17 January 2021

This alert was created automatically by our award-winning intelligence product Silobreaker Online. Story selection is determined by an algorithm and based on a set of queries initially set by a Silobreaker user. Contact us here for more information.

Heat – Trending Malware and Threat Actors
Name Heat 1 Heat 7 Vol 1 Vol 7
Magecart Group 3 6
GravityRAT 2 2
IPStorm 2 3
FIN11 2 3
OSAMiner 2 9
Clop Ransomware 2 7
CASHY200 Backdoor 1 1
TriFive Backdoor 1 1
Snugy Backdoor 1 1
VandaTheGod 3 19
Data Breaches
Secnewsbytes – Co: Pitkin County COVID-19 case investigations inadvertently exposed online https://t.co/UEI2BKx4ipSecnewsbytes – Twitter – Jan 16 2021 08:32Co: Pitkin County COVID-19 case investigations inadvertently exposed online https://www.databreaches.net/co-pitkin-county-covid-19-case-investigations-inadvertently-exposed-online/
Secnewsbytes – Amazon’s Ring Neighbors app exposed users’ precise locations and home addresses | TechCrunch https://t.co/YQzstsfhoUSecnewsbytes – Twitter – Jan 16 2021 08:33Amazon’s Ring Neighbors app exposed users’ precise locations and home addresses | TechCrunch https://techcrunch.com/2021/01/14/ring-neighbors-exposed-locations-addresses/
Ph: Privacy Commission summons operators of website that exposed car owners’ personal dataDataBreaches.net – Jan 16 2021 14:06There’s an update to a data leak situation previously noted on this site. It’s always interesting to me to see how other countries handle privacy violations or data leaks. It looks like the NPC has the authority — and uses it…
IE: Schools on security alert as gardaí probe online class breachDataBreaches.net – Jan 16 2021 14:06Katherine Donnelly and Robin Schiller report: Schools are on alert to IT security risks around online classes as a Garda investigation gets under way into how a number of men gained unauthorised access to a video lesson for second-year students. The…
Hacker Groups
Higaisa or Winnti? APT41 backdoors, old and newReddit – BlueTeamSec – RSS – Jan 16 2021 18:12submitted by /u/digicat [link]…
TA551 Now Spreading IcedID Stealer via Spoofed EmailsCyware – Jan 16 2021 19:24TA551 (aka Shathak) is an email-based malware distribution campaign that is actively targeting English-speaking victims. Active since early 2020, TA551 is known to distribute multiple malware families, such as Ursnif and Valak. What is happening? In a…
FIN11 e-crime group shifted to CL0P ransomware and big game huntingOffice of Inadequate Security – Jan 16 2021 18:30Derek B. Johnson reports: The financially motivated FIN11, which increasingly incorporated CL0P ransomware into their…
Magecart Groups Hide Behind ‘Bulletproof’ Hosting ServiceCyberSecurityBoard.com – RSS – Jan 16 2021 20:47Several Magecart groups hide their JavaScript skimmers, phishing domains and other malicious tools behind a "bulletproof" hosting service called Media … …
Malware
cybersecboardrm – This ‘off the shelf’ Tor backdoor malware is now a firm favorite with ransomware operators #Cybersecurity… https://t.co/xpGiIy3ITBcybersecboardrm – Twitter – Jan 16 2021 22:57This ‘off the shelf’ Tor backdoor malware is now a firm favorite with ransomware operators #Cybersecurity #ransomware #security…
ZDNet – Ransomware attacks now to blame for half of healthcare data breaches https://t.co/6MwcLKB7AmZDNet – Twitter – Jan 16 2021 11:30Ransomware attacks now to blame for half of healthcare data breaches…
ZDNet – Ransomware attacks now to blame for half of healthcare data breaches https://t.co/4Dw7Bs2GnVZDNet – Twitter – Jan 16 2021 15:45Ransomware attacks now to blame for half of healthcare data breaches…
ZDNet – Ransomware attacks now to blame for half of healthcare data breaches https://t.co/JUn9b8a0uAZDNet – Twitter – Jan 16 2021 20:00Ransomware attacks now to blame for half of healthcare data breaches…
Vulnerabilities
Siemens fixed tens of flaws in Siemens Digital Industries Software productsSecurity Affairs – Jan 16 2021 14:14Siemens has addressed tens of vulnerabilities in Siemens Digital Industries Software products that can allow arbitrary code execution. Siemens has addressed 18 vulnerabilities affecting some products of Siemens Digital Industries Software which…
Media claiming “NTFS corruption vulnerability”, but it’s not that muchMalwareTips.com – Jan 17 2021 03:35Moderators, if i'm posting on the wrong place or someone already discussed it, feel free to move/remove the topic On the last few days, the media has been claiming a NTFS corruption……
Metacurity – RT @Ax_Sharma: EXCLUSIVE: Disclosing CVE-2020-13959: Apache Velocity Tools XSS flaw discovered and responsibly reported by @JacksonHHax of…Metacurity – Twitter – Jan 16 2021 12:10RT @Ax_Sharma: EXCLUSIVE: Disclosing CVE-2020-13959: Apache Velocity Tools XSS flaw discovered and responsibly reported by @JacksonHHax of @SakuraSamuraii hacking team.

#Vulnerability impacts some GOV domains. While a formal release is pending, a…

Vigil@nce – DNS: Man-in-the-Middle via SAD DNS ICMP Rate, analyzed on 16/11/2020Vigil@nce – public vulnerabilities – Jan 16 2021 10:59An attacker can act as a Man-in-the-Middle via ICMP Rate on DNS, in order to read or write data in the session.
Ongoing Campaigns
xHunt Campaign Adopts New Enhancements to Evade DetectionCyware – Jan 16 2021 19:24Since its emergence, xHunt campaign threat actors have been continuously attacking Kuwaiti organizations, mostly by targeting Microsoft Exchange servers. What’s new in the report? Recently, Palo Alto Unit 42 researchers published a report related to…
Technology and Software Giants, Microsoft and Google face Threat by Chimer Gang AttackE Hacking News – Jan 16 2021 13:45The world's biggest technology and software giants, namely Microsoft, and Google are being threatened by a new group of cybercriminals who are targeting their cloud services. Working in coordination with their Chinese interests, the threat actors are…
CrowdStrike – SUNSPOT activity in the #Sunburst attack included inserting backdoor code within #pragma statements disabling and r… https://t.co/1AHZfRF2LdCrowdStrike – Twitter – Jan 16 2021 21:02SUNSPOT activity in the #Sunburst attack included inserting backdoor code within #pragma statements disabling and restoring warnings, to prevent backdoor code lines appearing in build logs. Find out more in @CrowdStrike’s technical analysis of the…
Securityblog – Vulnerability Exposes F5 BIG-IP Systems to Remote DoS Attacks | https://t.co/08MJfOsUA9 https://t.co/XNmqN2QYfgSecurityblog – Twitter – Jan 16 2021 14:38Vulnerability Exposes F5 BIG-IP Systems to Remote DoS Attacks | http://SecurityWeek.Com https://www.securityweek.com/vulnerability-exposes-f5-big-ip-systems-remote-dos-attacks

Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal