10 June 2021

This alert was created automatically by our award-winning intelligence product Silobreaker Online. Story selection is determined by an algorithm and based on a set of queries initially set by a Silobreaker user. Contact us here for more information.

Heat – Trending Malware and Threat Actors
Name Heat 1 Heat 7 Vol 1 Vol 7
PuzzleMaker 15 30
Prometheus Ransomware 12 15
Nefilim Ransomware 8 21
TA428 5 7
Siloscape 6 43
Ryuk Ransomware 6 14
Ragnar Locker 4 12
Ice Fog APT 3 3
Sodinokibi Ransomware 14 105
Exaggerated Lion 2 2
Data Breaches
26M Passwords Exposed in Botnet Data LeakBankInfoSecurity – Jun 10 2021 05:41Data Includes 1.5M Facebook Passwords, Valid Cookies Some 26 million passwords were exposed in a 1.2 terabyte batch of data found by NordLocker, a security company. It's workaday botnet data but highlights a hostile malware landscape, particularly for…
GitHub now scans for accidentally-exposed PyPI, RubyGems secretsBleepingComputer.com – Jun 09 2021 07:24GitHub has recently expanded its secrets scanning capabilities to repositories containing PyPI and RubyGems registry secrets. The move helps protect millions of applications built by Ruby and Python developers who may inadvertently be committing…
GitHub now scans for accidentally-exposed PyPI, RubyGems secrets hxxps://www[.]bleepingcomputer[.]com/news/security/github-now-scans-for-accidentally-exposed-pypi-rubygems-secrets/Securityblog – Twitter – Jun 09 2021 18:48GitHub now scans for accidentally-exposed PyPI, RubyGems secrets hxxps://www[.]bleepingcomputer[.]com/news/security/github-now-scans-for-accidentally-exposed-pypi-rubygems-secrets/
GitHub now scans for accidentally-exposed PyPI, RubyGems secrets – @Ax_Sharma
hxxps://www[.]bleepingcomputer[.]com/news/security/github-now-scans-for-accidentally-exposed-pypi-rubygems-secrets/
BleepinComputer – Twitter – Jun 09 2021 07:24GitHub now scans for accidentally-exposed PyPI, RubyGems secrets – @Ax_Sharma
hxxps://www[.]bleepingcomputer[.]com/news/security/github-now-scans-for-accidentally-exposed-pypi-rubygems-secrets/
Hacker Groups
one precision about my last post. I don’t say Icefog==TA428. I say and explain TA428 has replaced Icefog for ops against Russia and Central Asia.Sebdraven – Twitter – Jun 09 2021 11:14one precision about my last post. I don't say Icefog==TA428. I say and explain TA428 has replaced Icefog for ops against Russia and Central Asia.
PuzzleMaker & Google ChromeReddit – Sysadmin – Jun 09 2021 14:34div class="md"> Has anyone looked into the new threat actor named PuzzleMaker? It appears to exploit vulnerabilities in both Google Chrome and Windows OS. Microsoft has released patches for Windows but I have not seen anything new for Chrome. Is…
ASEAN companies still targeted by ALTDOS threat actorsDataBreaches.net – Jun 09 2021 21:26In December of 2020, DataBreaches[.]net reported on a threat actor (or actors) calling themself “ALTDOS” who had attacked a Thai securities trading firm, Country Group Securities (CGSEC) .  CGSEC wasn’t the only Thai entity they…
Kimsuky APT continues to target South Korean governmentSecurity Magazine – Jun 09 2021 13:59The Kimsuky APT—also known as Thallium, Black Banshee, and Velvet Chollima— continues to target the South Korean government, according to the Malwarebytes Threat Intelligence team, who is actively monitoring this actor and has been able to spot…
Malware
We spent the past four months following the activities of Prometheus, a new player in the ransomware world that uses similar malware and tactics to ransomware veteran Thanos. hxxps://bit[.]ly/3vekuI9 hxxps://twitter[.]com/Unit42_Intel/status/1402712864029298688/photo/1Unit42_Intel – Twitter – Jun 09 2021 19:43We spent the past four months following the activities of Prometheus, a new player in the ransomware world that uses similar malware and tactics to ransomware veteran Thanos. hxxps://bit[.]ly/3vekuI9…
RT @Unit42_Intel: We spent the past four months following the activities of Prometheus, a new player in the ransomware world that uses similar malware and tactics to ransomware veteran Thanos. hxxps://bit[.]ly/3vekuI9 hxxps://twitter[.]com/Unit42_Intel/status/1402712864029298688/photo/1Securityblog – Twitter – Jun 09 2021 20:18RT @Unit42_Intel: We spent the past four months following the activities of Prometheus, a new player in the ransomware world that uses similar malware and tactics to ransomware veteran Thanos. hxxps://bit[.]ly/3vekuI9…
BlackCocaine: Another New Golang Ransomware in PlayCyware – Jun 09 2021 20:28A new ransomware, dubbed BlackCocaine or EpsilonRed , written in Go language has been discovered. It has already targeted an India-based IT firm, Nucleus Software, that provides its services to the banking and financial services sector. The attack…
Vulnerabilities
Xen Security Advisory 375 v3 (CVE-2021-0089,CVE-2021-26313) – Speculative Code Store BypassOpen Source Security – Jun 09 2021 13:52Posted by Xen . org security team on Jun 09 Xen Security Advisory CVE-2021-0089,CVE-2021-26313 / XSA-375 version 3 Speculative Code Store Bypass UPDATES IN VERSION 3 ==================== Added additional CVE, as Intel and AMD allocated different…
Joomla Content System Vulnerable to Multiple FlawsCUInfoSecurity – Jun 09 2021 19:05Researchers Identify a Password Reset and XSS Vulnerability That Can Be Chained Security researchers have identified two vulnerabilities in the Joomla content management system that can be chained together for complete compromise of the network, a…
RT @errno_fail: Here is my article about CVE-2021-27094 and CVE-2021-28447 (two Windows ELAM security feature bypass vulnerabilities affecting measured boot, both were discovered by me).
Bonus: one registry corruption issue (affecting the SYSTEM hive) introduced by a fix.
hxxps://bi-zone[.]medium[.]com/measured-boot-and-malware-signatures-exploring-two-vulnerabilities-found-in-the-windows-loader-5a4fcc3c4b66
Gasgas4Ggyy – Twitter – Jun 09 2021 11:51RT @errno_fail: Here is my article about CVE-2021-27094 and CVE-2021-28447 (two Windows ELAM security feature bypass vulnerabilities affecting measured boot, both were discovered by me).
Bonus: one registry corruption issue (affecting the SYSTEM…
Ongoing Campaigns
Windows 10 Targeted by PuzzleMaker HackersHeimdal Security Blog – Jun 09 2021 13:25The zero-day attacks coordinated by PuzzleMaker were first seen in mid-April when the first victims’ networks were compromised. A remote code execution was used by the zero-day exploit chain, therefore, being able to execute vulnerabilities…
DarkSide RansomwareQualys Blog – RSS – Jun 09 2021 15:00DarkSide ransomware is a relatively new ransomware strain that threat actors have been using to target multiple large, high-revenue organizations resulting in the encryption and theft of sensitive data and threats to make it publicly available if…
Chinese APT SharpPanda Uses Unknown Backdoor for CyberespionageCyware – Jun 09 2021 08:28An ongoing cyberespionage campaign has been discovered that has been linked to the Chinese threat actor, SharpPanda. The attacker has been using a previously unknown backdoor for the campaign for the past three years. This campaign has been targeting…
APT Group Kimsuky Has New Attack Technique, Researchers SayBankInfoSecurity – Jun 09 2021 10:41South Korean Government Reportedly…

Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.

Silobreaker Daily Cyber Alert

Sign up for the latest news on data breaches, hacker groups, malware and vulnerabilities.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal