08 March 2021

This alert was created automatically by our award-winning intelligence product Silobreaker Online. Story selection is determined by an algorithm and based on a set of queries initially set by a Silobreaker user. Contact us here for more information.

Heat – Trending Malware and Threat Actors
Name Heat 1 Heat 7 Vol 1 Vol 7
Sodinokibi Ransomware 5 21
Hafnium Group 8 139
UNC1878 2 4
GoldFinder 2 17
Sibot 2 19
Goldmax 2 20
Rampant Kitten 1 1
TwoFace Webshell 1 3
APT35 1 1
Gootloader 2 30
Data Breaches
Multiple Cisco products exposed to DoS attack due to a Snort issue hxxps://securityaffairs[.]co/wordpress/115341/security/cisco-products-dos-snort-issue.htmlSecurityblog – Twitter – Mar 07 2021 10:03Multiple Cisco products exposed to DoS attack due to a Snort issue hxxps://securityaffairs[.]co/wordpress/115341/security/cisco-products-dos-snort-issue.html
Multiple Cisco products exposed to DoS attack due to a Snort issueSecurity Affairs hxxps://securityaffairs[.]co/wordpress/115341/security/cisco-products-dos-snort-issue.htmlSecnewsbytes – Twitter – Mar 07 2021 08:07Multiple Cisco products exposed to DoS attack due to a Snort issueSecurity Affairs hxxps://securityaffairs[.]co/wordpress/115341/security/cisco-products-dos-snort-issue.html
Multiple #Cisco products exposed to #DoS attack due to a #Snort issue.
hxxps://securityaffairs[.]co/wordpress/115341/security/cisco-products-dos-snort-issue.html
#securityaffairs #hacking
securityaffairs – Twitter – Mar 07 2021 20:33Multiple #Cisco products exposed to #DoS attack due to a #Snort issue.
hxxps://securityaffairs[.]co/wordpress/115341/security/cisco-products-dos-snort-issue.html
#securityaffairs #hacking
Multiple #Cisco products exposed to #DoS attack due to a #Snort issue
hxxps://securityaffairs[.]co/wordpress/115341/security/cisco-products-dos-snort-issue.html
#securityaffairs #hacking
securityaffairs – Twitter – Mar 07 2021 10:06Multiple #Cisco products exposed to #DoS attack due to a #Snort issue
hxxps://securityaffairs[.]co/wordpress/115341/security/cisco-products-dos-snort-issue.html
#securityaffairs #hacking
Hacker Groups
KAMACITE ICS Threat Activity GroupIBM X-Force Exchange – Advisory Tag – RSS – Mar 08 2021 01:32Summary KAMACITE is an ICS threat activity group that obtains access to victim networks and enables other actors to carry out attacks. Dragos revealed their findings on this threat group in a recent blog post. Threat Type Malware Overview Dragos has…
Microsoft Exchange Cyberattack: Hafnium Email Hacking Timeline and Incident DetailsMSSP Alert – Mar 07 2021 15:50Microsoft Exchange Server cyberattack timeline covering patches, vulnerabilities, IOCs, HAFNIUM, Huntress, FireEye, Mandiant, Veloxity & more. The post …
US National Security Council Urges Review Of Exchange Servers In Wake Of Hafnium AttackSecurityPhresh – Mar 08 2021 04:45Dont just patch, check for p0wnage, says top natsec team The Biden administration has urged users of Microsofts Exchange mail and messaging server to ensure they have not fallen victim to the recently-detected Hafnium attack on Exchange Server…
HAFNIUM – Edited Files and File Left behind and other inquiriesReddit – Sysadmin – Mar 07 2021 14:57div class="md"> Hi all, I have been responding to about 10 compromised servers, and this is what I have found so far. There seems to be a pattern, where blocks of systems are hit at the same time, over the course of three hours. I…
Malware
Three New Malware Strains (GoldMax/SUNSHUTTLE, GoldFinder, Sibot) Linked to SolarWinds Hackers hxxps://www[.]securityweek[.]com/three-new-malware-strains-linked-solarwinds-hackersSecurityWeek – Twitter – Mar 07 2021 12:00Three New Malware Strains (GoldMax/SUNSHUTTLE, GoldFinder, Sibot) Linked to SolarWinds Hackers hxxps://www[.]securityweek[.]com/three-new-malware-strains-linked-solarwinds-hackers
REvil Ransomware gang uses DDoS attacks and voice calls to make pressure on the victimsSecurity Affairs – Mar 07 2021 09:48The REvil ransomware operators are using DDoS attacks and voice calls to journalists and victim’s business partners to force victims to pay the ransom. The …
RT @noottrak: Up to around 215 China Chopper shells on VT now using a few diff variations. Honestly much smaller than I was expecting after a week 💩JRoosen – Twitter – Mar 08 2021 04:51RT @noottrak: Up to around 215 China Chopper shells on VT now using a few diff variations. Honestly much smaller than I was expecting after a week 💩
JP: Consulting firm hit with ransomware; 350 households have info possibly leakedDataBreaches.net – Mar 07 2021 17:51Hokkaido Cultural Broadcasting reports that an unnamed consulting firm in Tokyo contracted by Asahikawa City as part of rebuilding a housing complex was compromised by ransomware, resulting in the compromise of personal information for about 350…
Vulnerabilities
More Than 20,000 US Organisations Compromised Through Microsoft Email FlawSecurityPhresh – Mar 07 2021 19:44Leaves channels for remote access spread far and wide.
CVE-2020-28466 This affects all versions of package hxxp://github[.]com/nats-io/nats-server/server. Untrusted accounts are able to crash the server using configs that represent a service export/import cycles. Disclaimer from the maintainers: Running a NATS servi… hxxps://cve[.]mitre[.]org/cgi-bin/cvename.cgi?name=CVE-2020-28466CVEnew – Twitter – Mar 07 2021 11:45CVE-2020-28466 This affects all versions of package hxxp://github[.]com/nats-io/nats-server/server. Untrusted accounts are able to crash the server using configs that represent a service export/import cycles. Disclaimer from the maintainers: Running…
“Detects whether the specified URL is vulnerable to the Exchange Server SSRF Vulnerability (CVE-2021-26855).”

hxxps://github[.]com/microsoft/CSS-Exchange/blob/main/Security/http-vuln-cve2021-26855.nsecircl_lu – Twitter – Mar 07 2021 10:45"Detects whether the specified URL is vulnerable to the Exchange Server SSRF Vulnerability (CVE-2021-26855)."

hxxps://github[.]com/microsoft/CSS-Exchange/blob/main/Security/http-vuln-cve2021-26855.nse

RT @cybersecmnl: Bug bounty hunter awarded $50,000 for a Microsoft account hijack flaw hxxps://cstu[.]io/d005be via @securityaffairs #Cybersecuritysecurityaffairs – Twitter – Mar 07 2021 21:40RT @cybersecmnl: Bug bounty hunter awarded $50,000 for a Microsoft account hijack flaw hxxps://cstu[.]io/d005be via @securityaffairs #Cybersecurity
Ongoing Campaigns
RT @campuscodi: Both the calling victims and the DDoS attacks part has been done by other gangs, so they’re just catching up with the trends.

They also said they plan to update the REvil code to target VMware ESXi instances (a-la Darkside and RansomExx) hxxps://twitter[.]com/campuscodi/status/1368579135086428163/photo/1gh0std4ncer – Twitter – Mar 07 2021 16:13RT @campuscodi: Both the calling victims and the DDoS attacks part has been done by other gangs, so they're just catching up with the trends.

They also said they plan to update the REvil code to target VMware ESXi instances (a-la Darkside and…

Phishing Attack Uses Fake Google reCAPTCHABankInfoSecurity – Mar 07 2021 10:10Zscaler Says it Prevented Over 2,500 Phishing…
Pandemic Unmasks Vulnerability to Automated Bot AttacksSecurity Bloggers Network – Mar 07 2021 15:26Change is the one constant in the business world. For most organizations, change often results from market shifts or disruptive technology. Make no mistake, however, the pandemic of 2020 has been a change catalyst. COVID-19 has accelerated digital…

Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.

Silobreaker Daily Cyber Alert

Sign up for the latest news on data breaches, hacker groups, malware and vulnerabilities.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal