Threat Reports

Cyber Alert – 08 July 2020

This alert was created automatically by our award-winning intelligence product Silobreaker Online. Story selection is determined by an algorithm and based on a set of queries initially set by a Silobreaker user. Contact productinfo[at]silobreaker[dot]com for more information.

Heat – Trending Malware and Threat Actors
Name Heat 1 Heat 7 Vol 1 Vol 7
Cerberus Malware 17 17
Ragnar Locker 16 23
Purple Fox Malware 6 7
Magecart Group 13 27
ThiefQuest 13 88
Fxmsp 7 11
DarkHotel Group 4 4
Trickbot Malware 11 45
SpartCrypt 3 3
Snatch Ransomware 3 3
Data Breaches
Exposed dating service databases leak sensitive info on romance-seekers
SC Magazine USJul 07 2020 22:44
A series of database misconfigurations publicly exposed the personal information and private messages of more than 100 million dating website and mobile app account holders. Independent VPN review site WizCase has reported finding six separate dating…
MongoDB is subject to continual attacks when exposed to the internet
Help Net Security – NewsJul 08 2020 03:30
On average, an exposed Mongo database is breached within 13 hours of being connected to the internet. The fastest breach recorded was carried out 9 minutes after the database was set up, according to Intruder. MongoDB is a general purpose,…
Providence Health Plan notifies members after documents exposed by business associate coding error
DataBreaches.netJul 07 2020 21:30
June turned out to be a busy month for breach reports involving health/medical data. My worksheet has more than 50 entries and I’m still adding reports as I find them. Today, I found one from Providence Health Plan in Oregon that I thought…
BrianHonan – via helpnetsecurity MongoDB is subject to continual attacks when exposed to the internet https://t.co/Kio0IV2KXg
BrianHonan – TwitterJul 08 2020 04:37
via helpnetsecurity MongoDB is subject to continual attacks when exposed to the internet https://bit.ly/31UMZiT
Hacker Groups
“Keeper” Magecart Group Infects 570 Sites
Reddit – BlueTeamSec – RSSJul 07 2020 14:33
submitted by /u/digicat [link] [comments]
DOJ indict Fxmsp hacker for selling access to hacked orgs, AV firms
CERT-EU – Latest Articles Ongoing Threats – RSSJul 08 2020 01:58
The US Department of Justice has indicted a hacker known as 'Fxmsp' for hacking into and selling access to over three hundred organizations worldwide. In an indictment unsealed today, the DOJ is charging a citizen of Kazakhstan named Andrey Turchin,…
Hidden Cobra Built Global Exfil Network For MageCart Scheme
SecurityPhreshJul 07 2020 15:46
Hidden Cobra Built Global Exfil Network For MageCart Scheme
North Korea’s Lazarus Threat Group Connected to Magecart Credit Card Theft
CERT-EU – Latest Articles Ongoing Threats – RSSJul 07 2020 19:28
Read the original article: North Korea’s Lazarus Threat Group Connected to Magecart Credit Card Theft Researchers working for the security firm Sansec released a report documenting previously undisclosed evidence that the Advanced Persistent Threat…
Malware
Mac ThiefQuest malware may not be ransomware after all
Malwarebytes Labs BlogJul 07 2020 17:20
Editor’s note: The original name for the malware, EvilQuest, has been changed due to a legitimate game of the same name from 2012. The new name, ThiefQuest, is also more fitting for our updated understanding of the malware. The …
DMBisson – Security researchers discovered a malware strain called “STRRAT” that shipped with the .CRIMSON ransomware module.… https://t.co/wTmB2bSRfg
DMBisson – TwitterJul 07 2020 10:50
Security researchers discovered a malware strain called “STRRAT” that shipped with the .CRIMSON ransomware module. Learn what else happened recently in the world of malware…
JRoosen – RT @campuscodi: NEW: SentinelOne has released a free decryptor for the ThiefQuest (EvilQuest) Mac ransomware

https://t.co/QOsnzCBIXb https…

JRoosen – TwitterJul 07 2020 21:25
RT @campuscodi: NEW: SentinelOne has released a free decryptor for the ThiefQuest (EvilQuest) Mac ransomware

https://www.zdnet.com/article/free-decryptor-available-for-thiefquest-ransomware-victims/…

KyleHanslovan – Notable that the main differences between StrongPity2 and StrongPity3 malware is their persistence strategy, migrat… https://t.co/8dzdmV0wS5
KyleHanslovan – TwitterJul 08 2020 01:16
Notable that the main differences between StrongPity2 and StrongPity3 malware is their persistence strategy, migration from libcurl to winhttp, and covert store location. #IIABDFI
Vulnerabilities
CVEnew – CVE-2020-15392 A user enumeration vulnerability flaw was found in Venki Supravizio BPM 10.1.2. This issue occurs du… https://t.co/00QAfqAram
CVEnew – TwitterJul 07 2020 14:45
CVE-2020-15392 A user enumeration vulnerability flaw was found in Venki Supravizio BPM 10.1.2. This issue occurs during password recovery, where a difference in error messages could allow an attacker to determine if a username is valid or not,…
Survey of 127 routers’ vulnerabilities: Remote workers warned over security flaws
SC Magazine UKJul 07 2020 16:01
1 hour ago Forty-six makes of router haven’t had a security update in a year leaving employees open to attack Employees working from home could be exposed to hacking attempts following the revelation that many home routers contain hundreds of…
CVEnew – CVE-2020-10745 A flaw was found in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4 in the way i… https://t.co/RB1TFXgFkS
CVEnew – TwitterJul 07 2020 14:45
CVE-2020-10745 A flaw was found in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4 in the way it processed NetBios over TCP/IP. This flaw allows a remote attacker could to cause the Samba server to consume excessive CPU use,…
Securityblog – RT @threatintelctr: 🚨 NEW: CVE-2020-10711 🚨 A NULL pointer dereference flaw was found in the Linux kernel’s SELinux subsystem in versions b…
Securityblog – TwitterJul 07 2020 08:47
RT @threatintelctr: 🚨 NEW: CVE-2020-10711 🚨 A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol'… (click for…
Ongoing Campaigns
Purple Fox Malware Targets Fresh Vulnerabilities
Bank Info SecurityJul 07 2020 19:22
Purple Fox Malware Targets More Vulnerabilities Proofpoint Says Gang Upgraded Exploit Kit Ishita Chigilli Palli (Ishita_CP) • July 7, 2020 (Photo: TweTwe via Pixabay/CC) The developers behind the Purple Fox fileless downloader malware recently upgraded…
Security Intelligence Blog
Trend MicroJul 08 2020 02:00
We have recently detected variants of two existing Linux botnet malware types targeting exposed Docker servers; these are XORDDoS malware and Kaiji DDoS malware. While the XORDDoS attack infiltrated the Docker server to infect all the containers…
Calendar Invitations Used to Launch Phishing Attacks
CywareJul 07 2020 06:54
With every day passing, threat actors are finding more and more innovative ways to deliver phishing emails to end-users. Recently, the Cofense Phishing Defense Center (PDC) spotted crooks using calendar invitations to mount phishing attacks. What…
Chinese-state-sponsored hackers spying on ethnic minorities worldwide
IT Security GuruJul 07 2020 14:05
Chinese-state sponsored hackers have been using Android spyware tools to target ethnic minority groups particularly Uighurs, Tibetans, and Muslims, across 15 countries which include Malaysia, Turkey, Indonesia and Kazakhstan. First discovered by…

Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.

More News

  • COVID-19 Alert – 03 August 2020

    Silobreaker's Daily COVID-19 Alert for 03 August 2020
  • Cyber Alert – 03 August 2020

    Cyber Alert: InfoSecHotSpot - 10 billion records exposed in unsecured databases, study says The databases contain personal information that could… https://t.co/LYBl2kpNgL...
  • COVID-19 Alert – 02 August 2020

    Silobreaker's Daily COVID-19 Alert for 02 August 2020
View all News

Request a demo

Get in touch