Cyber Alert – 14 April 2020
|Heat – Trending Malware and Threat Actors
|Name
|Heat 1
|Heat 7
|Vol 1
|Vol 7
|TEMP.Hermit
|2
|2
|Cobalt Group
|2
|3
|APT33
|2
|4
|MuddyWater Group
|2
|3
|APT37
|2
|4
|WannaCry Ransomware
|2
|3
|APT28
|2
|2
|Sodinokibi Ransomware
|3
|18
|Bad Rabbit Ransomware
|1
|1
|Leafminer
|1
|1
|Data Breaches
|Marriott Data Breach 2020: 5.2 Million Guest Records Were Stolen
|Security Bloggers Network – Apr 13 2020 20:53
|In mid-January 2020, Marriott International suffered a new data breach which affected around 5.2 million guests. The post …
|San Francisco International Airport reveals data breach on two websites
|Security Bloggers Network – Apr 13 2020 13:04
|The list of companies and…
|Potential data breaches make up 14% of Commonwealth incidents reported to ACSC
|ZDNet Security – Apr 14 2020 03:08
|ACSC responded to 427 cyber incidents against Commonwealth entities in 2019, with 65% of them being self-reported.
|Data Breach Report: RigUp Exposes More Than 70, 000 Private Files
|Seclists.org – Data Loss – Apr 13 2020 14:29
|Posted by Destry Winant on Apr 13…
|Hacker Groups
|APT41 Using New Speculoos Backdoor to Target Organizations Globally
|Unit 42 – Palo Alto Networks Blog – Apr 14 2020 00:45
|Unit 42 identifies and explores the payload, which we're naming Speculoos, that was installed onto a Citrix appliance by APT41. The post …
|How to make a stranger’s insecure 3D printer halt-and-catch-fire – plus more alerts from infosec world
|The Register – Apr 13 2020 16:09
|San Francisco Airport websites hacked, VMware patches emitted, etc Roundup We're one week further along, and we hope everyone is well out there. Time for another security roundup amid the coronavirus lockdown. 3D printing turns red hot In what was…
|Think Fast: Time Between Disclosure, Patch Release and Vulnerability Exploitation — Intelligence for Vulnerability Management, Part Two
|FireEye Blog – Apr 13 2020 12:11
|One of the critical strategic and tactical roles that cyber threat intelligence (CTI) plays is in the tracking, analysis, and prioritization of software vulnerabilities that could potentially put an organization’s data, employees and customers at…
|Malware
|How to Defend Your Network Against the Kwampirs Malware
|Security Bloggers Network – Apr 13 2020 16:55
|The Kwampirs malware is a “RAT”, or remote access Trojan, that has recently seen a spike in usage, particularly within the healthcare sector, although it has targeted a broad range of industries globally, including software,…
|Sodinokibi Ransomware crew chooses Monero for ransom payments
|Security Affairs – Apr 13 2020 07:45
|The crew behind the Sodinokibi Ransomware plans to stop accepting Bitcoin and switched on Monero cryptocurrency to hide the money trail. The gang behind the Sodinokibi Ransomware has started accepting the Monero cryptocurrency instead of Bitcoin to…
|2020-04-13 – Quick post: Pcaps for two Trickbot infections
|Malware-Traffic-Analysis.net – Blog Entries – Apr 14 2020 01:04
|2020-04-13 – Quick post: Qakbot (Qbot) spx95 infection
|Malware-Traffic-Analysis.net – Blog Entries – Apr 14 2020 01:03
|Vulnerabilities
|Ongoing Campaigns
|Dutch Police Shutter 15 DDoS ‘Booter’ Sites
|CUInfoSecurity – Apr 13 2020 17:18
|Cybercrime , Cybercrime as-a-service , DDoS Protection Also, 19-Year-Old Arrested in Connection With Attacking 2 Government Websites Ishita Chigilli Palli (Ishita_CP) • April 13, 2020 Dutch police have shut down 15 distributed denial-of-service booter…
|IT pros air their opinions on phishing employees
|IT Pro UK – Apr 13 2020 15:35
|There’s no denying that phishing attacks are on the rise. With upward of 2.9 billion email users worldwide and the sophistication of phishing attacks always improving, hackers will stop at nothing to lure in their prey. From elaborately cloned sites…
|WordPress sites using WooCommerce targeted by credit card skimmers
|SiliconANGLE – Apr 14 2020 02:27
|WordPress sites using the popular WooCommerce plugin are being targeted by credit card skimming code, the first time that Magecart-like attacks have been discovered targeting the content management system. Discovered by security researcher Ben Martin…
|Travelex Reportedly Paid $2.3 Million to Hackers after Sodinokibi Attack and Data Theft
|HOTforSecurity – Apr 13 2020 14:14
|…
