15 April 2021

This alert was created automatically by our award-winning intelligence product Silobreaker Online. Story selection is determined by an algorithm and based on a set of queries initially set by a Silobreaker user. Contact us here for more information.

Heat – Trending Malware and Threat Actors
Name Heat 1 Heat 7 Vol 1 Vol 7
EMOTET Trojan 10 29
Hafnium Group 9 20
Babuk Locker 6 15
NotPetya Ransomware 4 6
TA551 3 3
Lazarus Group 5 20
Clop Ransomware 6 11
TSCookie 3 10
BlackTech APT 3 10
GuLoader 2 3
Data Breaches
ParkMobile Breach Leaves 21M User Data ExposedHeimdal Security Blog – Apr 14 2021 14:19The account information of 21 million customers of ParkMobile, a very popular mobile parking app from North America, is now being sold online due to a data breach. The information includes customer email addresses, dates of birth, phone numbers,…
Facebook Will Not Notify More Than 530M Users Exposed In 2019 Breach hxxps://packetstormsecurity[.]com/news/view/32196 #newspacket_storm – Twitter – Apr 14 2021 16:54Facebook Will Not Notify More Than 530M Users Exposed In 2019 Breach hxxps://packetstormsecurity[.]com/news/view/32196 #news
Indian supply-chain giant Bizongo exposed 643GB of sensitive data hxxps://www[.]hackread[.]com/india-bizongo-supply-chain-exposed-data/Dinosn – Twitter – Apr 15 2021 05:59Indian supply-chain giant Bizongo exposed 643GB of sensitive data hxxps://www[.]hackread[.]com/india-bizongo-supply-chain-exposed-data/
Hacker Groups
Threat Actors Targeting Cybersecurity Researchers Original release date: April 14, 2021 Google and Microsoft recently published reports on advanced persistent threat (APT) actors targeting cybersecurity researchers. The APT actors are using fake social… hxxps://bit[.]ly/3aaecS7InfoSecHotSpot – Twitter – Apr 14 2021 19:11Threat Actors Targeting Cybersecurity Researchers Original release date: April 14, 2021 Google and Microsoft recently published reports on advanced persistent threat (APT) actors targeting cybersecurity researchers. The APT actors are using fake…
Sandworm, TEMP[.]Isotope, TEMP[.]Armageddon that have been observed targeting assets and organizations in Ukraine, how their mission focuses and capabilities differ, and the suspected intent of some of their notable incidents. 3/5FireEye – Twitter – Apr 14 2021 14:22Sandworm, TEMP[.]Isotope, TEMP[.]Armageddon that have been observed targeting assets and organizations in Ukraine, how their mission focuses and capabilities differ, and the suspected intent of some of their notable incidents. 3/5
FBI remotely hacks computers to remove Hafnium infectionsConsumer Affairs – Apr 14 2021 17:17Photo (c) Hirurg – In an effort to mitigate the threat of the Hafnium hack, the FBI has been cleared to use the hackers’ own tools to remotely delete infections on people’s computers. Last month, security researchers began sounding the alarm about a…
Malware
QBot Malware Is Making a Comeback by Replacing IcedID in Malspam CampaignsHeimdal Security Blog – Apr 14 2021 13:35In the first months of the year, researchers noticed a malicious email campaign spreading weaponized Office documents that was delivering QBot trojan, and changing the payload after a short while. Qbot, also known as “Qakbot” or “Pinkslipbot,” is…
What kind of things can happen when you got ransomware coded by skids? Read this thread.
Seriously, if Babuk’s affiliates would move and use a “product” that is not junk, it would be better for everyone…
malwrhunterteam – Twitter – Apr 14 2021 07:02What kind of things can happen when you got ransomware coded by skids? Read this thread.
Seriously, if Babuk's affiliates would move and use a "product" that is not junk, it would be better for everyone…
2021-04-14 – BazaLoader (BazarLoader) activityMalware-Traffic-Analysis.net – Blog Entries – Apr 14 2021 21:16
@malwrhunterteam Any ransomware that uses elliptic curves without saving some form of verification for the calculated shared secrets is bound to fuck up files eventually. It’s not just Babuk either. SunCrypt is guilty of the same thing.fwosar – Twitter – Apr 14 2021 12:06@malwrhunterteam Any ransomware that uses elliptic curves without saving some form of verification for the calculated shared secrets is bound to fuck up files eventually. It's not just Babuk either. SunCrypt is guilty of the same thing.
Vulnerabilities
CVE-2021-27248 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw ex… hxxps://cve[.]mitre[.]org/cgi-bin/cvename.cgi?name=CVE-2021-27248CVEnew – Twitter – Apr 14 2021 16:45CVE-2021-27248 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw…
CVE-2021-27249 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw ex… hxxps://cve[.]mitre[.]org/cgi-bin/cvename.cgi?name=CVE-2021-27249CVEnew – Twitter – Apr 14 2021 16:45CVE-2021-27249 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw…
CVE-2021-27246 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer A7 AC1750 1.0.15 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists wi… hxxps://cve[.]mitre[.]org/cgi-bin/cvename.cgi?name=CVE-2021-27246CVEnew – Twitter – Apr 14 2021 16:45CVE-2021-27246 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer A7 AC1750 1.0.15 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists…
Desktop Window Manager vulnerability CVE-2021-28310 exploited ITW Kaspersky experts believe CVE-2021-28310, a zero-day Microsoft Windows vulnerability, may already have been exploited in the wild. hxxps://bit[.]ly/3sgnWQN hxxps://twitter[.]com/InfoSecHotSpot/status/1382463957529726982/photo/1InfoSecHotSpot – Twitter – Apr 14 2021 22:41Desktop Window Manager vulnerability CVE-2021-28310 exploited ITW Kaspersky experts believe CVE-2021-28310, a zero-day Microsoft Windows vulnerability, may already have been exploited in the wild. hxxps://bit[.]ly/3sgnWQN…
Ongoing Campaigns
Threat Actors Targeting Cybersecurity ResearchersCISA Current Activity – Apr 14 2021 14:54Original release date: April 14, 2021 Google and …
Is it still possible to run malware in a browser using JavaScript and Rowhammer? Yes, yes it is (slowly)The Register – Apr 15 2021 00:33Firefox 'fully compromised' in 15 minutes via SMASH attack Boffins from Vrije Universiteit in Amsterdam and ETH in Zurich have bypassed memory chip defenses to execute a successful browser-based Rowhammer side-channel attack dubbed SMASH. Rowhammer…
New JavaScript Exploit Can Now Carry Out DDR4 Rowhammer AttacksMalwareTips.com – Apr 14 2021 16:33Academics from Vrije University in Amsterdam and ETH Zurich have published a new research paper describing yet another variation of the Rowhammer attack. Dubbed… Click to expand……
DDoS attacks increased by 20% in 2020, meaning everyone should consider themselves at risk There were more than 10 million DDoS attacks in 2020, driven by new attack vectors and new threat actors; most of the industries targeted were vital to life duri… hxxps://tek[.]io/32f0nNLInfoSecHotSpot – Twitter – Apr 14 2021 22:11DDoS attacks increased by 20% in 2020, meaning everyone should consider themselves at risk There were more than 10 million DDoS attacks in 2020, driven by new attack vectors and new threat actors; most of the industries targeted were vital to life…

Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.

Silobreaker Daily Cyber Alert

Sign up for the latest news on data breaches, hacker groups, malware and vulnerabilities.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal