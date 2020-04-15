Cyber Alert – 15 April 2020
|Heat – Trending Malware and Threat Actors
|Name
|Heat 1
|Heat 7
|Vol 1
|Vol 7
|Ragnar Locker
|4
|4
|SDBbot RAT
|3
|3
|Energetic Bear
|3
|3
|AgentTesla Keylogger
|3
|9
|TA505
|3
|6
|EDA2 Ransomware
|2
|2
|Grandoreiro Malware
|2
|5
|Minebridge Malware
|1
|1
|APT1 Comment Crew
|1
|1
|SDBot
|1
|1
|Data Breaches
|Equifax settles Indiana case over massive data breach for $19.5 million
|DataBreaches.net – Apr 14 2020 21:53
|Nate Raymond reports: Equifax Inc will pay Indiana $19.5 million to resolve claims it failed to protect residents whose personal information was exposed in a data breach that affected 147 million people, the state’s attorney general said on Monday….
|You’re One Misconfiguration Away from a Cloud-Based Data Breach
|DataBreaches.net – Apr 14 2020 22:57
|Suresh Kasinathan writes: Not all instances of data exposure in the cloud are the product of malicious intentions from either internal or external actors. In its “2019 Data Breach Investigations Report” (DBIR), for instance, Verizon…
|Weekly Threat Briefing: New dark_nexus Botnet, Pegasus Spyware, SFO Airport Data Breach, and More
|ThreatStream Blog – Apr 14 2020 15:00
|The various threat intelligence stories in this iteration of the Weekly Threat Briefing discuss the following topics: APT, Botnet, Data breach, Malware, and Vulnerabilities. The IOCs related to these stories are attached to the…
|Businesses Skating on Thin Ice Using Third-Party Services
|Security Bloggers Network – Apr 15 2020 07:00
|Hacker Groups
|Chinese Hacking Group “APT41” Is Using a New Speculoos Backdoor
|TechNadu – Apr 14 2020 09:18
|APT41 is still exploiting CVE-2019-19781, but this time, they’re using a new Speculoos backdoor. The attackers have developed the new malware specifically for BSD systems used in certain organizations. The backdoor enables them to drop more payloads,…
|TA505 Crime Gang Deploys SDBbot for Corporate Network Takeover
|MalwareTips.com – Apr 14 2020 18:36
|The TA505 cybercrime group has ramped up its attacks lately, with a set of campaigns bent on spreading the persistent SDBbot remote-access trojan (RAT) laterally throughout an entire corporate environment, researchers said. SDBbot RAT is a custom job…
|China: From culture to conflict in the cyberspace
|lab52 Blog – RSS – Apr 14 2020 15:03
|Since in 2013 the US cybersecurity consultancy Mandiant published its famous report about APT1, showing its links with different agencies presumably associated with the Chinese government, the news about its actions in cyberspace has been…
|Russian state hackers behind San Francisco airport hack
|ZDNet Zero Day Blog – Apr 14 2020 13:46
|ESET says a Russian hacker group known as Energetic Bear (DragonFly) is behind a hack of two of the airport's websites.
|Malware
|2020-04-14 – Two infections for GuLoader with NetWire RAT
|Malware-Traffic-Analysis.net – Blog Entries – Apr 14 2020 23:13
|Spanish Bank Clients Now Face the “Grandoreiro” Malware Threat
|TechNadu – Apr 14 2020 13:03
|Hackers are manually overlaying banking login phishing pages on top of the real URLs. They are informed via a malware called “Grandoreiro” when the victim is visiting the targeted site. The malware can replace the Chrome shortcut with one that loads a…
|Ryuk: How the ransomware that attacks businesses works
|MediaCenter Panda Security – Apr 15 2020 07:22
|Sodinokibi Ransomware to stop taking Bitcoin to hide money trail
|Seclists.org – Data Loss – Apr 14 2020 14:28
|Vulnerabilities
|Microsoft addresses three Windows issues actively exploited
|Security Affairs – Apr 14 2020 23:02
|Microsoft Patch Tuesday security updates for April 2020 address 113 flaws, including three Windows issues that have been exploited in attacks in the wild. Microsoft Patch Tuesday security updates for April 2020 address 113 flaws, including two…
|Windows Vulnerabilities Exploited for Code Execution, Privilege Escalation
|SecurityWeek RSS Feed – Apr 14 2020 19:13
|Microsoft’s Update Tuesday patches for April 2020 address 113 vulnerabilities, including three Windows flaws that have been exploited in attacks for arbitrary code execution and privilege escalation. …
|Fingerprint-Exposing Flaw in OnePlus 7 Phone Highlights TEE Issues
|Security Week – Apr 14 2020 13:18
|OnePlus 7 Pro Vulnerability Highlights Trusted Execution Environment Issues OnePlus 7 Pro devices made by China-based smartphone manufacturer OnePlus Technology were affected by a vulnerability that could have been exploited to obtain users’…
|Ongoing Campaigns
