10 May 2021

This alert was created automatically by our award-winning intelligence product Silobreaker Online. Story selection is determined by an algorithm and based on a set of queries initially set by a Silobreaker user. Contact us here for more information.

Heat – Trending Malware and Threat Actors
Name Heat 1 Heat 7 Vol 1 Vol 7
Netwire RAT 3 3
Revenge RAT 3 3
AgentTesla Keylogger 3 3
Async RAT 3 4
Moriya Rootkit 4 40
NotPetya Ransomware 3 7
APT41 2 2
APT3 2 2
Javali Trojan 2 13
DarkSide Ransomware 3 11
Data Breaches
Amazon Fake Reviews Scam Exposed in Data BreachE Hacking News – May 09 2021 14:43The identities of over 200,000 people who appear to be participating in Amazon fraudulent product review schemes have been exposed by an open database. There is an ongoing struggle between the e-commerce giant and shady traders all over the world who…
Research: 19 petabytes of data exposed across 29,000+ unprotected databases | CyberNews hxxps://cybernews[.]com/security/19-petabytes-of-data-exposed-worldwide/Secnewsbytes – Twitter – May 10 2021 06:29Research: 19 petabytes of data exposed across 29,000+ unprotected databases | CyberNews hxxps://cybernews[.]com/security/19-petabytes-of-data-exposed-worldwide/
19 petabytes of data exposed across 29,000+ unprotected databases
hxxps://securityaffairs[.]co/wordpress/117660/data-breach/data-exposed-unprotected-databases.html
#securityaffairs #hacking
securityaffairs – Twitter – May 09 2021 21:2319 petabytes of data exposed across 29,000+ unprotected databases
hxxps://securityaffairs[.]co/wordpress/117660/data-breach/data-exposed-unprotected-databases.html
#securityaffairs #hacking
RT @thegrugq: “US pipeline system shutdown after {exposed VPN system not patched, weak password RDP exposed on internet, employee runs malware emailed to them}” After gaining access, financially motivated threat actors disrupted systems to extort money. Cyber extortion is big criminal businessSecurityblog – Twitter – May 09 2021 08:32RT @thegrugq: “US pipeline system shutdown after {exposed VPN system not patched, weak password RDP exposed on internet, employee runs malware emailed to them}” After gaining access, financially motivated threat actors disrupted systems to extort…
Hacker Groups
‘Xing’ group, partner of Astro Team about to dump some data. hxxps://twitter[.]com/bry_campbell/status/1391384537771433985/photo/1bry_campbell – Twitter – May 09 2021 13:28'Xing' group, partner of Astro Team about to dump some data. hxxps://twitter[.]com/bry_campbell/status/1391384537771433985/photo/1
.@intrusion_truth group work has been added to our paper collection under the Threat Intel category: hxxps://cutt[.]ly/TgxZKFr, this is OSINT on APT3, APT41, etc.

More content coming soon.

P.S. Someone sent us old @SANSInstitute zines. Check it out (attached image) hxxps://twitter[.]com/vxunderground/status/1391401011290464262/photo/1vxunderground – Twitter – May 09 2021 14:33.@intrusion_truth group work has been added to our paper collection under the Threat Intel category: hxxps://cutt[.]ly/TgxZKFr, this is OSINT on APT3, APT41, etc.

More content coming soon.

P.S. Someone sent us old @SANSInstitute zines. Check it out…

RT @Treadstone71LLC: Hackers of Savior aka Spider Team hits Israeli targets hxxps://cybershafarat[.]com/2021/05/04/hackers-of-savior-aka-spider-team-hits-israeli-targets/Treadstone71LLC – Twitter – May 09 2021 21:44RT @Treadstone71LLC: Hackers of Savior aka Spider Team hits Israeli targets hxxps://cybershafarat[.]com/2021/05/04/hackers-of-savior-aka-spider-team-hits-israeli-targets/
RT @Treadstone71LLC: Gaza Cybergang hacks 3 sites hxxps://cybershafarat[.]com/2021/04/23/gaza-cybergang-hacks-3-sites/Treadstone71LLC – Twitter – May 09 2021 21:43RT @Treadstone71LLC: Gaza Cybergang hacks 3 sites hxxps://cybershafarat[.]com/2021/04/23/gaza-cybergang-hacks-3-sites/
Malware
RT @thinkpoison: Ryuk, Sodinokibi/REvil, Netwalker, Egregor, Maze, Darkside, Avaddon, etc – none of these ever broke into someone’s network. Malware or service-centric defense is a dead end for ransomware – think about the web of intrusion ops that underly them all (also, rip to my dead homies)Securityblog – Twitter – May 09 2021 15:50RT @thinkpoison: Ryuk, Sodinokibi/REvil, Netwalker, Egregor, Maze, Darkside, Avaddon, etc – none of these ever broke into someone's network. Malware or service-centric defense is a dead end for ransomware – think about the web of intrusion ops that…
Ransomware just got very real. And it’s likely to get worseZDNet Security – May 09 2021 22:00The threat of ransomware is not just to computer systems, but to the physical world, too.
CISA MAR report provides technical details of FiveHands RansomwareSecurity Affairs – May 09 2021 18:12U.S. CISA has published an analysis of the FiveHands ransomware, the same malware that was analyzed a few days ago by researchers from FireEye’s Mandiant experts. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published an…
Vulnerabilities
TsuNAME flaw exposes DNS servers to DDoS attacksSecurity Affairs – May 09 2021 07:58A flaw in some DNS resolvers, tracked as TsuNAME, can allow attackers to launch DDoS attacks against authoritative DNS servers. Researchers at SIDN Labs (the R&D team of the registry for .nl domains), InternetNZ (the registry for .nz domains),…
Top 12 Security Flaws Russian Spy Hackers Are Exploiting in the Wild hxxp://feedproxy[.]google[.]com/~r/TheHackersNews/~3/-JfcmQiD8Ak/top-11-security-flaws-russian-spy.htmlDinosn – Twitter – May 09 2021 20:15Top 12 Security Flaws Russian Spy Hackers Are Exploiting in the Wild hxxp://feedproxy[.]google[.]com/~r/TheHackersNews/~3/-JfcmQiD8Ak/top-11-security-flaws-russian-spy.html
RT @SecurityWeek: VMware Patches Critical Flaw Reported by Sanctioned Russian Security Firm hxxps://www[.]securityweek[.]com/vmware-patches-critical-flaw-reported-sanctioned-russian-security-firmSecurityWeek – Twitter – May 09 2021 12:53RT @SecurityWeek: VMware Patches Critical Flaw Reported by Sanctioned Russian Security Firm hxxps://www[.]securityweek[.]com/vmware-patches-critical-flaw-reported-sanctioned-russian-security-firm
New TsuNAME Flaw Could Let Attackers Take Down Authoritative DNS Servers #Cybersecurity #security hxxps://thehackernews[.]com/2021/05/new-tsuname-flaw-could-let-attackers.htmlcybersecboardrm – Twitter – May 09 2021 13:42New TsuNAME Flaw Could Let Attackers Take Down Authoritative DNS Servers #Cybersecurity #security hxxps://thehackernews[.]com/2021/05/new-tsuname-flaw-could-let-attackers.html
Ongoing Campaigns
An overview of Ousaban Banking Trojan Cyberespionage Campaign targeting only Brazil 🇧🇷
hxxps://www[.]welivesecurity[.]com/2021/05/05/ousaban-private-photo-collection-hidden-cabinet/ hxxps://twitter[.]com/Bank_Security/status/1391416670745501698/photo/1
Bank_Security – Twitter – May 09 2021 15:36An overview of Ousaban Banking Trojan Cyberespionage Campaign targeting only Brazil 🇧🇷
hxxps://www[.]welivesecurity[.]com/2021/05/05/ousaban-private-photo-collection-hidden-cabinet/…
Exploiting common URL redirection methods to create effective phishing attacksHelp Net Security – News – May 10 2021 04:30“Simple” can often be harder than “complex.” When thinking about the trickiest phishing campaigns and their components, URL redirection does not immediately come to mind as the part causing the trouble. However, URL forwarding is one method that…
RT @Bank_Security: An overview of Ousaban Banking Trojan Cyberespionage Campaign targeting only Brazil 🇧🇷
hxxps://www[.]welivesecurity[.]com/2021/05/05/ousaban-private-photo-collection-hidden-cabinet/ hxxps://twitter[.]com/Bank_Security/status/1391416670745501698/photo/1
securityaffairs – Twitter – May 09 2021 16:39RT @Bank_Security: An overview of Ousaban Banking Trojan Cyberespionage Campaign targeting only Brazil 🇧🇷
hxxps://www[.]welivesecurity[.]com/2021/05/05/ousaban-private-photo-collection-hidden-cabinet/…
New Tools for Addressing Supply Chain AttacksNightwatch Cybersecurity – RSS – May 09 2021 21:37In the recent codecov[.]io security incident, an attacker modified a shell script used by a common software development tool for code coverage. This modification did not take place at the…

Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.

Silobreaker Daily Cyber Alert

Sign up for the latest news on data breaches, hacker groups, malware and vulnerabilities.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal