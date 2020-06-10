Cyber Alert – 10 June 2020
|Heat – Trending Malware and Threat Actors
|Name
|Heat 1
|Heat 7
|Vol 1
|Vol 7
|SNAKE Ransomware
|16
|21
|Magecart Group
|14
|15
|LookBack Malware
|8
|8
|KingMiner Malware
|8
|8
|Ragnar Locker
|9
|14
|Stop Ransomware
|7
|20
|ZORAB Ransomware
|6
|13
|LockBit Ransomware
|6
|15
|Valak Malware
|6
|7
|WannaCry Ransomware
|9
|14
|Data Breaches
|What to do after a breach
|Security Bloggers Network – Jun 09 2020 06:47
|What to do after a breach peter-galvin Mon, 06/08/2020 – 23:47 Your organization has been breached. This is the kind of thing that keeps CIOs, CISOs and other data and security types up at night. But you’re not even sure you…
|thegrugq – Twitter – Jun 09 2020 05:58
https://t.co/fugnHJiiRn
|BrianHonan – Twitter – Jun 09 2020 14:00
https://www.verdict.co.uk/keepnet-labs-data-breach/
|Nintendo Says 300,000 Accounts Breached After Hack
|SecurityWeek RSS Feed – Jun 10 2020 01:57
|Japanese gaming giant Nintendo has admitted that hackers have breached 300,000 accounts since early April, gaining access to personal information such as birthdays and email addresses but not credit-card details. …
|Hacker Groups
|More on Higaisa Gh0st RAT Campaigns
|IBM X-Force Exchange – Advisory Tag – RSS – Jun 09 2020 13:10
|Summary A report from Prevailion’s Tailored Intelligence Team has published their findings on campaigns that have been linked to the APT group, Higaisa. Prevailion has dubbed the campaigns "The Gh0st Remains the Same". The payload in the campaigns was…
|TA410: The Group Behind LookBack Attacks Against U.S. Utilities Sector Returns with New Malware
|Reddit – BlueTeamSec – RSS – Jun 09 2020 13:30
|Web scammers are using the COVID-19 crisis to attack your customers with Magecart and other client-side exploits
|Security Boulevard – RSS – Jun 09 2020 14:08
|AnonymousVideo – Twitter – Jun 09 2020 09:58
|RT @gael_duval: The Anonymous Group loves /e/! https://twitter.com/AnonymousVideo/status/1269695421158428672
|Malware
|Honda factories taken offline following Snake ransomware attack
|SiliconANGLE – Jun 10 2020 02:58
|Carmaker Honda Motor Co. has been forced to halt production in some global factories following a successful cyberattack. The form of the attack, not detailed by Honda and described only as a virus is believed to involve Snake ransomware according to…
|2020-06-09 – Pcap and malware for an ISC diary (ZLoader)
|Malware-Traffic-Analysis.net – Blog Entries – Jun 10 2020 02:21
|“CloudEye” Aiding Crooks Spread Malware by Offering Its Crypter Solution
|TechNadu – Jun 09 2020 09:02
|An Italian “protection” software provider has been discovered to be the author of the GuLoader malware. Researchers have compared samples created with the company’s crypter, and they are matching the droppers used in malicious campaigns. The website of…
|virusbtn – Twitter – Jun 09 2020 10:43
|Check Point researchers analyse DarkEyE/CloudEyE, a malware cryptor closely linked to GuLoader https://research.checkpoint.com/2020/guloader-cloudeye/ https://twitter.com/virusbtn/status/1270305395840561153/photo/1
|Vulnerabilities
|NA – CVE-2020-1241 – A security feature bypass vulnerability exists…
|CERT-EU VulnerabilitiesApplications – Jun 10 2020 04:28
|A security feature bypass vulnerability exists when Windows Kernel fails to properly sanitize certain parameters.To exploit the vulnerability, a locally-authenticated attacker could attempt to run a specially crafted application on a targeted…
|EduardKovacs – Twitter – Jun 09 2020 14:01
|RT @SecurityWeek: CallStranger: UPnP Flaw Affecting Billions of Devices Allows Data Exfiltration, DDoS Attacks https://www.securityweek.com/callstranger-upnp-flaw-affecting-billions-devices-allows-data-exfiltration-ddos-attacks
|NA – CVE-2020-1229 – A security feature bypass vulnerability exists…
|CERT-EU VulnerabilitiesApplications – Jun 10 2020 04:28
|A security feature bypass vulnerability exists in Microsoft Outlook when Office fails to enforce security settings configured on a system, aka 'Microsoft Outlook Security Feature Bypass Vulnerability'. COMPANY. Security-Database help your corporation…
|CVEnew – Twitter – Jun 09 2020 13:45
|CVE-2020-10757 A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system….
|Ongoing Campaigns
|US Energy Utilities Targeted by FlowCloud Malware
|Data Breach Today – Jun 09 2020 17:20
|Critical Infrastructure Security , Cybercrime as-a-service , Cyberwarfare / Nation-State Attacks Proofpoint Analysts Find Connections Between New Trojan and Other Attacks Akshaya Asokan (asokan_akshaya) • June 9, 2020 In late 2019, several U.S. energy…
|Maze ransomware targets numerous high-profile organizations
|IT Pro UK – Jun 09 2020 12:40
|Maze ransomware is at it again. The infamous threat has recently been observed targeting the systems of US aerospace services provider VT San Antonio Aerospace (VT SAA). VT SAA recently disclosed that it suffered Maze ransomware attack, resulting in…
|Tycoon Ransomware Aims at Software and Education Sector
|Cyware – Jun 09 2020 07:06
|Since December 2019, a new strain of human-operated ransomware has been seen in sophisticated attacks, targeting small to mid-size enterprises in the software and education sector. What is this ransomware like? Named by the security researchers of…
|Ragnar Locker teams up with Maze; DopplePaymer, Zorab ransomware wreak havoc
|SC Magazine US – Jun 10 2020 04:28
|Shortly after the Maze ransomware gang teased that another threat actor would be joining its newly formed cybercrime cartel, the group has appeared to welcome the Ragnar Locker group into the fold. Maze announced a new victim on its data dump website…
