12 January 2021

This alert was created automatically by our award-winning intelligence product Silobreaker Online. Story selection is determined by an algorithm and based on a set of queries initially set by a Silobreaker user. Contact us here for more information.

Heat – Trending Malware and Threat Actors
Name Heat 1 Heat 7 Vol 1 Vol 7
Kazuar Trojan 38 38
DarkSide Ransomware 15 15
Turla Spyware 14 14
Turla APT Group 13 13
Sunburst Backdoor 56 90
VandaTheGod 9 27
BumbleBee Web Shell 5 5
TA551 4 12
APT37 3 15
CosmicDuke 2 2
Data Breaches
Hacker reveals massive Parler data leak: ALL users’ messages, location info and even driver’s licenses may have been exposedSeclists.org – Data Loss – Jan 11 2021 15:45Posted by Destry Winant on Jan 11 https://www.rt.com/usa/512152-parler-hacker-data-leak/ Recently shutdown social media app Parler is at the center of a yet another controversy, after allegations surfaced that the totality of its users'…
SecurityWeek – United Nations Environment Programme Exposed 100,000 Employee Records https://t.co/RmQAcuCg0MSecurityWeek – Twitter – Jan 11 2021 15:10United Nations Environment Programme Exposed 100,000 Employee Records https://www.securityweek.com/united-nations-environment-programme-exposed-100000-employee-records
United Nations Environment Programme Exposed 100,000 Employee RecordsSecurityPhresh – Jan 11 2021 15:06Security researchers with Sakura Samurai identified exposed GitHub credentials on a United Nations Environment Programme (UNEP) subdomain, which allowed them to access a trove of data, including more than 100,000 employee records.read more
Secnewsbytes – Hacker reveals massive Parler data leak: ALL users’ messages, location info and even driver’s licenses may have bee… https://t.co/uzB95K4OVZSecnewsbytes – Twitter – Jan 11 2021 16:03Hacker reveals massive Parler data leak: ALL users’ messages, location info and even driver’s licenses may have been exposed — RT USA News https://www.rt.com/usa/512152-parler-hacker-data-leak/
Hacker Groups
Unit42_Intel – We are monitoring the email-based malware distribution campaign TA551, AKA Shathak. Read the latest information abo… https://t.co/UhFQFHFU2oUnit42_Intel – Twitter – Jan 11 2021 10:17We are monitoring the email-based malware distribution campaign TA551, AKA Shathak. Read the latest information about the malware this campaign is pushing. https://bit.ly/3bgceRo https://twitter.com/Unit42_Intel/status/1348574643016396801/photo/1
TA551 Hacker Group Pushes New Information Stealer Malware IcedIDGBHackers On Security – RSS – Jan 11 2021 16:28
What Are Advanced Persistent Threats? Should You Worry?TechNadu – Jan 11 2021 13:18An advanced persistent threat might very well be the definition of a cybersecurity nightmare. This is when a hacker (or group of hackers) gain access to your systems and then stick around as long as they like. The advanced persistent threat goes…
CISA Reports Advanced Persistent Threat in Compromised Cloud PlatformsExecutive Gov – Jan 11 2021 21:43CISA The Cybersecurity and Infrastructure Security Agency (CISA) has discovered the occurrence of an advanced persistent threat in cloud environments after the event of a system compromise. CISA said Friday that it detected an APT actor that accessed…
Malware
Researchers Find Links Between Sunburst and Russian Kazuar MalwareTHN : The Hacker News – Jan 11 2021 13:22Cybersecurity researchers, for the first time, may have found a potential connection between the backdoor used in the SolarWinds hack to a previously known malware strain. In new research published by Kaspersky researchers today, the cybersecurity…
security_wang – Researchers Find Links Between Sunburst and Russian Kazuar Malware https://t.co/A3p8uuvtNosecurity_wang – Twitter – Jan 11 2021 14:20Researchers Find Links Between Sunburst and Russian Kazuar Malware http://dlvr.it/RqLNkx
Dinosn – Researchers Find Links Between Sunburst and Russian Kazuar Malware https://t.co/sZ0Tkfgyu4Dinosn – Twitter – Jan 11 2021 14:32Researchers Find Links Between Sunburst and Russian Kazuar Malware http://feedproxy.google.com/~r/TheHackersNews/~3/svCQ65KUMLQ/researchers-find-links-between-sunburst.html
InfoSecHotSpot – Sunburst backdoor – code overlaps with Kazuar While looking at the Sunburst backdoor, we discovered several feature… https://t.co/U6Cyn5nTKOInfoSecHotSpot – Twitter – Jan 11 2021 14:58Sunburst backdoor – code overlaps with Kazuar While looking at the Sunburst backdoor, we discovered several features that overlap with a previously identified backdoor known as Kazuar. Our observations shows that Kazuar was used together with Turla…
Vulnerabilities
SecurityWeek – NVIDIA Patches High-Severity Vulnerabilities – https://t.co/9FNKdtKGG6SecurityWeek – Twitter – Jan 11 2021 17:48NVIDIA Patches High-Severity Vulnerabilities – https://www.securityweek.com/nvidia-ships-patches-high-severity-security-flaws
CVEnew – CVE-2020-17534 There exists a race condition between the deletion of the temporary file and the creation of the tem… https://t.co/qxodMd1t7MCVEnew – Twitter – Jan 11 2021 16:45CVE-2020-17534 There exists a race condition between the deletion of the temporary file and the creation of the temporary directory in `webkit` subproject of HTML/Java API version 1.7. A similar vulnerability has recently been disclosed in other…
Details about CVE-2020-26262, bypass of Coturn’s default access control protectionReddit – Netsec – Jan 11 2021 14:23submitted by /u/EnableSecurity [link]…
USN-4667-2: APT vulnerabilityUbuntu Security Notices – Jan 11 2021 17:42USN-4667-1 fixed a vulnerability in APT. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Kevin Backhouse discovered that APT incorrectly handled certain packages. A local attacker could possibly use this…
Ongoing Campaigns
Researchers see links between SolarWinds Sunburst malware and Russian Turla APT groupSC Magazine US – Jan 11 2021 23:35Researchers at Kaspersky said they found code similarities between the Sunburst malware deployed on SolarWinds Orion servers and known versions of Kazuar backdoors linked to the Russian APT group Turla . (Alexxsun/CC BY-SA 4.0) Researchers at Kaspersky…
From the frying pan into the fire: Thai business angers hackersDataBreaches.net – Jan 11 2021 13:31DataBreaches.net seems to be the only site willing to report on certain breaches in Thailand these days.  First it was the hack of  Country Group Securities (CGSEC) by hackers calling themselves ALTDOS. And now this week,  this site reported a second…
EduardKovacs – Researchers have found some similarities between the Sunburst malware used in the SolarWinds attack and Kazuar, a b… https://t.co/3Ulpb9zuNNEduardKovacs – Twitter – Jan 11 2021 14:52Researchers have found some similarities between the Sunburst malware used in the SolarWinds attack and Kazuar, a backdoor attributed to the Russia-linked cyber-espionage group Turla….
DarkSide decryptor unlocks systems without ransom payment – for nowSC Magazine US – Jan 11 2021 23:35Antivirus company BitDefender has released a decryptor for victims of the DarkSide ransomware gang. The decryptor was publicly posted on the BitDefender website Jan. 11 and is available for download to all. It can be used by current victims to unlock…

Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.

Silobreaker Daily Cyber Alert

Sign up for the latest news on data breaches, hacker groups, malware and vulnerabilities.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal