “xCry” as below:
hxxps://twitter[.]com/VK_Intel/status/1085974213838688257

2 new languages observed lately:
1⃣”Dlang”
2⃣”Nim”

🛡️Please watch for these compiled formats as well.VK_Intel – Twitter – Feb 06 2021 19:53☑️The BazarBackdoor is not the first malware as documented a Nim-compiled malware.

We have previously seen a Nim-compiled ransomware "xCry" as below:
hxxps://twitter[.]com/VK_Intel/status/1085974213838688257

2 new languages observed…

RT @tinfoil_globe: @codelancer @daveaitel Ah, so Stuxnet did not use 7 0day but 7 vulns patched in the immediate remediation following Stuxnet analysis matched codepaths exploited by Stuxnet (eg MS realized that kernel mode fonts were a dumpster fire)?thegrugq – Twitter – Feb 06 2021 17:08RT @tinfoil_globe: @codelancer @daveaitel Ah, so Stuxnet did not use 7 0day but 7 vulns patched in the immediate remediation following Stuxnet analysis matched codepaths exploited by Stuxnet (eg MS realized that kernel mode fonts were a dumpster…
Vulnerabilities
Experts found critical flaws in Realtek Wi-Fi ModuleSecurity Affairs – Feb 06 2021 21:35Critical flaws in the Realtek RTL8195A Wi-Fi module could have been exploited to gain root access and take over devices’ wireless communications. Researchers from Israeli IoT security firm Vdoo found six vulnerabilities in the …
Critical #security flaws were found in #Cisco’s RV160, RV160W, RV260, RV260P, and RV260W VPN routers for small businesses.
hxxps://threatpost[.]com/cisco-flaws-vpn-routers-rce/163662/
threatpost – Twitter – Feb 07 2021 02:00Critical #security flaws were found in #Cisco’s RV160, RV160W, RV260, RV260P, and RV260W VPN routers for small businesses.
hxxps://threatpost[.]com/cisco-flaws-vpn-routers-rce/163662/
Cyber Command, NSA warn to patch decade-old vulnerability in sudo hxxps://www[.]cyberscoop[.]com/sudo-flaw-cyber-command-nsa-buffer-overflow/CyberScoopNews – Twitter – Feb 06 2021 15:43Cyber Command, NSA warn to patch decade-old vulnerability in sudo hxxps://www[.]cyberscoop[.]com/sudo-flaw-cyber-command-nsa-buffer-overflow/
Fortinet addresses 4 vulnerabilities in FortiWeb web application firewalls #Cybersecurity #security hxxps://securityaffairs[.]co/wordpress/114233/hacking/fortinet-fortiweb-flaws.html?utm_source=rss&utm_medium=rss&utm_campaign=fortinet-fortiweb-flawscybersecboardrm – Twitter – Feb 07 2021 03:30Fortinet addresses 4 vulnerabilities in FortiWeb web application firewalls #Cybersecurity #security hxxps://securityaffairs[.]co/wordpress/114233/hacking/fortinet-fortiweb-flaws.html?utm_source=rss&utm_medium=rss&utm_campaign=fortinet-fortiweb-flaws…
Ongoing Campaigns
Cybercriminals Now Using Plex Media Servers to Amplify DDoS AttacksTHN : The Hacker News – Feb 06 2021 07:28A new distributed denial-of-service attack (DDoS) vector has ensnared Plex Media Server systems to amplify malicious traffic against targets to take them offline. "Plex's startup processes unintentionally expose a Plex UPnP-enabled service…
What is a Man-in-the-Middle Attack? hxxps://bit[.]ly/3p1oZmgInfoSecHotSpot – Twitter – Feb 06 2021 09:58What is a Man-in-the-Middle Attack? hxxps://bit[.]ly/3p1oZmg
Israeli Antifa Hackers Attack KKK Site and Expose Personal DetailsTechNadu – Feb 06 2021 09:18The hacking group known as ‘Hayalim Almonim’ has defaced the website of a KKK website. The hackers have posted mocking messages and also quite revealing details about some members. The Texan leader of the exposed organization is linked with the rape of…
RT @AlphaONEOps: TeamTNT group uses Hildegard Malware to target Kubernetes Systems hxxps://buff[.]ly/3tu1CFb @securityaffairs hxxps://twitter[.]com/AlphaONEOps/status/1358113485700411397/photo/1securityaffairs – Twitter – Feb 06 2021 18:22RT @AlphaONEOps: TeamTNT group uses Hildegard Malware to target Kubernetes Systems hxxps://buff[.]ly/3tu1CFb @securityaffairs hxxps://twitter[.]com/AlphaONEOps/status/1358113485700411397/photo/1

Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.

Silobreaker Daily Cyber Alert

Sign up for the latest news on data breaches, hacker groups, malware and vulnerabilities.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal