Cyber Alert – 17 April 2020
Silobreaker’s Daily Cyber Alert is created and distributed automatically by using our award-winning intelligence product Silobreaker Online.
|Heat – Trending Malware and Threat Actors
|Name
|Heat 1
|Heat 7
|Vol 1
|Vol 7
|Nemty Ransomware
|5
|13
|Lazarus Group
|4
|9
|AgentTesla Keylogger
|4
|8
|WannaCry Ransomware
|3
|9
|Ghost Squad Hackers
|2
|2
|SLRat
|2
|3
|AndoServer
|2
|3
|Androrat
|2
|3
|SilverHawk Spyware
|2
|3
|TA2101
|2
|2
|Data Breaches
|PTA investigates data breach of 115mn Pakistani mobile users
|Seclists.org – Data Loss – Apr 16 2020 14:39
|Posted by Destry Winant on Apr 16…
|Wappalyzer reveals data breach after hacker disclosed incident to customers
|Security Bloggers Network – Apr 16 2020 13:26
|Wappalyzer, a company that…
|Hartford HealthCare Data Breach May Have Compromised Patient Information
|Seclists.org – Data Loss – Apr 16 2020 14:38
|Posted by Destry Winant on Apr 16…
|Compromised email account leads to Saint Francis Ministries data breach
|Seclists.org – Data Loss – Apr 16 2020 14:38
|Posted by Destry Winant on Apr 16…
|Hacker Groups
|Could Return of Ghost Squad Hackers Signal Rise in COVID-19-Related Hactivism?
|Dark Reading: – Apr 16 2020 22:50
|New research suggests GSH is active in Southeast Asia following a couple of quiet years.
|Syria-linked APT group SEA targets Android users with COVID19 lures
|Security Affairs – Apr 17 2020 07:36
|Syrian-linked APT group SEA recently used COVID-19-themed lures as part of a long-running surveillance campaign, security researchers warn. Syrian hackers are behind a long-running campaign that has been active since January 2018 and that targets…
|Syrian Hackers Target Mobile Users With COVID-19 Lures
|Security Week – Apr 16 2020 13:07
|Syrian-linked hackers recently switched to lures as part of a long-running surveillance campaign, Lookout security researchers reveal. Supposedly active since January 2018, the campaign targets Arabic-speaking users with tens of Android applications,…
|Double Extortion: Ransomware’s New Normal Combining Encryption with Data Theft
|Security Week – Apr 16 2020 17:06
|'Double extortion' is the term given to an evolving ransomware tactic: first steal confidential data, then encrypt the victim's files. If the victim doesn't pay the ransom, expose the data. The first published example of a double extortion attack,…
|Malware
|Nemty Ransomware Gang Shuts Down Public Gig, Announces ‘Exclusive’ Business Model
|HOTforSecurity – Apr 16 2020 09:44
|…
|The secret behind “unkillable” Android backdoor called xHelper has been revealed
|ArsTechnica – Apr 16 2020 13:00
|Enlarge portal gda / flickr In February, a researcher detailed a widely circulating Android backdoor that’s so pernicious that it survives factory resets, a trait that makes the malware impossible to remove without taking unusual measures. The analysis…
|Ragnar Locker Ransomware Demands 1580 BTC from EDP
|Security Bloggers Network – Apr 16 2020 11:34
|Ragnar Locker ransomware demanded 1580 bitcoin (approximately $11 million) as ransom from Portuguese electric utilities company Energias de Portuga (EDP). As reported by Bleeping Computer, the operators of Ragnar Locker published a new post on…
|Hackers steal WiFi passwords using upgraded Agent Tesla malware
|BleepingComputer.com – Apr 16 2020 19:24
|Some new variants of the Agent Tesla info-stealer malware now come with a dedicated module for stealing WiFi passwords from infected devices, credentials that might be used in future attacks to spread to and compromise other systems on the same…
|Vulnerabilities
|What Is VPR and How Is It Different from CVSS?
|Tenable Blog – Apr 16 2020 18:00
|This blog series will provide an in-depth discussion of vulnerability priority rating (VPR) from a number of different perspectives. Part one will focus on the distinguishing characteristics of VPR that make it a more suitable tool for…
|Continued Threat Actor Exploitation Post Pulse Secure VPN Patching
|US-CERT Emergency Readiness – Apr 16 2020 13:21
|Original release date: April 16, 2020 Note: This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the …
|Cisco Patches Critical Flaws in IP Phones, UCS Director
|Security Week – Apr 17 2020 04:18
|Cisco this week released security patches to address numerous vulnerabilities across its products, including critical severity flaws that impact IP Phones and UCS Director. The critical vulnerability patched in IP Phones impacts the web server and…
|Multiple Qualcomm Kernel Vulnerabilities Fixed With Android April Patch
|TechNadu – Apr 16 2020 08:18
|Zimperium is diving into the technical details of two Qualcomm flaws that affect Android devices. The presented vulnerabilities have dire consequences if exploited in the wrong way. Most Android devices out there will remain vulnerable to the flaws for…
|Ongoing Campaigns
Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.