08 December 2020

This alert was created automatically by our award-winning intelligence product Silobreaker Online. Story selection is determined by an algorithm and based on a set of queries initially set by a Silobreaker user. Contact us here for more information.

Heat – Trending Malware and Threat Actors
Name Heat 1 Heat 7 Vol 1 Vol 7
Egregor Ransomware 18 80
EMOTET Trojan 10 26
Black Shadow Team 4 9
DoppelPaymer Ransomware 6 12
DRBControl 2 2
Locky Ransomware 2 3
Nefilim Ransomware 2 2
TA2101 2 3
APT BISMUTH 2 11
Turla Spyware 2 10
Data Breaches
Brazil’s population exposed in Ministry of Health leaksZDNet Security – Dec 07 2020 18:29Full addresses and taxpayer registration numbers are among the details of healthcare users that were exposed in separate incidents.
Flight Centre hackathon behind 2017 breach, exposed 6918 customers’ dataDataBreaches.net – Dec 07 2020 13:20Ry Crozier reports: A 2017 data breach at Flight Centre occurred when passport and credit card numbers for 6918 customers were accidentally left in a dataset used by the participants of a hackathon. Details of the breach are revealed in…
kidko92 – From a different planet: popular net TV service breached but strangely chooses not to communicate proactively to th… https://t.co/DeZplgZt8mkidko92 – Twitter – Dec 07 2020 11:50From a different planet: popular net TV service breached but strangely chooses not to communicate proactively to the more than 3M users whose information is exposed. https://www.vice.com/en/article/88a8ma/pluto-tv-hacked-data-breach
ZDNet – Brazil’s population exposed in Ministry of Health leaks https://t.co/zpO5636xAQ by @angelicamariZDNet – Twitter – Dec 07 2020 18:29Brazil's population exposed in Ministry of Health leaks https://zd.net/33QIvdj by @angelicamari
Hacker Groups
Shadow Academy Targets UniversitiesIBM X-Force Exchange – Advisory Tag – RSS – Dec 07 2020 16:19Summary RiskIQ have identified a series of attacks against some twenty universities that have occurred from July though to October. The attacks use TTPs similar to Silent Librarian. However, the indicators are not sufficient to attribute the attacks…
Bismuth APT Using Old, Legitimate Apps for DLL Side-Loading in Cryptomining CampaignCyware – Dec 07 2020 19:24Staying under the radar is one of the topmost priority of cybercriminals to establish persistence in a compromised system. Lately, a nation-state actor Bismuth has been observed taking advantage of coin miners that generate low-priority alerts to…
Advanced Persistent Threat (APT) Protection Market worth $12.6 billion by 2025Express Press Release – Dec 08 2020 05:44According to a new market research report  “ Advanced Persistent Threat (APT) Protection Market  by Offering (Solutions (Sandboxing, Endpoint Protection, SIEM, IDS/IPS, and Next-generation Firewall) and Services), Deployment Mode, Organization Size,…
APT32 Adds Capabilities to macOS BackdoorIBM X-Force Exchange – Advisory Tag – RSS – Dec 07 2020 14:19Summary Disguised as a Word document and distributed by APT32 (Ocean Lotus, Bismuth, SeaLotus), a macOS backdoor has been updated. Researchers from Sentinel One have published the details of this update in a new blog. Threat Type Malware, Backdoor Overvi…
Malware
CyberScoopNews – Ransomware gang Egregor publishes details from HR firm Randstand following hack https://t.co/3VfldM9VPn by @snlyngaasCyberScoopNews – Twitter – Dec 07 2020 16:58Ransomware gang Egregor publishes details from HR firm Randstand following hack https://hubs.ly/H0C6_bW0 by @snlyngaas
CyberScoopNews – Ransomware gang Egregor publishes details from HR firm Randstand following hack https://t.co/c93ebym6Ec by @snlyngaasCyberScoopNews – Twitter – Dec 07 2020 23:31Ransomware gang Egregor publishes details from HR firm Randstand following hack https://hubs.ly/H0C7L080 by @snlyngaas
CyberScoopNews – Ransomware gang Egregor publishes details from HR firm Randstand following hack https://t.co/pZ34fI4hfw by @snlyngaasCyberScoopNews – Twitter – Dec 08 2020 04:36Ransomware gang Egregor publishes details from HR firm Randstand following hack https://hubs.ly/H0C92nN0 by @snlyngaas
Turla APT Active Again with Crutch Malware ToolkitCyware – Dec 07 2020 19:24Turla, the Russia-based threat actor, has been observed using a new malware toolset capable of stealing sensitive documents. The attacks were reportedly directed at high-profile targets, including the Ministry of Foreign Affairs of a European Union…
Vulnerabilities
Russia-linked hackers actively exploit CVE-2020-4006 VMware flaw, NSA warnsSecurity Affairs – Dec 07 2020 16:25The National Security Agency (NSA) warns that Russia-linked hackers are exploiting a recently patched VMware flaw in a cyberespionage campaign. The US National Security Agency has published a security alert warning that Russian state-sponsored…
Securityblog – RT @threatpost: Patches for a flaw (CVE-2020-8913) in the #Google Play Core Library have not been implemented by several popular #mobile ap…Securityblog – Twitter – Dec 07 2020 19:47RT @threatpost: Patches for a flaw (CVE-2020-8913) in the #Google Play Core Library have not been implemented by several popular #mobile apps, including Edge.
https://threatpost.com/google-play-apps-remain-vulnerable-to-high-severity-flaw/161785/
QNAP High-Severity Flaws Plague NAS SystemsMalwareTips.com – Dec 07 2020 17:02The high-severity cross-site scripting flaws could allow remote-code injection on QNAP NAS systems. QNAP Systems is warning of high-severity flaws that plague its top-selling network… Click to expand……
CVEnew – CVE-2020-25629 A vulnerability was found in Moodle where users with “Log in as” capability in a course context (typ… https://t.co/EJs1W2p65qCVEnew – Twitter – Dec 08 2020 01:45CVE-2020-25629 A vulnerability was found in Moodle where users with "Log in as" capability in a course context (typically, course managers) may gain access to some site administration capabilities by "logging in as" a System manager. This affects 3.9…
Ongoing Campaigns
Attackers Continue to Make Hay with Backdoor MalwareCyware – Dec 07 2020 19:24The looming threat of backdoor malware continues to strike organizations and is especially worrisome as it often goes undetected for several months. This allows cybercriminals to gain persistence on corporate networks with ample opportunity to steal…
FBI And Homeland Security Warning: The FBI And CISA Have Observed Targeting U.S. Think Tanks By APTLIFARS Blog – Dec 07 2020 14:15In a joint cybersecurity advisory published on December 1, the FBI and CISA warned about …
It’s not just the economy and bad management messing with Kmart – ransomware crews are there tooThe Register – Dec 07 2020 15:26The week's other security news In Brief It looks like the Egregor crew is at it again, and this time the ransomware-flingers have caught venerable but struggling US retail biz Kmart. In a ransom note spotted online the Egregor team seems to be sticking…
Malspam campaigns distributing QakBot on the riseIT Pro UK – Dec 07 2020 14:19Security researchers have warned that the hackers behind the QakBot (aka Qbot) Trojan are collaborating with major ransomware groups to allow access to compromised enterprise networks for secondary attacks. According to NTT Group’s 2020 Global Threat…

Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal