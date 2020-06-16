Cyber Alert – 16 June 2020
|Heat – Trending Malware and Threat Actors
|Name
|Heat 1
|Heat 7
|Vol 1
|Vol 7
|Magecart Group
|23
|44
|URSNIF
|7
|17
|Ryuk Ransomware
|5
|9
|Pegasus Malware
|4
|6
|DarkHotel Group
|4
|5
|Black Kingdom Ransomware
|4
|10
|KerrDown
|3
|3
|QakBot
|5
|10
|Stuxnet
|3
|3
|Gamaredon Group
|4
|33
|Data Breaches
|Exposed Cloud Databases Attacked 18 Times Per Day
|Infosecurity – Latest News – Jun 15 2020 11:00
|Exposed Cloud Databases Attacked 18 Times Per Day Exposed cloud databases are probed within just hours of being set up, according to new research from Comparitech. The firm’s security research team, headed by Bob Diachenko, has written…
|Exposed Cloud Databases Attacked 18 Times Per Day https://www.infosecurity-magazine.com/news/exposed-cloud-databases-attacked?utm_source=twitterfeed&utm_medium=twitter
|Niche dating app user data found exposed on misconfigured cloud instance
|SiliconANGLE – Jun 16 2020 02:33
|The records of hundreds of thousands of users of a range of niche data apps have been exposed online in the latest case of a misconfigured cloud instance. Discovered by security researchers Noam Rotem and Ran Locar at vpnMentor and published today,…
|Whoa: “Dating Apps Exposed 845 GB of Explicit Photos, Chats, and More”
An unfortunate reminder that once you digitise something there’s always an increased risk of it being exposed
|Hacker Groups
|Gamaredon Hackers Using New Tools for Microsoft Outlook, Office, and Excel
|Cyware – Jun 15 2020 19:01
|A Russia-linked APT group named Gamaredon (aka Primitive Bear) has been using several undocumented post-compromise tools in various malicious campaigns since 2013 and was recently observed making further updates to its tactics. What’s new According to…
|Anonymous Hackers Just Targeted U.S. Police Again: ‘No More Impunity’
|Forbes.com – Jun 15 2020 07:53
|In the weeks since Anonymous hackers threatened Minneapolis Police Department (MPD) that it would “expose your many crimes to the world” following the death of George Floyd, speculation has been rife as to whether the Anonymous has returned, or is it…
|Deep-dive: The DarkHotel APT
https://blog.bushidotoken.net/2020/06/deep-dive-darkhotel-apt.html
|Malware
|Ryuk Continues to Dominate Ransomware Response Cases
|Dark Reading – All Stories – Jun 15 2020 21:55
|Analysis reveals how Ryuk's operators are changing their techniques and using new means to break in.
|May’s Most Wanted Malware: Ursnif Banking Trojan Ranks On Top 10 Malware List for First Time, Over Doubling Its Impact On Organizations
|CERT-EU VulnerabilitiesApplications – Jun 15 2020 11:01
|Check Point’s researchers find sharp increase in attacks using the long-running Ursnif banking trojan capable of stealing email and banking credentials. Our latest Global Threat Index for May 2020 has found several malicious spam campaigns…
|May 2020’s Most Wanted Malware: Ursnif Banking Trojan Ranks On Top 10 Malware List for First Time, Over Doubling Its Impact On Organizations
|CERT-EU VulnerabilitiesApplications – Jun 15 2020 17:02
|The Ursnif banking trojan targets Windows PCs and is capable of stealing vital financial information, email credentials and other sensitive data. The malware is delivered in malicious spam campaigns via Word or Excel attachments. The new wave of…
|Vulnerabilities
|ARM CPUs Face Threats From New Variant of Spectre Vulnerability
|Cyware – Jun 15 2020 19:01
|The ARM architecture-based processors may face new cyberthreats due to the discovery of a new vulnerability. This vulnerability is said to be a variant of the Specter vulnerability , the infamous bug discovered in January 2018 that could lead to…
|Black Kingdom ransomware operators exploit Pulse VPN flaws
|Security Affairs – Jun 15 2020 13:39
|Black Kingdom ransomware operators are targeting organizations using unpatched Pulse Secure VPN software to deploy their malware. Researchers from security firm REDTEAM reported that operators behind the Black Kingdom ransomware are targeting…
|Ongoing Campaigns
|Earth Empusa targets minority group with Android ActionSpy spyware
|Security Affairs – Jun 15 2020 07:47
|The Earth Empusa threat group is distributing new Android spyware, dubbed ActionSpy, through watering hole attacks to targets Turkic minority group. Researchers warn that the Earth Empusa (aka …
