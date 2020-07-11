Cyber Alert – 11 July 2020
|Heat – Trending Malware and Threat Actors
|Name
|Heat 1
|Heat 7
|Vol 1
|Vol 7
|Conti Ransomware
|14
|45
|Evilnum
|11
|53
|Evilnum Group
|7
|31
|Avaddon Ransomware
|5
|7
|Ryuk Ransomware
|6
|16
|Async RAT
|3
|3
|The Joker Malware
|3
|11
|Fxmsp
|6
|37
|Phorpiex Malware
|2
|2
|URSNIF
|3
|9
|Data Breaches
|Hacker Left Ransom Notes on 22,900 Exposed MongoDB Databases
|Cyware – Jul 10 2020 18:55
|NoSQL databases like MongoDB, that are widely used in online applications, are subject to several risks and can lead to a data breach if not configured properly. In June, the ZDNet security team found a hacker using an automated script to scan for…
|Hacker Groups
|Evilnum Group Targets Fintech Companies in Europe
|TSecurity.de – Jul 10 2020 13:23
Evilnum Group Targets Fintech Companies in Europe
|Evilnum, FIN6, and Cobalt Group share the same malware provider
|CERT-EU – Latest Articles Ongoing Threats – RSS – Jul 10 2020 10:33
|Security researchers at ESET have published a report detailing activities of the Evilnum APT, a group behind the eponymous malware, which has been targeting fintech companies since at least 2018. Over the years, the group’s toolset and infrastructure…
|New Fraud Ring “Bargain Bear” Brings Sophistication to Online Crime
|CERT-EU – Latest Articles Ongoing Threats – RSS – Jul 10 2020 09:24
|The ring tests the validity of stolen credentials to be used in fraud through an online marketplace. A new report out today says that online fraud is soaring in 2020. As an example, the report introduces the activity of a fraud ring in Russia that…
|Malware
|Threat spotlight: WastedLocker, customized ransomware
|Malwarebytes Unpacked – Jul 10 2020 18:10
|WastedLocker is a new ransomware operated by a malware exploitation gang commonly known as the Evil Corp gang. The same gang that is associated with Dridex and BitPaymer. The attribution is not based on the malware variants as WastedLocker…
|Expert Insight on Conti Ransomware Shows Signs of Being a Ryuk Successor
|Information Security Buzz – Jul 10 2020 09:53
|The Conti Ransomware is an upcoming threat targeting corporate networks with new features that allow it to perform quicker and more targeted attacks. There are also indications that this ransomware shares the same malware code as Ryuk, who…
|TrickBot Uses Screen Resolution as Anti-VM Checks to Evade Analysis
|Cyware – Jul 10 2020 18:55
|Originally started as a banking trojan, the infamous TrickBot malware has now evolved to perform a variety of malicious behavior. In several capabilities, Trickbot follows the evolution of modern threats via its modular and expandable tactics…
|Vulnerabilities
|Security Bulletin: Addressing the Sqlite Vulnerability CVE-2020-11656, CVE-2020-11655
|CERT-EU VulnerabilitiesApplications – Jul 11 2020 01:31
|Share this post: IBM Tivoli Composite Application Manager (ITCAM) for Transactions – Transaction Tracking has addressed the following SQLite vulnerability: Affected product(s) and affected version(s): IBM Product Security Vulnerabilities. See…
|Report: Most Popular Home Routers Have ‘Critical’ Flaws
|Threatpost.com – Jul 10 2020 13:25
|Common devices from Netgear, Linksys, D-Link and others contain serious security vulnerabilities that even updates don’t fix.
|Ongoing Campaigns
|POS Malware Leverages DNS for Secret Communications
|Cyware – Jul 10 2020 18:55
|Sophisticated threat actors often tend to hide their malicious communications via innovative techniques, in order to dodge the detection by security solutions. One such attempt was recently made by a Point of Sale (PoS)-targeting malware, that…
|Maze Ransomware Claims Attack on Xerox Corporation
|Cyware – Jul 10 2020 18:55
|Maze ransomware operators are busy updating their list of victims, by targeting a large number of organizations almost every day. Recently, they claimed to have added the Xerox Corporation to their victim list. Xerox inked with data leak incident Xerox…
