09 January 2021

This alert was created automatically by our award-winning intelligence product Silobreaker Online. Story selection is determined by an algorithm and based on a set of queries initially set by a Silobreaker user. Contact us here for more information.

Heat – Trending Malware and Threat Actors
Name Heat 1 Heat 7 Vol 1 Vol 7
ROKRAT Trojan 8 13
Ryuk Ransomware 14 37
TeamTNT 7 9
Egregor Ransomware 10 33
PYSA Ransomware 4 6
LokiBot Trojan 4 9
VandaTheGod 4 18
Wizard Spider 2 2
Black-T 2 3
APT41 2 2
Data Breaches
Dinosn – Sealed U.S. Court Records Exposed in SolarWinds Breach https://t.co/UETbvCGx3GDinosn – Twitter – Jan 08 2021 07:15Sealed U.S. Court Records Exposed in SolarWinds Breach http://feedproxy.google.com/~r/SecurityBloggersNetwork/~3/EynghrfRWDw/
Unsecured Git server exposed Nissan North AmericaSecurity Affairs – Jan 08 2021 16:13A misconfigured Git server is the root cause for the leak of source code of mobile apps and internal tools belonging to Nissan North America. A misconfigured Git server has caused the leak of the source code of mobile apps and internal software…
Nissan Source Code Compromised Online Due to Exposed Git ServerE Hacking News – Jan 08 2021 15:45Nissan's source code got compromised online after the company left an uncovered Git server secured with default access credentials. This leak was learned by a Swiss-based software engineer Tillie Kottmann who shared with ZDNet in an interview that…
Securityblog – RT @briankrebs: The SolarWinds hack may have exposed countless sealed documents stored with U.S. Courts system. The Administrative Office o…Securityblog – Twitter – Jan 08 2021 09:23RT @briankrebs: The SolarWinds hack may have exposed countless sealed documents stored with U.S. Courts system. The Administrative Office of the U.S. Courts won't comment on the extent of the breach, but sources say the agency was targeted w/…
Hacker Groups
Chat Digest – Ghost Squad Hackers 2021/01/08 20:47 – 20:47 UTC“Ghost Squad Hackers” – Telegram – Jan 08 2021 20:47[20:47] : [20:47] : [20:47] : FEDERAL REFUND hitting as hell rn🔥$200 bitcoin sauce 🌊 [20:47] : Msg Me @MRNikulin
Threat Intel Expansion on Cosmic Lynx BEC Campaign’s Recorded IoCsCircleID – Jan 09 2021 04:55Why go after individuals when you can get greater rewards by zooming in on more lucrative targets like large multinational corporations (MNCs)? That's the premise behind the Cosmic Lynx business email compromise (BEC) campaign that brought several…
daveaitel – There’s also a tendency to label actors as “good” or “wicked” but realistically today’s APT1 is tomorrows AV Lead Consultant.daveaitel – Twitter – Jan 08 2021 18:14There's also a tendency to label actors as "good" or "wicked" but realistically today's APT1 is tomorrows AV Lead Consultant.
virusbtn – Malwarebytes researcher @h2jazi, who spoke at VB localhost last year, looked at self-decoding VBA files as used by… https://t.co/vDwb2TfS4Ovirusbtn – Twitter – Jan 08 2021 13:35Malwarebytes researcher @h2jazi, who spoke at VB localhost last year, looked at self-decoding VBA files as used by the North Korea-linked APT37 group (Reaper, Group123) to deliver the RokRat malware…
Malware
“Oski Stealer” Is a Widely-Used Cheap Yet Powerful MalwareTechNadu – Jan 08 2021 10:03The “Oski Stealer” is getting more popular, as it’s a bargain for what it can do. The malware appears to be of Russian origin, and it’s mainly used by actors of the associated countries. Oski can steal sensitive information and credentials from over 60…
Emotet Tops Malware Charts in December After RebootInfosecurity – Latest News – Jan 08 2021 12:30Emotet Tops Malware Charts in December After Reboot The notorious Emotet Trojan is back at the top of the malware charts, having had a makeover designed to make it more effective at escaping detection. Check Point’s newly released…
FBI Warns Businesses of Egregor Ransomware AttacksSecurityWeek RSS Feed – Jan 08 2021 13:25Offered under a Ransomware-as-a-Service (RaaS) business model, the Egregor ransomware poses a great threat to businesses due to the use of double extortion, a recent private industry notification from the Federal Bureau of Investigation…
Malware variant becomes world’s most popular, thanks to ransomware surgeSC Magazine US – Jan 08 2021 21:44Ransomware actors are laundering hundreds of millions of dollars through pseudo-legitimate cryptocurrency exchanges, while early-stage malware that is often used to facilitate their attacks have become the most popular forms of malware in the world. A…
Vulnerabilities
Understanding and Exploiting Zerologon: A paper for beginners to understand Zerologon and how to go about exploiting the vulnerability.Reddit – Netsec – Jan 09 2021 03:09submitted by /u/Illustrious_Ad_4480 [link] [comments]
NVIDIA Ships Patches For High-Severity Security FlawsSecurityPhresh – Jan 08 2021 20:06NVIDIA this week announced the release of software updates for its GPU display drivers and vGPU software, with fixes for a total of 16 vulnerabilities.read more
Dinosn – Nvidia Warns Windows Gamers of High-Severity Graphics Driver Flaws https://t.co/wLfDaTnDM0Dinosn – Twitter – Jan 08 2021 07:16Nvidia Warns Windows Gamers of High-Severity Graphics Driver Flaws https://threatpost.com/nvidia-windows-gamers-graphics-driver-flaws/162857/
NVIDIA fixes high severity flaws affecting Windows, Linux devicesBleepingComputer.com – Jan 08 2021 13:11NVIDIA has released security updates to address six security vulnerabilities found in Windows and Linux GPU display drivers, as well as ten additional flaws affecting the NVIDIA Virtual GPU (vGPU) management software.  […]
Ongoing Campaigns
China-linked APT Groups Picking on Ransomware AttacksCyware – Jan 08 2021 19:24Recently, researchers from Profero and Security Joes released an investigation report on a set of financially-motivated ransomware incidents at multiple companies. The attacks occurred in 2020 and the hackers had managed to target at least five…
ALERT: North Korean hackers targeting South Korea with RokRat TrojanTHN : The Hacker News – Jan 08 2021 09:54A North Korean hacking group has been found deploying the RokRat Trojan in a new spear-phishing campaign targeting the South Korean government. Attributing the attack to APT37 (aka Starcruft, Ricochet Chollima, or Reaper), Malwarebytes said it…
Ryuk Ransomware: What Can We Learn From DCH Cyberattack?E Hacking News – Jan 08 2021 09:49Hackers have profited a lot from the Covid-19 pandemic by targeting health institutions, let us look back and learn from these attacks. For a very long time, cybercriminals have been attacking healthcare institutions, one fine example is the "DCH…
InfoSecHotSpot – Hackney Council stolen data published on dark web forum Pysa ransomware group has claimed the responsibility for th… https://t.co/FJZniZmWd3InfoSecHotSpot – Twitter – Jan 08 2021 17:58Hackney Council stolen data published on dark web forum Pysa ransomware group has claimed the responsibility for the cyber attack launched last year https://bit.ly/2LzhnsQ https://twitter.com/InfoSecHotSpot/status/1347603569197920260/photo/1

Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal