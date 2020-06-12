Cyber Alert – 12 June 2020
|Heat – Trending Malware and Threat Actors
|Name
|Heat 1
|Heat 7
|Vol 1
|Vol 7
|Gamaredon Group
|20
|20
|Thanos Ransomware
|12
|14
|Trickbot Malware
|19
|39
|SNAKE Ransomware
|10
|37
|Mass Logger
|4
|6
|Hakbit Ransomware
|4
|7
|PhineasFisher
|3
|4
|FlowCloud RAT
|3
|8
|GuLoader
|4
|24
|APT28
|3
|6
|Data Breaches
|UK: Flaw in property inventory website exposed thousands of users’ home contents
|Office of Inadequate Security – Jun 11 2020 19:48
|James Walker reports on an incident, which while unfortunate, provides us with an example of prompt incident response and…
|Austrian Internet Service Provider “A1 Telekom” Breached by Hackers
|TechNadu – Jun 11 2020 13:18
|“A1 Telekom” has had an extensive and lengthy infiltration problem that took them six months to uproot. The ISP admitted the incident after an Austrian blogger published details provided to him by a whistleblower. The source claims that sensitive…
|Hacker Groups
|Tor2Mine is up to their old tricks — and adds a few new ones
|CERT-EU – Latest Articles Ongoing Threats – RSS – Jun 11 2020 19:49
|What’s new? Tor2Mine has traditionally been a cryptocurrency mining malware actor notorious for infecting victims with cryptominers that steal system resources to mine currency. In a new development, the Tor2Mine actors have incorporated additional…
|Gamaredon group grows its game
|WeLiveSecurity RSS – Jun 11 2020 09:30
|Active APT group adds cunning remote template injectors for Word and Excel documents; unique Outlook mass-mailing macro The post Gamaredon…
|Dark Basin, a hack-for-hire group that remained under the radar for 7 years
|Security Affairs – Jun 11 2020 14:10
|A hack-for-hire group tracked as Dark Basin targeted thousands of journalists, advocacy groups, and politicians worldwide over 7 years. Researchers from Citizen Lab uncovered the operations of a hack-for-hire group tracked as Dark Basin that…
|Gamaredon, a hacking group with a fixation on Ukraine, deploys new email compromise tools
|Cyberscoop – News – Jun 11 2020 19:53
|A Russian-speaking espionage group has been using new email hacking tools in a multi-month campaign intended to infiltrate unidentified government organizations, according to new research. The group, known as Gamaredon, has spent the last…
|Malware
|Power company Enel Group suffers Snake Ransomware attack
|BleepingComputer.com – Jun 11 2020 18:40
|European energy company giant Enel Group suffered a ransomware attack a few days ago that impacted its internal network. […]
|Ransomware: Hackers took just three days to find this fake industrial network and fill it with malware
|ZDNet Security – Jun 11 2020 14:02
|Researchers set up a tempting honeypot to monitor how cyber criminals would exploit it. Then it came under attack.
|2020-06-09 – Quick post: Valak infection with IcedID (Bokbot)
|Malware-Traffic-Analysis.net – Blog Entries – Jun 11 2020 23:15
|Vulnerabilities
|NA – CVE-2020-6090 – An exploitable code execution vulnerability…
|CERT-EU VulnerabilitiesApplications – Jun 11 2020 19:37
|An exploitable code execution vulnerability exists in the Web-Based Management (WBM) functionality of WAGO PFC 200 03.03.10(15). A specially crafted series of HTTP requests can cause code execution resulting in remote code execution. An attacker can…
|CallStranger UPnP Vulnerability Checker
|Exploit Files ≈ Packet Storm – Jun 11 2020 16:43
|The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger…
|UPnP Flaw Exposes Millions Of Network Devices
|SecurityPhresh – Jun 11 2020 16:31
|UPnP Flaw Exposes Millions Of Network Devices
|Ongoing Campaigns
|MAZE Attacks Victoria Beckham’s Advisory Firm
|Infosecurity – Latest News – Jun 11 2020 15:24
|MAZE Attacks Victoria Beckham's Advisory Firm The threat group MAZE claims to have carried out a cyber-attack on a mergers and acquisitions firm whose client list includes former Spice Girl and fashion designer Victoria Beckham. …
|Unsecured AWS S3 Buckets Infected With Skimmer Code
|Data Breach Today – Jun 11 2020 21:12
|3rd Party Risk Management , Cloud Security , Cybercrime as-a-service Analysts Find Fresh Magecart Code and Redirectors to Malvertising Campaign Ishita Chigilli Palli (Ishita_CP) • June 11, 2020 Cybercriminals are continuing to take advantage of…
|TA410 Targets US Energy Providers Using New FlowCloud RAT
|Cyware – Jun 11 2020 18:20
|A new wave of spear-phishing campaigns has been identified by Proofpoint researchers targeting US-based energy providers. The threat actor, tracked as TA410 , also tried to pose as another hacking group, namely TA429 (APT10). What happened TA410…
|Russia-linked Gamaredon hacker crew using Microsoft’s Visual Basic for Applications to pwn Microsoft’s Outlook
|The Register – Jun 11 2020 16:39
|From targeting Ukraine to random mailboxes: how the mighty have fallen Security researchers claim to have uncovered "several previously undocumented post-compromise tools" used by a Russia-linked APT to target Microsoft Office and Outlook through…
