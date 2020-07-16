Silobreaker

Threat Reports

Cyber Alert – 16 July 2020

Heat – Trending Malware and Threat Actors
Name Heat 1 Heat 7 Vol 1 Vol 7
APT34 13 16
Grandoreiro Malware 10 13
Guildma Trojan 9 12
Melcoz 9 18
Javali Trojan 9 19
GoldenHelper 6 16
Stuxnet 8 12
EMOTET Trojan 6 14
WannaCry Ransomware 5 10
Gaza Cybergang 3 6
Data Breaches
Digital Shadows launches validation for exposed credentials alerting, enabling organizations to find out instantly if breached login details are a current risk
Security Bloggers NetworkJul 15 2020 13:51
New service leverages database of 15 billion breached credentials to remove the time spent triaging invalid or duplicate entries London and San Francisco, July 15, 2020 – Digital Shadows, the leader in digital risk protection, has today…
UK: South East Coast Ambulance employee personal and medical details exposed
DataBreaches.netJul 15 2020 11:53
Charlie Harman reports: The South East Coast Ambulance Service has experienced a massive data breach and has referred itself to a privacy watchdog. In May, the personal and medical details of all ambulance staff could have been seen by employees…
No-Log VPNs Exposed Users’ Logs and Personal Details for All to See
Office of Inadequate SecurityJul 15 2020 15:43
Ugh.  vpnMentor reports: A group of free VPN (virtual private network) apps left their server completely open and…
Hacker Groups
Exclusive, Ghost Squad Hackers defaced European Space Agency (ESA) site
CERT-EU – Latest Articles Ongoing Threats – RSSJul 15 2020 13:44
Read the original article: Exclusive, Ghost Squad Hackers defaced European Space Agency (ESA) site A group of hacktivists that goes online with the name Ghost Squad Hackers has defaced a site of the European Space Agency (ESA). A group of hackers…
Dinosn – Ghost Squad Hackers defaced European Space Agency (ESA) site https://t.co/JZt9i4qiqs
Dinosn – TwitterJul 15 2020 18:57
Ghost Squad Hackers defaced European Space Agency (ESA) site https://securityaffairs.co/wordpress/105918/hacktivism/european-space-agency-esa-site-defacement.html
CIA behind APT34 and FSB hacks and data dumps
Hacker NewsJul 15 2020 13:51
ZDNet – Report: CIA behind APT34 and FSB hacks and data dumps https://t.co/yEh6UkdaBd
ZDNet – TwitterJul 15 2020 17:15
Report: CIA behind APT34 and FSB hacks and data dumps…
Malware
GoldenHelper, a new malware delivered via Chinese tax software
Security AffairsJul 15 2020 11:32
Security researchers discovered another malware family delivered through tax software that some businesses operating in China are required to install. Security researchers at Trustwave have discovered another malware family delivered through tax…
malwrhunterteam – Signed Nefilim Go ransomware sample with only one detection on VT: c2b9f3b84e3e990e2c225e05ea65e7a3aaaf5a688864d0ee… https://t.co/KzuJBINWtF
malwrhunterteam – TwitterJul 15 2020 10:16
Signed Nefilim Go ransomware sample with only one detection on VT: c2b9f3b84e3e990e2c225e05ea65e7a3aaaf5a688864d0ee68ed2eece557fac0
How disappointing, right? No, not that it is so low detected, but that it is not FUD…
😂
@demonslay335 @VK_Intel…
Code analysis of CryCryptor Ransomware and its vulnerability that allowed to create a decryption tool
Reverse EngineeringJul 15 2020 09:57
10th Anniversary Of The Stuxnet Virus – What Is Its Significance Today?
Information Security BuzzJul 15 2020 10:54
marks 10 years since the Stuxnet virus was revealed, the malicious worm that infected  100,000 computers .
Vulnerabilities
PATCH NOW – SIGRed – CVE-2020-1350 – Microsoft DNS Server Vulnerability, (Wed, Jul 15th)
CERT-EU VulnerabilitiesApplicationsJul 15 2020 07:54
* THIS POST WILL BE UPDATED AS NEW INFORMATION BECOMES AVAILABLE * Yesterday, Microsoft released a patch for CVE-2020-1350, fixing a critical vulnerability in it's DNS server. The vulnerability is 17 years old. All current versions of Microsoft's…
sans_isc – PATCH NOW – SIGRed – CVE-2020-1350 – Microsoft DNS Server Vulnerability https://t.co/csba6elSJq https://t.co/XyTxU5vQOf
sans_isc – TwitterJul 15 2020 06:48
PATCH NOW – SIGRed – CVE-2020-1350 – Microsoft DNS Server Vulnerability https://isc.sans.edu/diary/26356 https://twitter.com/sans_isc/status/1283292346059292672/photo/1
Oracle releases fix for 443 vulnerabilities affecting 130 products. 100 flaws with CCV score of 9.8 or higher
CERT-EU VulnerabilitiesApplicationsJul 15 2020 23:55
Oracle Communications Applications. Patches for Oracle Communications Applications include 60 updates; 46 of these vulnerabilities could even be remotely exploited with no victims’ interaction. Oracle E-Business Suite. This product received 30 new…
SecurityWeek – Microsoft Patches Critical Wormable Flaw in Windows DNS Servers https://t.co/3gcYU2Kf3V CVE-2020-1350 #SIGred
SecurityWeek – TwitterJul 15 2020 09:07
Microsoft Patches Critical Wormable Flaw in Windows DNS Servers https://www.securityweek.com/microsoft-patches-critical-wormable-flaw-windows-dns-servers CVE-2020-1350 #SIGred
Ongoing Campaigns
20% of credential stuffing attacks target media companies
Help Net Security – NewsJul 16 2020 04:00
The media industry suffered 17 billion credential stuffing attacks between January 2018 and December 2019, according to a report from Akamai. The apparent fourfold increase in attacks is partly attributable to the enhanced visibility into the…
Yet Another Huge DDoS Attack Disclosed – Cloudflare Networks Flooded
CywareJul 15 2020 06:54
There has been a surge in Internet traffic and DDoS attacks, and over time, the complexity of these attacks has been elevating. Amidst the COVID-19 pandemic, hackers are trying to find new and challenging ways to penetrate the network, as was…
SMS Phishing Scam Targeting HSBC UK Customers
CywareJul 15 2020 06:54
In recent times, there has been an increase in sophisticated phishing scams designed to trick victims into handing over their personal financial details. A similar SMS phishing (SMShing) attack has been observed targeting HSBC UK customers recently. W…
‘Tetrade’ Brazilian Banking Trojans Go International
Security WeekJul 15 2020 14:06
The Brazilian cybercriminals behind four banking Trojans collectively dubbed “Tetrade” have decided to expand their business and started targeting victims internationally, Kaspersky’s security researchers reveal. The four banking Trojan families –…

