14 January 2021

This alert was created automatically by our award-winning intelligence product Silobreaker Online. Story selection is determined by an algorithm and based on a set of queries initially set by a Silobreaker user. Contact us here for more information.

Heat – Trending Malware and Threat Actors
Name Heat 1 Heat 7 Vol 1 Vol 7
SideWinder APT 4 4
Steelcorgi 4 5
UNC1945 4 5
MRAT Mobile Remote Access Trojan 3 5
APT35 3 4
VandaTheGod 5 23
The Shadow Brokers 3 6
Gaza Cybergang 2 2
Hancitor 2 5
Sunspot Malware 4 57
Data Breaches
DataBreachToday – Vulnerable GitHub repository database exposed data for UN Environment Program
https://t.co/u8xbcEh8UU by @asokan_akshaya
DataBreachToday – Twitter – Jan 13 2021 18:26Vulnerable GitHub repository database exposed data for UN Environment Program
https://bit.ly/3idMRkz by @asokan_akshaya
Secnewsbytes – RT @Securityblog: Social media accounts exposed by Data-Scrapers – IT Security Guru https://t.co/vwAWNFCEYCSecnewsbytes – Twitter – Jan 13 2021 08:55RT @Securityblog: Social media accounts exposed by Data-Scrapers – IT Security Guru https://www.itsecurityguru.org/2021/01/12/instagram-facebook-and-linkedin-accounts-exposed-by-chinese-data-scrapers/
COVID-19 Vaccine Documents, Personal Data LeakedData Breach Today – Jan 13 2021 21:07Information Stolen From European Medicines Agency Documents on COVID-19 vaccines and medications – including some containing personal information – that were stolen in a cyberattack last month on the European Medicines Agency have been leaked on the…
Capitol Breach: Cybersecurity Lessons to ApplyBankInfoSecurity – Jan 13 2021 18:41Brian Honan: Security Professionals Can Take…
Hacker Groups
Chat Digest – Ghost Squad Hackers 2021/01/13 16:35 – 16:35 UTC“Ghost Squad Hackers” – Telegram – Jan 13 2021 16:35[16:35] : HUNTINGTON BANK 🏦
Login+Password +IP+UserAgent + Email Access+Fingerprints +Cookies
virusbtn – Yoroi researchers analyse ‘Steelcorgi’, a mysterious and heavily protected Linux tool used by the UNC1945/TH-239 gr… https://t.co/ylRKkVcwkqvirusbtn – Twitter – Jan 13 2021 12:28Yoroi researchers analyse 'Steelcorgi', a mysterious and heavily protected Linux tool used by the UNC1945/TH-239 group https://yoroi.company/research/opening-steelcorgi-a-sophisticated-apt-swiss-army-knife/…
Securityblog – RT @virusbtn: Yoroi researchers analyse ‘Steelcorgi’, a mysterious and heavily protected Linux tool used by the UNC1945/TH-239 group https:…Securityblog – Twitter – Jan 13 2021 17:01RT @virusbtn: Yoroi researchers analyse 'Steelcorgi', a mysterious and heavily protected Linux tool used by the UNC1945/TH-239 group https://yoroi.company/research/opening-steelcorgi-a-sophisticated-apt-swiss-army-knife/…
gh0std4ncer – RT @virusbtn: Yoroi researchers analyse ‘Steelcorgi’, a mysterious and heavily protected Linux tool used by the UNC1945/TH-239 group https:…gh0std4ncer – Twitter – Jan 13 2021 13:59RT @virusbtn: Yoroi researchers analyse 'Steelcorgi', a mysterious and heavily protected Linux tool used by the UNC1945/TH-239 group https://yoroi.company/research/opening-steelcorgi-a-sophisticated-apt-swiss-army-knife/…
Malware
macOS malware; OSAMiner active since 2015; undetectedMalwareTips.com – Jan 13 2021 15:17For more than five years, macOS users have been the targets of a sneaky malware operation that used a clever trick to avoid detection and hijacked the hardware resources of infected users… Click to expand……
sans_isc – Hancitor is Back; Intel Anti Ransomware; Clouds Rain; SAP Patches
https://t.co/3sc7vFtUHa https://t.co/THydlswGtE
sans_isc – Twitter – Jan 14 2021 02:02Hancitor is Back; Intel Anti Ransomware; Clouds Rain; SAP Patches
https://i5c.us/p7328 https://twitter.com/sans_isc/status/1349537337353637889/photo/1
Fair ransomware removal assistance and guideMalwareTips.com – Jan 14 2021 06:16hai everyone, my server is infected by fair ransomware, need advise and guide to remove the ransomware and recover the infected file. Thanks in advance
InfoSecHotSpot – Cybersecurity: This malware is the biggest threat to your data Emotet remains a major threat to corporate computer… https://t.co/QDhYJxTt7RInfoSecHotSpot – Twitter – Jan 13 2021 13:58Cybersecurity: This malware is the biggest threat to your data Emotet remains a major threat to corporate computer networks entering 2021, warn researchers – and other threats including ransomware, trojans and cryptominers are also lurking out there….
Vulnerabilities
CVEnew – CVE-2021-1242 A vulnerability in Cisco Webex Teams could allow an unauthenticated, remote attacker to manipulate fi… https://t.co/pgtoFdJeA8CVEnew – Twitter – Jan 13 2021 22:46CVE-2021-1242 A vulnerability in Cisco Webex Teams could allow an unauthenticated, remote attacker to manipulate file names within the messaging interface. The vulnerability exists because the affected software mishandles character rendering. An…
CVEnew – CVE-2021-1144 A vulnerability in Cisco Connected Mobile Experiences (CMX) could allow a remote, authenticated attac… https://t.co/oPrBzBqHbkCVEnew – Twitter – Jan 13 2021 22:45CVE-2021-1144 A vulnerability in Cisco Connected Mobile Experiences (CMX) could allow a remote, authenticated attacker without administrative privileges to alter the password of any user on an affected system. The vulnerability is due to incorrect…
CVEnew – CVE-2021-1130 A vulnerability in the web-based management interface of Cisco DNA Center software could allow an aut… https://t.co/pE1Jc2gntQCVEnew – Twitter – Jan 13 2021 22:45CVE-2021-1130 A vulnerability in the web-based management interface of Cisco DNA Center software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. The…
CVEnew – CVE-2021-1236 Multiple Cisco products are affected by a vulnerability in the Snort application detection engine tha… https://t.co/Of7oT5s1CtCVEnew – Twitter – Jan 13 2021 22:46CVE-2021-1236 Multiple Cisco products are affected by a vulnerability in the Snort application detection engine that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. The vulnerability is due to…
Ongoing Campaigns
Lokibot Stealer Comes with Added Features to Hide Better While Attacking TargetsCyware – Jan 13 2021 13:24The Lokibot malware is used by cyberattackers primarly for stealing credentials from a compromised system. In a recent campaign, a new version of the malware has been found equipped with more misdirection and anti-analysis features. What happened?…
Egregor on an Attacking Spree Around the WorldCyware – Jan 13 2021 08:28Egregor ransomware has now compromised more than 150 victims since its first appearance in September 2020. The FBI recently released a security alert warning private sector firms about this ransomware. Quick info Egregor ransomware uses several…
Sunspot malware scoured servers for SolarWinds builds that it could weaponizeSC Magazine US – Jan 13 2021 23:35A malware program used in the SolarWinds supply-chain attack seeks out developers’ builds of the SolarWinds Orion IT management platform and then replace a source file with the Sunburst backdoor. (Stephen Foskett/CC BY-NC-SA 2.0) Forensic…
Maze Ransomware is Dead. Or is it?Webroot Threat Blog – Jan 13 2021 19:58“It’s definitely dead,” says Tyler Moffitt, security analyst at Carbonite + Webroot, OpenText companies. “At least,” he amends, “for now.” Maze ransomware, which made our top 10 list for …

Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal