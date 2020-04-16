Cyber Alert – 16 April 2020
|Heat – Trending Malware and Threat Actors
|Name
|Heat 1
|Heat 7
|Vol 1
|Vol 7
|Nemty Ransomware
|7
|8
|Ragnar Locker
|5
|9
|Lazarus Group
|4
|5
|Syrian Electronic Army
|2
|3
|Energetic Bear
|2
|5
|WannaCry Ransomware
|2
|6
|BlackShades Ransomware
|1
|1
|Hancitor
|1
|1
|Hidden Tear Ransomware
|1
|1
|FASTCash Trojan
|1
|2
|Data Breaches
|Data breach at San Francisco Airport
|IT Security Guru – Apr 15 2020 10:05
|San Francisco International Airport (SFO) has warned that a breach against two of its websites may have allowed attackers to harvest visiting users’ Windows login credentials. Malicious code was planted last month on two sites – SFOConnect.com and…
|1.1 Million Customer Records exposed in SCUF data breach
|IT Security Guru – Apr 15 2020 10:05
|SCUF data breach has taken place, exposing 1.1 million customer records including some credit card data. The breach was discovered by Comparitech, a pro-consumer website that is comprised of more than 30 researchers covering a variety of topics. One…
|Bitglass Security Spotlight: Data Breach Disclosed After the San Francisco International Airport is Targeted
|Security Bloggers Network – Apr 15 2020 12:00
|Businesses Skating on Thin Ice Using Third-Party Services
|Security Bloggers Network – Apr 15 2020 07:00
|Hacker Groups
|Russia-linked Energetic Bear APT behind San Francisco airport attacks
|Security Affairs – Apr 15 2020 09:04
|Security researchers from ESET revealed that the infamous Russian hacker group known as Energetic Bear is behind the hack of two San Francisco International Airport (SFO) websites. Researchers from ESET believe that the attacks against two …
|APT41 Using New Speculoos Backdoor to Target Organizations Globally
|MalwareTips.com – Apr 15 2020 12:57
|On March 25, 2020, FireEye published a research blog regarding a global attack campaign operated by an espionage motivated adversary group known as APT41. This attack campaign was thought to have operated between January 20 and March 11, specifically…
|TA505 hacking gang uses SDBbot RAT to attack European companies
|SC Magazine UK – Apr 15 2020 12:01
|47 minutes ago News by Rene Millman New campaign by TA505 hacking gang harvests Active Directory credentials to aid movement The TA505 cyber-crime group has remerged to carry out attacks, the latest campaign involves deploying the SDBbot remote-access…
|Is The Syrian Government Targeting Its People With COVID-19 Android Malware?
|Thomas Fox-Brewster – RSS – Apr 16 2020 03:50
|The Syrian Electronic Army is back and using COVID-19 as a lure for its Android spyware, a researcher finds.
|Malware
|New version of Hidden Tear (Death Hidden Tear) April 2020
|MalwareTips.com – Apr 15 2020 15:28
|Hi folks, We always want to keep you up to date with new public demos we put out. This one is for a new variant of Hidden Tear, which fixes a lot of the previous encryption vulnerabilities (so, kudos to the criminals reading this). Quick notes that…
|Nemty ransomware operation shuts down
|DataBreaches.net – Apr 15 2020 22:06
|Catalin Cimpanu reports: The operators of the Nemty ransomware have announced this week they were shutting down their service after ten months in operation, ZDNet has learned from a source in the infosec community. […] But in an update posted…
|Ryuk: How the ransomware that attacks businesses works
|MediaCenter Panda Security – Apr 15 2020 07:22
|Taxpayers Targeted With Improved NetWire RAT Variant
|Threatpost.com – Apr 15 2020 21:07
|Taxpayers are being targeted by a new NetWire RAT variant in a recent malspam campaign that makes use of an improved keylogger and an Excel 4.0 Macro.
|Vulnerabilities
|Microsoft Patch Tuesday Is Here, Fixing 19 Critical Vulnerabilities
|TechNadu – Apr 15 2020 08:56
|Microsoft April Tuesday Patch is bringing 115 fixes, 19 of which concern critical vulnerabilities. The latest patch covers a wide range of Windows applications and components, so updating is essential. If you’re still using Windows 7, you are already…
|VMWare patches two vulnerabilities in vRealize Log Insight, one critical
|SC Magazine US – Apr 15 2020 16:44
|Just two days after VMWare posted an CVSS 10.0- rated patch to VMware vCenter Server issued an advisory covering two additional vulnerabilities, this time in vRealize Log Insight (vRLI) version 8.0.0, 4.x.y. The vulnerabilities , CVE-2020-3953,…
|CVE-2020-2771, CVE-2020-2851, CVE-2020-2944 – Multiple vulnerabilities in Oracle Solaris
|Open Source Security – Apr 15 2020 15:20
|Posted by Marco Ivaldi on Apr 15 Hello, Please find attached 3 recent advisories for the following vulnerabilities, fixed in Oracle's Critical Patch Update (CPU) of April 2020: CVE-2020-2771. A difficult to exploit heap-based buffer overflow…
|Oracle’s April 2020 Critical Patch Update Brings 397 Security Fixes
|Security Week – Apr 15 2020 13:07
|Oracle this week released its April 2020 collection of security patches, which includes a total of 397 fixes for vulnerabilities affecting two dozen products. The software giant also revealed that 264 of the addressed vulnerabilities could be…
|Ongoing Campaigns
