Cyber Alert – 13 June 2020
|Heat – Trending Malware and Threat Actors
|Name
|Heat 1
|Heat 7
|Vol 1
|Vol 7
|SNAKE Ransomware
|11
|47
|ActionSpy
|7
|9
|IcedID Trojan
|5
|15
|Gamaredon Group
|4
|24
|Higaisa
|3
|12
|Sfile2
|2
|2
|Lion Ransomware
|2
|2
|Gootkit
|2
|3
|Tor2Mine
|2
|3
|DoppelPaymer Ransomware
|4
|14
|Data Breaches
|Hackers are quick to notice exposed Elasticsearch servers
|BleepingComputer.com – Jun 12 2020 07:27
|Bad guys find unprotected Elasticsearch servers exposed on the web faster than search engines can index them. A study found that threat actors are mainly going for cryptocurrency mining and credential theft. […]
|Hacker Groups
|Gamaredon group grows its game | WeLiveSecurity
|Reddit – BlueTeamSec – RSS – Jun 12 2020 11:27
|Treadstone71LLC – Tekide Unveiled APT34 (Muddywater OilRig) – The Cyber Shafarat – Treadstone 71 https://t.co/sAgbOXgfC8
|Treadstone71LLC – Twitter – Jun 12 2020 14:50
|Tekide Unveiled APT34 (Muddywater OilRig) – The Cyber Shafarat – Treadstone 71 https://cybershafarat.com/2019/07/22/tekide-unveiled/
|Gamaredon group targets Microsoft Outlook and Office, ESET researchers report
|PressReleasePoint – Jun 12 2020 21:01
|Bratislava , – ESET researchers have discovered new tools used by the Gamaredon group in their latest malicious campaigns. The first tool targets Microsoft Outlook using a custom Microsoft Outlook Visual Basic for Applications (VBA) project and…
|Secnewsbytes – attack-arsenal/adversary_emulation/APT29 at master · mitre-attack/attack-arsenal · GitHub https://t.co/VMzJt9SCvD
|Secnewsbytes – Twitter – Jun 12 2020 06:43
|attack-arsenal/adversary_emulation/APT29 at master · mitre-attack/attack-arsenal · GitHub https://github.com/mitre-attack/attack-arsenal/tree/master/adversary_emulation/APT29
|Malware
|Lion: Ransomware attack causing significant problems
|Office of Inadequate Security – Jun 12 2020 12:15
|Chris Keall reports: Lion confirms a cyber-attack first reported by the Herald on Monday is a ransomware attack –…
|Snake Ransomware Attack that targeted Honda has now targeted Enel Group
|IT Security Guru – Jun 12 2020 13:05
|European energy company giant Enel Group suffered a ransomware attack a few days ago that impacted its internal network. Detected on June 7, the incident is the work of EKANS (SNAKE) ransomware operators, the group that also targeted Honda earlier…
|Android ‘ActionSpy’ Malware Targets Turkic Minority Group
|MalwareTips.com – Jun 12 2020 16:25
|Researchers have discovered a new Android spyware, dubbed ActionSpy, targeting victims across Tibet, Turkey and Taiwan. The spyware is distributed either via…
|SCmagazineUK – The Enel Group was hit by a ransomware attack from EKANS (SNAKE) ransomware operators that affected its internal ne… https://t.co/tVYQ6Q2pur
|SCmagazineUK – Twitter – Jun 12 2020 14:00
|The Enel Group was hit by a ransomware attack from EKANS (SNAKE) ransomware operators that affected its internal network, according to reports.
http://ow.ly/6DOU30qPd1h
|Vulnerabilities
|CVEnew – CVE-2020-10732 A flaw was found in the Linux kernel’s implementation of Userspace core dumps. This flaw allows an a… https://t.co/dtfEB6l5WB
|CVEnew – Twitter – Jun 12 2020 14:45
|CVE-2020-10732 A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data….
|‘CallStranger’ Is Exactly the Type of Vulnerability ISPs Fear
|Security Bloggers Network – Jun 12 2020 14:08
|How We Discovered a Vulnerability in MapPress Pro (CVE-2020-12675)
|Security Bloggers Network – Jun 12 2020 13:00
|Alert Logic researchers recently discovered a new vulnerability (CVE-2020-12675) in the MapPress Pro plugin while investigating a previous patch. The post …
|CVE-2020-12852 (cells)
|CERT-EU VulnerabilitiesApplications – Jun 12 2020 14:53
|Current Description. The update feature for Pydio Cells 2.0.4 allows an administrator user to set a custom update URL and the public RSA key used to validate the downloaded update package. The update process involves downloading the updated binary…
|Ongoing Campaigns
|Just a Wink and Smile – the Avaddon Pathway to Doom
|Cyware – Jun 12 2020 19:01
|The new Avaddon ransomware has come alive in an enormous spam campaign targeting online users with emails containing a wink emoji. What is happening The Avaddon ransomware is being propagated via the Phorphiex/Trik botnet. The malspam messages try to…
|New Android Spyware ActionSpy Revealed via Phishing Attacks from Earth Empusa
|CERT-EU VulnerabilitiesApplications – Jun 12 2020 07:54
|, we identified an undocumented Android spyware we have named ActionSpy (detected by Trend Micro as AndroidOS_ActionSpy.HRX). During the first quarter of 2020, we observed Earth Empusa’s activity targeting users in Tibet and Turkey before they…
|CyberCrime – W/E – 6/12/20
|Tech-Wreck InfoSec Blog – Jun 12 2020 13:01
|Honda Production, Customer Service Operations Shut Down in Cyber Attack (06/10/2020) Honda confirmed that it has been hit with an attack that impacted some of its global production…
