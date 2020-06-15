Cyber Alert – 15 June 2020
|Heat – Trending Malware and Threat Actors
|LokiBot Trojan
|72
|75
|Osiris Banking Trojan
|2
|2
|Parallax RAT
|2
|4
|WannaCry Ransomware
|3
|17
|Quimera Ransomware
|1
|2
|KeyBoy malware
|1
|1
|Poison Carp
|1
|3
|Lion Ransomware
|1
|3
|Snake Malware
|1
|1
|TA410
|1
|3
|Data Breaches
|Hackers are quick to notice exposed Elasticsearch servers
|CERT-EU VulnerabilitiesApplications – Jun 15 2020 01:36
|Bad guys find unprotected Elasticsearch servers exposed on the web faster than search engines can index them. A study found that threat actors are mainly going for cryptocurrency mining and credential theft. For the duration of the experiment, a…
|cybersecboardrm – Old trick to ask to give evidence of what and how you discovered breach.
|cybersecboardrm – Twitter – Jun 14 2020 14:46
|Old trick to ask to give evidence of what and how you discovered breach.
|bry_campbell – Amazing, ‘legit’ companies are advertising on very illegal forums their warez for data leaks. https://t.co/YCBDIjMsze
|bry_campbell – Twitter – Jun 14 2020 17:09
|Amazing, 'legit' companies are advertising on very illegal forums their warez for data leaks. https://twitter.com/bry_campbell/status/1272214548775305217/photo/1
|Securityblog – RT @AuCyble: As expected #Netfilim #Ransomware operators publish data leak part 4-5 of MAS Holdings, South Asia’s largest manufacturer of l…
|Securityblog – Twitter – Jun 14 2020 21:16
|RT @AuCyble: As expected #Netfilim #Ransomware operators publish data leak part 4-5 of MAS Holdings, South Asia's largest manufacturer of lingerie!!
Data leak includes the company's bank reconciliation statements, debit & credit notes, Vat…
|Hacker Groups
|gh0std4ncer – RT @BushidoToken: Deep-dive: The DarkHotel APT
https://t.co/teZ65N4yq9 https://t.co/BYJ4v5VCXo
|gh0std4ncer – Twitter – Jun 14 2020 09:43
|RT @BushidoToken: Deep-dive: The DarkHotel APT
https://blog.bushidotoken.net/2020/06/deep-dive-darkhotel-apt.html https://twitter.com/BushidoToken/status/1272098586243850247/photo/1
|TalosSecurity – Cisco Talos has identified a resurgence of activity by Tor2Mine, a cryptocurrency mining group that was likely last… https://t.co/VD3Cl1o4lf
|TalosSecurity – Twitter – Jun 14 2020 14:30
|Cisco Talos has identified a resurgence of activity by Tor2Mine, a cryptocurrency mining group that was likely last active in 2018 http://cs.co/6013GyoxP https://twitter.com/TalosSecurity/status/1272174457075961857/photo/1
|CyberScoopNews – Federal officials have arrested another accused FIN7 hacker https://t.co/FSRVeZfnqq
|CyberScoopNews – Twitter – Jun 14 2020 12:28
|Federal officials have arrested another accused FIN7 hacker https://www.cyberscoop.com/fin7-hacking-arrest-financial/
|InfoSecHotSpot – New Android Spyware ActionSpy Revealed via Phishing Attacks from Earth Empusa While tracking Earth Empura, also kno… https://t.co/35cHDNQQu6
|InfoSecHotSpot – Twitter – Jun 14 2020 12:28
|New Android Spyware ActionSpy Revealed via Phishing Attacks from Earth Empusa While tracking Earth Empura, also known as POISON CARP/Evil Eye, we identified an undocumented Android spyware we have named ActionSpy (detected by Trend Micro as…
|Malware
|CloudEyE is an Italian company that sold binary crypters to Malware Gangs
|MalwareTips.com – Jun 14 2020 19:26
|Italian company CloudEyE is believed to have made more than $500,000 from selling its binary crypter to malware gangs. For the past four years, an Italian company has operated a seemingly legitimate website and business, offering to provide binary…
|Three years after WannaCry, what have we learned?
|Help Net Security – News – Jun 15 2020 05:00
|Three years ago, the WannaCry ransomware worm wreaked havoc on hundreds of thousands of organizations worldwide, ranging from hospitals that had to pause urgent operations to multinational delivery services that were forced to halt the…
|Ransomware
|MalwareTips.com – Jun 14 2020 06:50
|Hi, A week ago I turned on my laptop trying to access some of my files I found all the icons changed and every folder have a file DECRYPT_INSTRUCTION.txt saying my files are encrypted and I have to pay someone to send me a file to unencrypt my files…
|Thanos Ransomware: Ransomware Protections Bite the Dust
|Cyware – Jun 14 2020 19:02
|Thanos, a new Ransomware-as-a-Service (RaaS) tool, is gaining immense popularity in underground forums. What is going on Thanos has been discovered to be the sole ransomware family, to date, to use the researcher-disclosed RIPlace tactic . RIPlace is…
|Vulnerabilities
|iOS Flaws: The Project Zero Vulnerability Enumeration
|Security Bloggers Network – Jun 14 2020 19:00
|…
|CyberScoopNews – Zoom has partially fixed two new flaws, with other security hurdles ahead https://t.co/nJ38e8ynE1
|CyberScoopNews – Twitter – Jun 14 2020 13:28
|Zoom has partially fixed two new flaws, with other security hurdles ahead https://www.cyberscoop.com/zoom-flaws-cisco-talos-encryption/
|Black Kingdom ransomware hacks networks with Pulse VPN flaws
|MalwareTips.com – Jun 14 2020 05:43
|Operators of Black Kingdom ransomware are targeting enterprises with unpatched Pulse Secure VPN software or initial access on the network, security researchers have found. The malware got caught in a honeypot, allowing researchers to analyze and…
|[Bug 1846836] the CVE-2020-9484 affect jboss-webserver-5/webserver53-openjdk8-tomcat9-openshift-rhel7 image
|CERT-EU VulnerabilitiesApplications – Jun 15 2020 04:50
|Description of problem: Hello The CVE affect the Red Hat OpenShift Application Runtimes tomcat Now the RHSA aleardy release https://access.redhat.com/errata/RHSA-2020:2530 Our customer want to know when the…
|Ongoing Campaigns
