12 May 2021

This alert was created automatically by our award-winning intelligence product Silobreaker Online. Story selection is determined by an algorithm and based on a set of queries initially set by a Silobreaker user. Contact us here for more information.

Heat – Trending Malware and Threat Actors
Name Heat 1 Heat 7 Vol 1 Vol 7
DarkSide Ransomware 50 123
DarkSide (Hacker) 25 70
Babuk Locker 23 35
XCodeGhost 7 17
Avaddon Ransomware 6 16
WannaCry Ransomware 3 7
Osiris Banking Trojan 2 2
Bloodhound Malware 2 2
Mailto Ransomware 2 3
Panda Stealer 2 23
Data Breaches
200K Veterans’ Medical Records Exposed, But Were They Also Exfiltrated?Office of Inadequate Security – May 11 2021 22:45Becky Bracken reports: A database filled with the medical records of nearly 200,000 U.S. military veterans was exposed…
Always read the warranty on security products that promise payments if breached.GossiTheDog – Twitter – May 11 2021 07:51Always read the warranty on security products that promise payments if breached.
PA Health Dept Sued; Investigation Looms, After Contact Tracing BreachOffice of Inadequate Security – May 11 2021 12:21Jessica Davis has the somewhat predictable follow-up to a recently reported breach involving Insight Global, a contact…
‘Groupe Reorev’ Breached by the ‘LV’ Ransomware ActorsSeclists.org – Data Loss – May 11 2021 15:11Posted by Destry Winant on May 11 hxxps://www[.]technadu[.]com/groupe-reorev-breached-lv-ransomware-actors/270239/ A new ransomware group known as “LV” claims to have stolen 400GB of sensitive data from Groupe Reorev. The actors have leaked out…
Hacker Groups
Dealing with DarkSideSecurity Boulevard – RSS – May 11 2021 20:15Brian Krebs recently reviewed more details about ‘DarkSide’ and this ransomware group’s role in shutting down the Colonial Pipeline. DarkSide is a group that packages and provides ransomware capabilities as a service. Other ransomware gangs and…
Incredible details keep trickling out about the Russian DarkSide hackersBGR – May 11 2021 23:49In the seemingly never-ending cascade of news headlines about hacks , data breaches and ransomware attacks like the one from this weekend executed by a Russian criminal gang against a major US fuel pipeline , the bad guys often appear as a kind of…
DarkSide hackers say they just want to make money following pipeline attackTechRadar.com – May 11 2021 10:21DarkSide promises to screen the targets in the future The DarkSide ransomware group responsible for in the US has issued a press release claiming that it’s not political and only wants to make money without causing problems for society[.]The DarkSide…
The DarkSide ransomware gang must be shitting itself right nowGraham Cluley – May 11 2021 12:58The disruption caused to the Colonial Pipeline on the east coast of the United States following a ransomware attack is understandably huge news, with President Joe Biden himself saying publicly that he is taking an active interest and is being…
Malware
Avaddon Ransomware Attacks on The RiseHeimdal Security Blog – May 11 2021 14:42The ransomware campaign in question is targeting organizations from an extensive array of sectors in the US and worldwide, with the FBI declaring in a TLP:GREEN flash alert published last week that Avaddon affiliates are trying to breach the…
Reminder that Darkside isn’t a single group. It’s ransomware-as-a-service – so you have the creators of the ransomware and its infrastructure, and then affiliates/partners who conduct attacks using the “rented” ransomware and then share portion of paid ransom w/ Darkside creatorsKimZetter – Twitter – May 11 2021 12:47Reminder that Darkside isn't a single group. It's ransomware-as-a-service – so you have the creators of the ransomware and its infrastructure, and then affiliates/partners who conduct attacks using the "rented" ransomware and then share portion of…
Alerts: Avaddon Ransomware Attacks IncreasingBankInfoSecurity – May 11 2021 19:40FBI and Australian Officials Describe the…
RT @KimZetter: Reminder that Darkside isn’t a single group. It’s ransomware-as-a-service – so you have the creators of the ransomware and its infrastructure, and then affiliates/partners who conduct attacks using the “rented” ransomware and then share portion of paid ransom w/ Darkside creatorsdaveaitel – Twitter – May 11 2021 12:56RT @KimZetter: Reminder that Darkside isn't a single group. It's ransomware-as-a-service – so you have the creators of the ransomware and its infrastructure, and then affiliates/partners who conduct attacks using the "rented" ransomware and then…
Vulnerabilities
CVE-2021-20313 A flaw was found in ImageMagick in versions before 7.0.11. A potential cipher leak when the calculate signatures in TransformSignature is possible. The highest threat from this vulnerability is to data confidentiality. hxxps://cve[.]mitre[.]org/cgi-bin/cvename.cgi?name=CVE-2021-20313CVEnew – Twitter – May 11 2021 23:45CVE-2021-20313 A flaw was found in ImageMagick in versions before 7.0.11. A potential cipher leak when the calculate signatures in TransformSignature is possible. The highest threat from this vulnerability is to data confidentiality….
CVE-2021-31205 Windows SMB Client Security Feature Bypass Vulnerability hxxps://cve[.]mitre[.]org/cgi-bin/cvename.cgi?name=CVE-2021-31205CVEnew – Twitter – May 11 2021 20:45CVE-2021-31205 Windows SMB Client Security Feature Bypass Vulnerability hxxps://cve[.]mitre[.]org/cgi-bin/cvename.cgi?name=CVE-2021-31205
CVE-2021-31172 Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from CVE-2021-26418, CVE-2021-28478. hxxps://cve[.]mitre[.]org/cgi-bin/cvename.cgi?name=CVE-2021-31172CVEnew – Twitter – May 11 2021 20:45CVE-2021-31172 Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from CVE-2021-26418, CVE-2021-28478. hxxps://cve[.]mitre[.]org/cgi-bin/cvename.cgi?name=CVE-2021-31172
CVE-2021-28478 Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from CVE-2021-26418, CVE-2021-31172. hxxps://cve[.]mitre[.]org/cgi-bin/cvename.cgi?name=CVE-2021-28478CVEnew – Twitter – May 11 2021 20:45CVE-2021-28478 Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from CVE-2021-26418, CVE-2021-31172. hxxps://cve[.]mitre[.]org/cgi-bin/cvename.cgi?name=CVE-2021-28478
Ongoing Campaigns
Roaming Mantis Evolving and Improvising its Smishing CampaignCyware – May 11 2021 20:28An ongoing smishing campaign by a Chinese-speaking group has been consistently targeting Android users in Asian countries using different mobile malware such as MoqHao, SpyAgent, and FakeSpy. The latest wave of this campaign has been targeting…
Sophisticated Cyber Group Designs Evasive ToolsetsCyware – May 11 2021 20:28Cybercriminals evolve and tailor their toolset to maintain a considerable stealth level and infiltrate high-profile target networks. One such operation, dubbed TunnelSnake, is an ongoing APT campaign that uses passive backdoor and some additional…
Critical Infrastructure Under AttackDDoS Attacks – May 11 2021 15:32Several recent cyber incidents targeting critical infrastructure prove that no open society is immune to attacks by cybercriminals. The recent shutdown of key US energy pipeline marks just the tip of the iceberg. Critical infrastructure is…
A Closer Look at the DarkSide Ransomware GangKrebs on Security – May 11 2021 16:37The FBI confirmed this week that a relatively new ransomware group known as…

Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.

Silobreaker Daily Cyber Alert

Sign up for the latest news on data breaches, hacker groups, malware and vulnerabilities.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal