12 November 2020

This alert was created automatically by our award-winning intelligence product Silobreaker Online. Story selection is determined by an algorithm and based on a set of queries initially set by a Silobreaker user. Contact us here for more information.

Heat – Trending Malware and Threat Actors
Name Heat 1 Heat 7 Vol 1 Vol 7
Ragnar Locker 10 72
Wanna Scream Ransomware 4 4
IcedID Trojan 5 6
Ghimob 6 56
Pay2Key Ransomware 4 38
APT32 3 19
MedusaLocker 2 2
LockerGoga Ransomware 2 3
TriFive Backdoor 2 4
Snugy Backdoor 2 4
Data Breaches
Palo Alto Networks to acquire Expanse, which alerts clients to exposed digital assets are exposed, for $800 millionCyberscoop – News – Nov 11 2020 14:36Silicon Valley cybersecurity giant Palo Alto Networks plans to bolster its ability to protect customers by acquiring Expanse, a company with expertise in monitoring the internet for exposed assets that could be ripe for cyberattacks. The…
Exposed Blob Storage in Azure, (Thu, Nov 12th)SANS Internet Storm Center, InfoCON: green – Nov 12 2020 00:22With the headline "Improperly Configured AWS S3 Bucket Exposes 10 Million Hotel Guest Records" in this week's SANS NewsBites, I wanted to shed a…
CyberScoopNews – Palo Alto Networks to acquire Expanse, which alerts clients to exposed digital assets are exposed, for $800 million… https://t.co/8WuxDWfNA8CyberScoopNews – Twitter – Nov 11 2020 15:08Palo Alto Networks to acquire Expanse, which alerts clients to exposed digital assets are exposed, for $800 million https://hubs.ly/H0zHxLz0 by @jwarminsky
sans_isc – Exposed Blob Storage in Azure https://t.co/77JrohRQj5 https://t.co/L95s0BHytpsans_isc – Twitter – Nov 12 2020 00:22Exposed Blob Storage in Azure https://isc.sans.edu/diary/26784 https://twitter.com/sans_isc/status/1326681774831919106/photo/1
Hacker Groups
Cambodian Government Under APT32 Malware CampaignIBM X-Force Exchange – Advisory Tag – RSS – Nov 11 2020 15:51Summary A new malware campaign is being carried out by APT32 against the Cambodian government is reported by a Recorded Future's Insikt Group's paper. Threat Type Malware, RAT Overview Recorded Future's Insikt Group has published a whitepaper describing a…
virusbtn – Recorded Future researchers analysed a malware campaign by the Vietnam-linked APT32 (OceanLotus) group, targeting t… https://t.co/9rhLh02w0Vvirusbtn – Twitter – Nov 11 2020 09:03Recorded Future researchers analysed a malware campaign by the Vietnam-linked APT32 (OceanLotus) group, targeting the government in Cambodia https://www.recordedfuture.com/apt32-malware-campaign/…
RecordedFuture – Insikt Group identified new operational infrastructure that they attribute to the Vietnamese state-sponsored threat… https://t.co/H1nRaNsXV1RecordedFuture – Twitter – Nov 11 2020 20:00Insikt Group identified new operational infrastructure that they attribute to the Vietnamese state-sponsored threat activity group APT32, also known as OceanLotus: https://bit.ly/3nfbTB1 #Analysis #Cybersecurity
Phishing Campaign Tied to Trickbot GangDataBreachToday.eu – Nov 11 2020 20:39Area 1 Security: Emails Deliver Bazar Backdoor and Buer…
Malware
RegretLocker, new ransomware, can encrypt Windows virtual hard disksMalwarebytes Labs Blog – Nov 11 2020 20:20Cybersecurity researchers discovered a new ransomware last month called RegretLocker that, despite a no-frills package, can do serious damage to…
malwrhunterteam – Maybe interesting about Superior Tribunal de Justiça (STJ) RansomExx/Defray777 ransomware case: the Linux version o… https://t.co/DBhbljoC3Pmalwrhunterteam – Twitter – Nov 11 2020 16:04Maybe interesting about Superior Tribunal de Justiça (STJ) RansomExx/Defray777 ransomware case: the Linux version of the ransomware was seen in a TAR archive that has a "VMware-fdm-uninstall\.sh" file.
Question is if it used by the actors or just…
InfoSecHotSpot – Ragnar Locker Ransomware Gang Takes Out Facebook Ads in Key New Tactic Following a Nov. 3 ransomware attack against… https://t.co/IIQm0QXtBdInfoSecHotSpot – Twitter – Nov 12 2020 00:28Ragnar Locker Ransomware Gang Takes Out Facebook Ads in Key New Tactic Following a Nov. 3 ransomware attack against Campari, Ragnar Locker group took out public Facebook ads threatening to release stolen data. https://bit.ly/3eSkJlC…
ZDNet – New ‘Ghimob’ malware can spy on 153 Android mobile applications https://t.co/gBuRUGSdTOZDNet – Twitter – Nov 11 2020 10:45New 'Ghimob' malware can spy on 153 Android mobile applications…
Vulnerabilities
CVEnew – CVE-2020-17040 , aka ‘Windows Hyper-V Security Feature Bypass Vulnerability’. https://t.co/6kc6riDxg0CVEnew – Twitter – Nov 11 2020 07:45CVE-2020-17040 , aka 'Windows Hyper-V Security Feature Bypass Vulnerability'. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17040
CVEnew – CVE-2020-17020 , aka ‘Microsoft Word Security Feature Bypass Vulnerability’. https://t.co/cvtsSCpCowCVEnew – Twitter – Nov 11 2020 07:45CVE-2020-17020 , aka 'Microsoft Word Security Feature Bypass Vulnerability'. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17020
CVEnew – CVE-2020-17078 , aka ‘Raw Image Extension Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020… https://t.co/oOFgkHlAb3CVEnew – Twitter – Nov 11 2020 07:46CVE-2020-17078 , aka 'Raw Image Extension Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-17079, CVE-2020-17082, CVE-2020-17086. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17078
CVEnew – CVE-2020-17086 , aka ‘Raw Image Extension Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020… https://t.co/Duvs50Q05gCVEnew – Twitter – Nov 11 2020 07:46CVE-2020-17086 , aka 'Raw Image Extension Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-17078, CVE-2020-17079, CVE-2020-17082. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17086
Ongoing Campaigns
COVID-19-themed Phishing Campaigns Distributing King Engine RansomwareCyware – Nov 11 2020 18:36Cybercriminals have been taking advantage of the most crucial global health calamity of the century to launch COVID-19-themed phishing campaigns. The ransomware threat landscape for Q3 2020 has increased 50 percent from the first half of the year,…
xHunt Campaign Distributing Two New Powershell BackdoorsCyware – Nov 11 2020 18:36Recently, a threat actor has been seen updating its arsenal of tools with slightly new features and communication channels to avoid detection. Known as xHunt, the group has continued to attack Kuwaiti organizations by targeting Microsoft Exchange…
kaspersky – Ransomware has taken a turn. These days, the motive behind ransomware attacks isn’t just about encrypting data but… https://t.co/U9SrwMFCPAkaspersky – Twitter – Nov 11 2020 17:33Ransomware has taken a turn. These days, the motive behind ransomware attacks isn't just about encrypting data but also publishing that stolen data online.

See our description of the Ragnar Locker and Egregor ransomware groups ⬇️…

Encryption to Double Extortion: Ransomware’s Rapid EvolutionSecurity Bloggers Network – Nov 11 2020 15:46

Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.

Silobreaker Daily Cyber Alert

Sign up for the latest news on data breaches, hacker groups, malware and vulnerabilities.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal