14 October 2020

This alert was created automatically by our award-winning intelligence product Silobreaker Online. Story selection is determined by an algorithm and based on a set of queries initially set by a Silobreaker user. Contact us here for more information.

Heat – Trending Malware and Threat Actors
Name Heat 1 Heat 7 Vol 1 Vol 7
Trickbot Malware 50 225
BazarLoader 4 19
BazarBackdoor 4 22
Clop Ransomware 4 36
Mailto Ransomware 3 7
Lazarus Group 3 3
HALFBAKED backdoor 1 1
Fxmsp 1 1
Maze Ransomware 5 17
CloudAtlas Malware 1 1
Data Breaches
Oswego Health: Some patient data potentially exposedOffice of Inadequate Security – Oct 14 2020 00:11Ken Sturtz reports: Oswego Health has notified an unspecified number of patients about a potential leak of personal…
Marketing firm Friendemic exposed 2.7 million customer recordsSeclists.org – Data Loss – Oct 13 2020 15:05Posted by Destry Winant on Oct 13 https://www.hackread.com/marketing-firm-friendemic-customer-records-exposed/ Exposed data belonged to Friendemic and included full names, email addresses, and contact numbers of its customers. The dangers of…
rik_ferguson – Metasploit Shellcodes Attack Exposed Docker APIs https://t.co/ag2FZvhKGjrik_ferguson – Twitter – Oct 13 2020 14:08Metasploit Shellcodes Attack Exposed Docker APIs https://www.trendmicro.com/en_us/research/20/j/metasploit-shellcodes-attack-exposed-docker-apis.html#.X4W08vYwi24.twitter
Securityblog – RT @rik_ferguson: Metasploit Shellcodes Attack Exposed Docker APIs https://t.co/ag2FZvhKGjSecurityblog – Twitter – Oct 13 2020 18:19RT @rik_ferguson: Metasploit Shellcodes Attack Exposed Docker APIs https://www.trendmicro.com/en_us/research/20/j/metasploit-shellcodes-attack-exposed-docker-apis.html#.X4W08vYwi24.twitter
Hacker Groups
Palmerworm APT Group Targeting Victims in US and AsiaRed Sky Alliance – X-Industry – RSS – Oct 13 2020 14:36Palmerworm, an advanced…
peterkruse – Today Iranian APT Silent Librarian (aka Cobalt Dickens or TA407) is attacking Nanyang Technological University in S… https://t.co/bTROMzMJKppeterkruse – Twitter – Oct 13 2020 07:03Today Iranian APT Silent Librarian (aka Cobalt Dickens or TA407) is attacking Nanyang Technological University in Singapore:
http://www.dcsvridp.ntu.edu[.]http://sg.ttie.tk/idp/Authn/UserPassword/ @CSAsingapore @douglasmun…
More TA551 (Shathak) Word docs push IcedID (Bokbot), (Wed, Oct 14th)TSecurity.de – Oct 14 2020 02:41… https://isc.sans.edu/diary/rss/26674 Zur Startseite von Team IT Security
Malware
German tech giant Software AG hit by Clop ransomware attackSeclists.org – Data Loss – Oct 13 2020 15:05Posted by Destry Winant on Oct 13…
Cyber Security companies dismantle Trickbot ransomware botnetHackRead – Oct 13 2020 20:52Trickbot was discovered in 2016 as a banking trojan but with time it was updated to ransomware botnet. Microsoft, with the help of other cybersecurity and tech companies, has disrupted Trickbot , one of the most sophisticated and notorious malware…
VK_Intel – @JR0driguezB EmerDNS protocol employed BazarLoader malware (related group to the main TrickBot group) channel not f… https://t.co/U0ixX3nc7YVK_Intel – Twitter – Oct 13 2020 17:38@JR0driguezB EmerDNS protocol employed BazarLoader malware (related group to the main TrickBot group) channel not for the TrickBot malware proper to be technically precise.
gh0std4ncer – RT @VK_Intel: @JR0driguezB EmerDNS protocol employed BazarLoader malware (related group to the main TrickBot group) channel not for the Tri…gh0std4ncer – Twitter – Oct 14 2020 04:03RT @VK_Intel: @JR0driguezB EmerDNS protocol employed BazarLoader malware (related group to the main TrickBot group) channel not for the TrickBot malware proper to be technically precise.
Vulnerabilities
CVEnew – CVE-2020-17406 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Mi… https://t.co/w8p8iistBqCVEnew – Twitter – Oct 13 2020 18:45CVE-2020-17406 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microhard Bullet-LTE prior to v1.2.0-r1112. Authentication is required to exploit this vulnerability. The specific flaw exist……
CVEnew – CVE-2020-17407 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Mi… https://t.co/dBS9Fzyt9dCVEnew – Twitter – Oct 13 2020 18:45CVE-2020-17407 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microhard Bullet-LTE prior to v1.2.0-r1112. Authentication is not required to exploit this vulnerability. The specific flaw exists within…
Microsoft Patch Tuesday fixes 87 flaws, 11 criticalSC Magazine US – Oct 13 2020 21:44Microsoft today released 87 patches – 11 of them critical – and a slew of RCE vulnerabilities while Adobe released patches for Adobe Flash Player across multiple platforms today. This marks the first time since February that Microsoft patched fewer…
CVEnew – CVE-2020-17410 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo… https://t.co/FLb12t3CFECVEnew – Twitter – Oct 13 2020 18:45CVE-2020-17410 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page…
Ongoing Campaigns
InfoSecHotSpot – 25% of BEC Cybercriminals Based in the US While the US is known to be a prime target for BEC attacks, just how many… https://t.co/3CPupq8RETInfoSecHotSpot – Twitter – Oct 13 2020 23:2825% of BEC Cybercriminals Based in the US While the US is known to be a prime target for BEC attacks, just how many perpetrators are based there came as a surprise to researchers. https://bit.ly/34YN44U…
FONIX Ransomware: New Bad Boy in Town Looking for PartnersCyware – Oct 13 2020 18:36Fonix is a new RaaS (Ransomware-as-a-Service) being offered at several underground cybercriminals forums. Recently , the ransomware has been observed actively spreading and targeting Windows-based system users. Modus operandi The ransomware can spread…
25% of BEC Cybercriminals Based in the USDark Reading: – Oct 13 2020 18:10While the US is known to be a prime target for BEC attacks, just how many perpetrators are based there came as a surprise to researchers.
EduardKovacs – An attack involving the Ryuk ransomware required 29 hours from an email being sent to the target to full environmen… https://t.co/4WTGZ6KgszEduardKovacs – Twitter – Oct 13 2020 07:40An attack involving the Ryuk ransomware required 29 hours from an email being sent to the target to full environment compromise and the encryption of systems. https://www.securityweek.com/anatomy-ryuk-attack-29-hours-initial-email-full-compromise

Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal