07 March 2021

This alert was created automatically by our award-winning intelligence product Silobreaker Online. Story selection is determined by an algorithm and based on a set of queries initially set by a Silobreaker user. Contact us here for more information.

Heat – Trending Malware and Threat Actors
Name Heat 1 Heat 7 Vol 1 Vol 7
Sodinokibi Ransomware 8 16
Hafnium Group 13 130
TrickBoot 2 5
AlumniLocker Ransomware 2 6
TwoFace Webshell 1 2
BASHLITE Malware 1 4
TeslaCrypt 1 1
Humble Ransomware 1 5
Nefilim Ransomware 1 6
APT29 1 3
Data Breaches
Multiple Cisco products exposed to DoS attack due to a Snort issueSecurity Affairs – Mar 06 2021 21:43Cisco announced that a vulnerability in the Snort detection engine exposes several of its products to denial-of-service (DoS) attacks. Cisco announced this week that several of its products are exposed to denial-of-service (DoS) attacks due to a…
Bug in Apple’s Find My Feature Could’ve Exposed Users’ Location Histories hxxps://thehackernews[.]com/2021/03/bug-in-apples-find-my-feature-couldve.htmlSecnewsbytes – Twitter – Mar 06 2021 08:21Bug in Apple's Find My Feature Could've Exposed Users' Location Histories hxxps://thehackernews[.]com/2021/03/bug-in-apples-find-my-feature-couldve.html
Government briefed on breach of at least 30,000 Microsoft Exchange ServersSC Magazine US – Mar 06 2021 21:44Cybersecurity experts briefed government investigators that at least 30,000 Microsoft Exchange Servers have been breached using a chain of vulnerabilities Microsoft patched on Tuesday. The reports, published by independent reporter Brian Krebs and…
RT @troyhunt: Weekly update is up! Pwned Passwords in Home Assistant; SuperVPN & GeckoVPN Breach; Oxfam Breach; Ticketcounter Breach; Gab Breach; Portuguese Gov on HIBP hxxps://www[.]troyhunt[.]com/weekly-update-233/troyhunt – Twitter – Mar 06 2021 20:27RT @troyhunt: Weekly update is up! Pwned Passwords in Home Assistant; SuperVPN & GeckoVPN Breach; Oxfam Breach; Ticketcounter Breach; Gab Breach; Portuguese Gov on HIBP hxxps://www[.]troyhunt[.]com/weekly-update-233/
Hacker Groups
RT @likethecoins: Reminder: Microsoft named HAFNIUM. They define what it is. Just because an adversary exploited one of the recent Exchange vulns doesn’t mean it was HAFNIUM. To even hypothesize that activity may be HAFNIUM, as an analyst, I’d want multiple specific overlaps with the MS post.Securityblog – Twitter – Mar 06 2021 13:10RT @likethecoins: Reminder: Microsoft named HAFNIUM. They define what it is. Just because an adversary exploited one of the recent Exchange vulns doesn't mean it was HAFNIUM. To even hypothesize that activity may be HAFNIUM, as an analyst, I'd want…
“APT37 is one of the most sophisticated North Korean threat actors that has been active since at least 2012. This group, also known as ScarCruft, Group123, Reaper, or Geumseong121.” – Hossein Jazi of @Malwarebytes on #ResearchSaturday. Take a deeper dive: hxxp://bit[.]ly/cwRS030621 hxxps://twitter[.]com/thecyberwire/status/1368211532094574592/photo/1thecyberwire – Twitter – Mar 06 2021 14:47"APT37 is one of the most sophisticated North Korean threat actors that has been active since at least 2012. This group, also known as ScarCruft, Group123, Reaper, or Geumseong121." – Hossein Jazi of @Malwarebytes on #ResearchSaturday. Take a deeper…
Diving deep into North Korea’s APT37 tool kit.The CyberWire – Mar 06 2021 06:06Show Notes Guest Hossein Jazi of Malwarebytes joins us to take a deep dive into North Korea's APT37 (aka ScarCruft, Reaper and Group123) toolkit. On December 7 2020 the Malwarebytes Labs threat team identified a malicious document uploaded to Virus…
Ongoing atttack: Hafnium hits 30,000 organizations via Microsoft ExchangePost Online Media – Mar 06 2021 13:56The Hafnium hacking group in China has allegedly hacked at least 30,000 organizations in the U.S. using Microsoft Exchange Server. On Wednesday, Microsoft disclosed evidence that Hafnium, a Chinese hacking group, was attacking servers in the United…
Malware
RT @blueteamsec1: IronNetInjector: Turla’s New Malware Loading Tool hxxp://dlvr[.]it/Rv5xMf #cyber #threathunting #infosec hxxps://twitter[.]com/blueteamsec1/status/1368255568981368834/photo/1gh0std4ncer – Twitter – Mar 06 2021 18:20RT @blueteamsec1: IronNetInjector: Turla’s New Malware Loading Tool hxxp://dlvr[.]it/Rv5xMf #cyber #threathunting #infosec hxxps://twitter[.]com/blueteamsec1/status/1368255568981368834/photo/1
REvil Ransomware Attacks MSP Standley Systems, Leaks SSNs hxxps://www[.]crn[.]com/news/security/revil-ransomware-attacks-msp-standley-systems-leaks-ssns#.YENkZaGSzg0[.]twitterMetacurity – Twitter – Mar 06 2021 11:15REvil Ransomware Attacks MSP Standley Systems, Leaks SSNs hxxps://www[.]crn[.]com/news/security/revil-ransomware-attacks-msp-standley-systems-leaks-ssns#.YENkZaGSzg0[.]twitter
Multi-payload Gootloader platform stealthily delivers malware and ransomware – hxxps://www[.]helpnetsecurity[.]com/2021/03/02/gootloader-malware-ransomware/ – @Sophos #cybersecurity #security #cybercrime #infosecurity #itsecurity #cybersecuritynews #securitynews hxxps://twitter[.]com/helpnetsecurity/status/1368260417320083457/photo/1helpnetsecurity – Twitter – Mar 06 2021 18:01Multi-payload Gootloader platform stealthily delivers malware and ransomware – hxxps://www[.]helpnetsecurity[.]com/2021/03/02/gootloader-malware-ransomware/ – @Sophos #cybersecurity #security #cybercrime #infosecurity #itsecurity #cybersecuritynews…
Supermicro and PulseSecure Issue Advisories on TrickbootBankInfoSecurity – Mar 06 2021 14:10Companies Report Several of Their Products…
Vulnerabilities
Hackers Exploit Exchange Flaws to Target Local Governments hxxps://www[.]bankinfosecurity[.]com/hackers-exploit-exchange-flaws-to-target-local-governments-a-16125Secnewsbytes – Twitter – Mar 06 2021 08:26Hackers Exploit Exchange Flaws to Target Local Governments hxxps://www[.]bankinfosecurity[.]com/hackers-exploit-exchange-flaws-to-target-local-governments-a-16125
Microsoft releases IOC Detection Tool for Microsoft Exchange Server flawsSecurity Affairs – Mar 06 2021 16:50After the disclosure of Microsoft Exchange zero-days, MS Exchange Server team has released a script to determine if an install is vulnerable. This week Microsoft …
Critical flaw in Rockwell PLCs allows attackers to fiddle with them (CVE-2021-22681) – hxxps://www[.]helpnetsecurity[.]com/2021/03/01/cve-2021-22681/ – @ROKAutomation @Claroty @CISAgov #PLC #IndustrialSecurity #vulnerability #RockwellPLC hxxps://twitter[.]com/helpnetsecurity/status/1368154607675990020/photo/1helpnetsecurity – Twitter – Mar 06 2021 11:00Critical flaw in Rockwell PLCs allows attackers to fiddle with them (CVE-2021-22681) – hxxps://www[.]helpnetsecurity[.]com/2021/03/01/cve-2021-22681/ – @ROKAutomation @Claroty @CISAgov #PLC #IndustrialSecurity #vulnerability #RockwellPLC…
CVE-2020-27870 (hxxps://cve[.]mitre[.]org/cgi-bin/cvename.cgi?name=CVE-2020-27870) exploit attempt detected from 125.118.63.159 (🇨🇳) targeting our SolarWinds Orion honeypot. #threatintelbad_packets – Twitter – Mar 06 2021 22:11CVE-2020-27870 (hxxps://cve[.]mitre[.]org/cgi-bin/cvename.cgi?name=CVE-2020-27870) exploit attempt detected from 125.118.63.159 (🇨🇳) targeting our SolarWinds Orion honeypot. #threatintel
Ongoing Campaigns
Tens of thousands of US organizations hit in ongoing Microsoft Exchange hackArsTechnica – Mar 06 2021 23:05Enlarge Tens of thousands of US-based organizations are running Microsoft Exchange servers that have been backdoored by threat actors who are stealing administrator passwords and exploiting critical vulnerabilities in the email and calendaring…
Ransomware gang plans to call victim’s business partners about attacksOffice of Inadequate Security – Mar 06 2021 18:53Lawrence Abrams reports: The REvil ransomware operation announced this week that they are using DDoS attacks and voice calls…
A new type of supply-chain attack with serious consequences is flourishingArsTechnica – Mar 06 2021 15:48Enlarge (credit: Przemyslaw Klos / EyeEm / ) A new type of supply chain attack unveiled last month is targeting more and more companies, with new rounds this week taking aim at Microsoft, Amazon, Slack, Lyft, Zillow, and an unknown number of others. In…
RT @RedHuntLabs: Got to know about the new #supplychain attack vector, i.e. Dependency Confusion Attack? We just released a new article researched by @s0md3v – ‘Dependency Confusion Attack – What, Why, and How?’

hxxps://redhuntlabs[.]com/blog/dependency-confusion-attack-what-why-and-how.html

#infosec #attacksurfacemanagement #securitySecurityblog – Twitter – Mar 06 2021 11:24RT @RedHuntLabs: Got to know about the new #supplychain attack vector, i.e. Dependency Confusion Attack? We just released a new article researched by @s0md3v – 'Dependency Confusion Attack – What, Why, and How?'…

Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.

Silobreaker Daily Cyber Alert

Sign up for the latest news on data breaches, hacker groups, malware and vulnerabilities.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal