15 October 2020

This alert was created automatically by our award-winning intelligence product Silobreaker Online. Story selection is determined by an algorithm and based on a set of queries initially set by a Silobreaker user. Contact us here for more information.

Heat – Trending Malware and Threat Actors
Name Heat 1 Heat 7 Vol 1 Vol 7
FIN11 43 45
FinSpy 42 44
Cobalt Dickens 9 12
LuminosityLink RAT 6 6
TA505 8 30
Trickbot Malware 28 248
Stuxnet 6 8
TA551 4 5
Mirai Trojan 5 9
RedDelta 3 3
Data Breaches
Barnes & Noble hit by cyberattack that exposed customer dataBleepingComputer.com – Oct 15 2020 03:25​U.S. Bookstore giant Barnes & Noble has disclosed that they were victims of a cyberattack that may have exposed customers' data. […]
Secnewsbytes – RT @rik_ferguson: Metasploit Shellcodes Attack Exposed Docker APIs https://t.co/ag2FZvhKGjSecnewsbytes – Twitter – Oct 14 2020 07:45RT @rik_ferguson: Metasploit Shellcodes Attack Exposed Docker APIs https://www.trendmicro.com/en_us/research/20/j/metasploit-shellcodes-attack-exposed-docker-apis.html#.X4W08vYwi24.twitter
Dinosn – Barnes & Noble hit by cyberattack that may have exposed customer data https://t.co/t5DMXkjxObDinosn – Twitter – Oct 15 2020 05:04Barnes & Noble hit by cyberattack that may have exposed customer data https://www.bleepingcomputer.com/news/security/barnes-and-noble-hit-by-cyberattack-that-may-have-exposed-customer-data/
BleepinComputer – Barnes & Noble hit by cyberattack that may have exposed customer data – @LawrenceAbrams
https://t.co/UvaFxNDKx4
BleepinComputer – Twitter – Oct 15 2020 03:25Barnes & Noble hit by cyberattack that may have exposed customer data – @LawrenceAbrams
https://www.bleepingcomputer.com/news/security/barnes-and-noble-hit-by-cyberattack-that-may-have-exposed-customer-data/
Hacker Groups
Silent Librarian APT right on schedule for 20/21 academic yearWebroot Threat – Oct 14 2020 20:31Userlevel 7 +51 October 14, 2020 By Threat Intelligence Team A threat actor known as Silent Librarian/TA407/COBALT DICKENS has been actively targeting universities via spear phishing campaigns since schools and universities went back. In mid-September,…
Chat Digest – Ghost Squad Hackers 2020/10/15 03:53 – 03:53 UTC“Ghost Squad Hackers” – Telegram – Oct 15 2020 03:53[03:53] : I’m Online now
admin wrote a new post, FIN11 uncovered: Hacking group promoted to financial cybercrime eliteDigitalMunition – Oct 14 2020 14:47Versatile threat actors are the first cybercrime gang to win the ‘FIN’ designation in three years Security researchers have identified a new, highly active financial cybercrime group. FIN11’s scope is broad: its targets include universities, government…
InfoSecHotSpot – More TA551 (Shathak) Word docs push IcedID (Bokbot), (Wed, Oct 14th) Introduction https://t.co/YNIL3yiEFd https://t.co/5fwbCEiD52InfoSecHotSpot – Twitter – Oct 14 2020 05:58More TA551 (Shathak) Word docs push IcedID (Bokbot), (Wed, Oct 14th) Introduction https://bit.ly/3nYPTvI https://twitter.com/InfoSecHotSpot/status/1316256937504321537/photo/1
Malware
virusbtn – Researchers at 360 have analysed the SolarSys malware framework that is mostly active in Brazil… https://t.co/tdQtEy9xRmvirusbtn – Twitter – Oct 14 2020 23:01Researchers at 360 have analysed the SolarSys malware framework that is mostly active in Brazil https://blog.360totalsecurity.com/en/secret-stealing-trojan-active-in-brazil-releases-the-new-framework-solarsys/…
German authorities raid FinFisher officesZDNet Security – Oct 14 2020 14:04Raids took place last week at 15 locations in Germany and at a connected company in Romania.
MalwareTechBlog – Had a feeling this would happen. Emotet often drops TrickBot, and a few month ago TrickBot was dropping Emotet. As… https://t.co/tvdyH8lGB5MalwareTechBlog – Twitter – Oct 14 2020 18:40Had a feeling this would happen. Emotet often drops TrickBot, and a few month ago TrickBot was dropping Emotet. As a result they are able to recover some old bots, as well as infect new systems via Emotet.
JRoosen – RT @MalwareTechBlog: Had a feeling this would happen. Emotet often drops TrickBot, and a few month ago TrickBot was dropping Emotet. As a r…JRoosen – Twitter – Oct 14 2020 21:23RT @MalwareTechBlog: Had a feeling this would happen. Emotet often drops TrickBot, and a few month ago TrickBot was dropping Emotet. As a result they are able to recover some old bots, as well as infect new systems via Emotet….
Vulnerabilities
SonicWall VPN Portal Critical Flaw (CVE-2020-5135)Security Bloggers Network – Oct 14 2020 09:12Vulnerability Description Tripwire VERT has identified a stack-based buffer overflow in SonicWall Network Security Appliance (NSA). The flaw can be triggered by an unauthenticated HTTP request involving a custom protocol handler. The vulnerability…
Secnewsbytes – SonicWall VPN Portal Critical Flaw (CVE-2020-5135) https://t.co/wxHGpnAf0hSecnewsbytes – Twitter – Oct 14 2020 11:01SonicWall VPN Portal Critical Flaw (CVE-2020-5135) https://www.tripwire.com/state-of-security/vert/sonicwall-vpn-portal-critical-flaw-cve-2020-5135/
Threat Brief: Microsoft Vulnerability CVE-2020-16898Unit 42 – Palo Alto Networks Blog – Oct 14 2020 19:45We suggest mitigation actions to protect against CVE-2020-16898, a vulnerability affecting multiple Windows versions that support IPv6 RDNSS. The post Threat Brief:…
daveaitel – RT @theori_io: Researchers at Theori have successfully confirmed the CVE-2020-16898 vulnerability, dubbed as Bad Neighbor, by demonstrating…daveaitel – Twitter – Oct 14 2020 19:43RT @theori_io: Researchers at Theori have successfully confirmed the CVE-2020-16898 vulnerability, dubbed as Bad Neighbor, by demonstrating a remote crash of Windows with BSOD. Be aware of those packets! We are working to craft an RCE exploit, though…
Ongoing Campaigns
FIN11 Spun Out From TA505 Umbrella as Distinct Attack GroupSecurity Week – Oct 14 2020 20:07FIN11 is a new designation for a financially motivated threat actor that may previously have been obscured within the activity set and group usually referred to as TA505. Although there are similarities and overlaps in the TTPs of both groups,…
Repeat victimisation: the threat of double extortion ransomware attacksIT Security Guru – Oct 14 2020 15:05Ransomware has already proven itself to be a powerfully profitable weapon in the cybercriminal arsenal. According to Emsisoft, in 2019, ransomware incidents could have had a combined cost of more than $7.5 billion (£5.65 billion). That’s just for…
Iranian APT group hits schools, universities in global spear phishing attacksHackRead – Oct 14 2020 21:52The APT group known as Silent Librarian has increased its spear phishing attacks as schools and universities are back. The IT security researchers at Malwarebytes and Peter Kruse from the CSIS Security Group have reported on an Iranian APT (advanced…
SecurityWeek – FIN11 Spun Out From TA505 Umbrella as Distinct Attack Group https://t.co/V3NLGNbFg7SecurityWeek – Twitter – Oct 15 2020 03:34FIN11 Spun Out From TA505 Umbrella as Distinct Attack Group https://www.securityweek.com/fin11-spun-out-ta505-umbrella-distinct-attack-group

Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal