08 October 2020

This alert was created automatically by our award-winning intelligence product Silobreaker Online. Story selection is determined by an algorithm and based on a set of queries initially set by a Silobreaker user. Contact us here for more information.

Heat – Trending Malware and Threat Actors
Name Heat 1 Heat 7 Vol 1 Vol 7
Bahamut 8 8
EMOTET Trojan 36 128
Valak Malware 5 5
PoetRAT 5 14
Kraken Loader 4 8
Mirai Trojan 5 17
APT32 4 7
Fullz House 4 18
Urpage 3 3
QakBot 6 15
Data Breaches
New ‘HEH’ Botnet Targets Exposed Telnet ServicesDark Reading: – Oct 07 2020 21:30Latest threat is one in a growing list of malware developed in the Go programming language.
Dinosn – New ‘HEH’ Botnet Targets Exposed Telnet Services https://t.co/gpgPledLRFDinosn – Twitter – Oct 08 2020 07:25New 'HEH' Botnet Targets Exposed Telnet Services https://www.darkreading.com/vulnerabilities—threats/new-heh-botnet-targets-exposed-telnet-services/d/d-id/1339112
6 steps to building a strong breach response planCSO Magazine – Oct 07 2020 10:23No matter how secure your business, data breaches are an unfortunate fact of life. Whether an attack is the result of a determined cybercriminal, a disgruntled insider, or simple human error, you can limit the damage with a carefully crafted response…
cybersecboardrm – New ‘HEH’ Botnet Targets Exposed Telnet Services #Cybersecurity #security https://t.co/qmiunRRDbWcybersecboardrm – Twitter – Oct 07 2020 23:24New 'HEH' Botnet Targets Exposed Telnet Services #Cybersecurity #security https://www.darkreading.com/vulnerabilities—threats/new-heh-botnet-targets-exposed-telnet-services/d/d-id/1339112
Hacker Groups
Chat Digest – 🇮🇷 Bax 026 Of Iran 🇮🇷 2020/10/07 19:47 – 19:47 UTC“🇮🇷 Bax 026 Of Iran 🇮🇷” – Telegram – Oct 07 2020 19:47[19:47] :
OceanLotus hackers injecting malware in Windows error reportHackRead – Oct 07 2020 17:58By Waqas OceanLotus is a Vietnamese APT32 group previously known for targeting Android and Mac devices with malware. This is a post from HackRead.com Read the original post: …
Cyber-Espionage Group BAHAMUT Responsible for “Staggering” Number of AttacksInfosecurity – Latest News – Oct 07 2020 14:00Cyber-Espionage Group BAHAMUT Responsible for “Staggering” Number of Attacks Cyber-espionage group BAHAMUT is involved in a “staggering” number of highly-sophisticated attacks against government officials and major industries alongside…
Fullz House Group Grips Mobile NetworkIBM X-Force Exchange – Advisory Tag – RSS – Oct 07 2020 20:26Summary The cybercrime group Fullz House has infiltrated a wireless service provider to capture sensitive data. Malwarebytes provides the latest on this campaign. Threat Type Malware, Data Disclosure Overview A wireless service provider was infiltrated by…
Malware
Emotet Malware Named One Of Today’s Most Prevalent ThreatsInformation Security Buzz – Oct 07 2020 11:54The malware known as Emotet has emerged as “one of the most prevalent ongoing threats”, as it increasingly targets state and local governments and infects them with other malware, according to  the cybersecurity arm of the Department of Homeland…
malwrhunterteam – Both companies’ websites are still down. Looks more and more that SunCrypt actors aren’t joking…malwrhunterteam – Twitter – Oct 07 2020 09:01Both companies' websites are still down. Looks more and more that SunCrypt actors aren't joking…
CISA Warns of Emotet Trojan Targeting State, Local GovernmentsSecurity Week – Oct 07 2020 13:06The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns of an increase in attacks targeting state and local governments with the Emotet Trojan. Active for over a decade, Emotet is a Trojan mainly used to drop additional malware onto…
Vulnerabilities
Iranian Hackers Exploiting ‘Zerologon’ FlawBankInfoSecurity – Oct 07 2020 15:11Micorosoft Says Other Hackers Are Sending Fake…
CVEnew – CVE-2020-14355 Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE… https://t.co/GCqQ623JwGCVEnew – Twitter – Oct 07 2020 15:45CVE-2020-14355 Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws…
CVEnew – CVE-2020-3467 A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could a… https://t.co/qrlj58v6GiCVEnew – Twitter – Oct 08 2020 05:45CVE-2020-3467 A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to modify parts of the configuration on an affected device. The vulnerability is due to improper…
Secnewsbytes – Using a WordPress flaw to leverage zerologon vulnerability and attack companies’ Domain Controllers https://t.co/iOzF2usqPSSecnewsbytes – Twitter – Oct 08 2020 07:40Using a WordPress flaw to leverage zerologon vulnerability and attack companies' Domain Controllers https://seguranca-informatica.pt/using-a-wordpress-flaw-to-leverage-zerologon-vulnerability-and-attack-companies-domain-controllers/
Ongoing Campaigns
Fullz House Introduces Enhancements into Card Skimming AttacksCyware – Oct 07 2020 18:36Credit card skimming attacks have been continuously evolving for the past few years. Recently, a new hacking group has been observed targeting e-commerce websites using some enhanced variants of skimming attacks, which includes additional…
Novel “Kraken” Attacks Abuse the Windows Error Reporting ServiceTechNadu – Oct 07 2020 11:18An unidentified APT group is using spear phishing to launch file-less attacks on Windows systems. The method involves abusing the Windows Error Reporting service, leading to shellcode injection on target processes . The researchers who discovered the…
Kraken fileless attack technique abuses Microsoft Windows Error Reporting (WER)Security Affairs – Oct 07 2020 21:24An unidentified group of hackers is using a new fileless attack technique, dubbed Kraken, that abuses the Microsoft Windows Error Reporting (WER). Malwarebytes researchers Hossein Jazi and Jérôme Segura have documented a new fileless attack…
VISA Warns of POS Malware Campaigns in North AmericaHOTforSecurity – Oct 07 2020 15:51

Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal