Cyber Alert - 15 January 2021

15 January 2021

This alert was created automatically by our award-winning intelligence product Silobreaker Online. Story selection is determined by an algorithm and based on a set of queries initially set by a Silobreaker user. Contact us here for more information.

Heat – Trending Malware and Threat Actors

Name	Vol 1	Vol 7
Winnti Group	4	5
APT35	4	8
Remcos RAT	2	2
TA505	2	2
Conti Ransomware	3	10
FatDuke Malware	1	1
DoppelDridex	1	1
Higaisa	1	1
COOS Ransomware	1	1
Yalishanda	1	1

Data Breaches

United Nations security vulnerability exposedIT Governance Blog – Jan 14 2021 11:12Ethical hackers have discovered a security vulnerability at the United Nations, giving them access to more than 100,000 private employee records. The breach stems from exposed Git directories and credential files on domains associated with…

Secnewsbytes – RT @DataBreachToday: Vulnerable GitHub repository database exposed data for UN Environment Program
https://t.co/u8xbcEh8UU by @asokan_aksha…Secnewsbytes – Twitter – Jan 14 2021 09:52RT @DataBreachToday: Vulnerable GitHub repository database exposed data for UN Environment Program
https://bit.ly/3idMRkz by @asokan_akshaya

SecurityWeek – EU Court Opinion Leaves Facebook More Exposed Over Privacy https://t.co/vFGVH37JT3SecurityWeek – Twitter – Jan 14 2021 13:07EU Court Opinion Leaves Facebook More Exposed Over Privacy https://www.securityweek.com/eu-court-opinion-leaves-facebook-more-exposed-over-privacy

SecurityWeek – EU Court Opinion Leaves Facebook More Exposed Over Privacy https://t.co/vFGVH2Q91vSecurityWeek – Twitter – Jan 14 2021 09:47EU Court Opinion Leaves Facebook More Exposed Over Privacy https://www.securityweek.com/eu-court-opinion-leaves-facebook-more-exposed-over-privacy

Hacker Groups

DrunkBinary – CozyBear/APT29 Polyglot Duke Sample
cc216e41ad4291d0cc4c77d88c234f6d
078cfd29c9fa461247c0246f3a8a46af

CozyBear/APT… https://t.co/kw5gQPkCf7DrunkBinary – Twitter – Jan 14 2021 16:41CozyBear/APT29 Polyglot Duke Sample
cc216e41ad4291d0cc4c77d88c234f6d
078cfd29c9fa461247c0246f3a8a46af

CozyBear/APT29 FatDuke Sample
ffdadc7a09832c7ddf310a07ca65f816

CozyBear/APT29 Miniduke Sample
c8e6cab481e023001ef10dd278ff83c2

thegrugq – RT @780thC: An Iranian cyber-espionage group known as Charming Kitten (APT35 or Phosphorus) has used the recent winter holiday break to att…thegrugq – Twitter – Jan 14 2021 12:57RT @780thC: An Iranian cyber-espionage group known as Charming Kitten (APT35 or Phosphorus) has used the recent winter holiday break to attack targets from all over the world using a very sophisticated spear-phishing campaign….

New Analysis Puts Magecart Interconnectivity into FocusRiskIQ – RSS – Jan 14 2021 18:53RiskIQ's recent analysis of Magecart infrastructure has shown its massive scale and put its interconnectivity into focus. Our most recent research takes two email addresses evoking the name of one of the most prominent bulletproof hosting…

LouiseMensch – RT @780thC: An Iranian cyber-espionage group known as Charming Kitten (APT35 or Phosphorus) has used the recent winter holiday break to att…LouiseMensch – Twitter – Jan 14 2021 13:05RT @780thC: An Iranian cyber-espionage group known as Charming Kitten (APT35 or Phosphorus) has used the recent winter holiday break to attack targets from all over the world using a very sophisticated spear-phishing campaign….

Malware

How Conti Ransomware WorksBankInfoSecurity – Jan 14 2021 19:11Researchers Analyze the Severe Threat the Malware Poses Conti ransomware, which emerged eight months ago, poses a severe threat, according to Cybereason's Nocturnus Team, which offers an in-depth analysis of how the malware works.

How to Protect Against TrickBot?LIFARS Blog – Jan 14 2021 14:15Trickbot is a malware that started life as a relatively straightforward banking trojan. However, as with most malware, it has evolved over the years and can now be used to perpetrate various types of malware attacks. Because of its modular,…

InfoSecHotSpot – Maze Ransomware is Dead. Or is it? “It’s definitely dead,” says Tyler Moffitt, security analyst at Carbonite + Webr… https://t.co/1vhFSzse0iInfoSecHotSpot – Twitter – Jan 14 2021 07:28Maze Ransomware is Dead. Or is it? “It’s definitely dead,” says Tyler Moffitt, security analyst at Carbonite + Webroot, OpenText companies. “At least,” he amends, “for now.” Maze ransomware, which made our top 10 list for Nastiest Malware of 2020…

Capcom Says Personal Data of Thousands More Stolen in Ransomware AttackSecurityWeek RSS Feed – Jan 14 2021 13:19Video game giant Capcom this week revealed that thousands more people than initially believed had their personal information stolen in a ransomware attack in November 2020. …

Vulnerabilities

Vulnerability Management Has a Data ProblemDark Reading – All Stories – Jan 14 2021 15:00Security teams have an abundance of data, but most of it lacks the context necessary to improve remediation outcomes.

CVEnew – CVE-2020-29018 A format string vulnerability in FortiWeb 6.3.0 through 6.3.5 may allow an authenticated, remote att… https://t.co/OOctjiTKwcCVEnew – Twitter – Jan 14 2021 16:45CVE-2020-29018 A format string vulnerability in FortiWeb 6.3.0 through 6.3.5 may allow an authenticated, remote attacker to read the content of memory and retrieve sensitive data via the redir parameter….

cybersecboardrm – Cisco addresses a High-severity flaw in CMX Software #Cybersecurity #security https://t.co/a48vASeD4Ocybersecboardrm – Twitter – Jan 14 2021 13:24Cisco addresses a High-severity flaw in CMX Software #Cybersecurity #security https://securityaffairs.co/wordpress/113395/security/cisco-high-severity-flaw-cmx.html?utm_source=rss&utm_medium=rss&utm_campaign=cisco-high-severity-flaw-cmx

securityaffairs – #Cisco addresses a High-severity flaw in #CMX Software
https://t.co/0eJNgKaqY7
#securityaffairs #hackingsecurityaffairs – Twitter – Jan 14 2021 12:19#Cisco addresses a High-severity flaw in #CMX Software

Cisco addresses a High-severity flaw in CMX Software

#securityaffairs #hacking

Ongoing Campaigns

Iran-linked spies used Christmas as cover for spearphishing, researchers sayCyberscoop – News – Jan 14 2021 14:50A cyber-espionage group linked to the Iranian government timed a mobile phishing campaign with the Christmas holidays, using email and text messages to target individuals at think tanks, universities and elsewhere, according to …

Th: 3BB hackers dump customer data, Thai regulator seeks answers from businessesDataBreaches.net – Jan 14 2021 17:42It took a little time, but Thai news outlets or blogs are starting to headline some of the Thai hacks that previously were only being reported on DataBreaches.net. There have been new developments in the past 24 hours to note. Background On December…

Securityblog – RT @TrendMicroRSRCH: We provide a technical analysis of TeamTNT’s latest attack, which involves the group’s own IRC bot called TNTbotinger.…Securityblog – Twitter – Jan 14 2021 19:23RT @TrendMicroRSRCH: We provide a technical analysis of TeamTNT’s latest attack, which involves the group’s own IRC bot called TNTbotinger. Find out how this IRC bot is capable of DDoS attacks:

Secnewsbytes – RT @Silobreaker: “The cyber threat actors involved in these attacks used a variety of tactics and techniques—including phishing, brute forc…Secnewsbytes – Twitter – Jan 14 2021 14:41RT @Silobreaker: "The cyber threat actors involved in these attacks used a variety of tactics and techniques—including phishing, brute force login attempts, and possibly a 'pass-the-cookie' attack". Hackers demonstrating that MFA is not always…

Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.

15 January 2021

See Silobreaker in action.

Product

Download the App

Use-Cases

Contact

Partners

Company