Cyber Alert – 18 April 2020
|Heat – Trending Malware and Threat Actors
|Name
|Heat 1
|Heat 7
|Vol 1
|Vol 7
|PoetRAT
|5
|9
|Serpent Ransomware
|2
|2
|Energetic Bear
|2
|7
|URSNIF
|2
|4
|Lazarus Group
|2
|11
|Ragnar Locker
|2
|13
|Nemty Revenue 3.1
|1
|1
|Zeppelin Ransomware
|1
|1
|GnosticPlayers
|1
|1
|SandroRAT
|1
|2
|Data Breaches
|What data breaches teach us about security procedures
|Seclists.org – Data Loss – Apr 17 2020 14:44
|Posted by Destry Winant on Apr 17 https://www.techradar.com/news/what-data-breaches-teach-us-about-security-procedures The last decade saw countless data breaches with the personally identifiable information (PII) of millions exposed and sent…
|“Lincoln Financial Advisors” Disclose Data Breach Affecting Clients
|Seclists.org – Data Loss – Apr 17 2020 14:44
|Posted by Destry Winant on Apr 17 https://www.technadu.com/lincoln-financial-advisors-disclose-client-data-breach/99184/ The Charpentier Wealth Strategies office belonging to the Lincoln Financial Advisors has announced a data breach. Apparently,…
|Oakland County stops COVID-19 data leak
|Office of Inadequate Security – Apr 17 2020 15:29
|Orion Sang reports: Oakland County secured a data leakage of internal COVID-19 data that was used by the Oakland County…
|Zyng Data-Breach Claims
|IT Security Guru – Apr 17 2020 10:05
|Game-maker Zynga Inc.’s data security measures allegedly were weak and enabled a breach affecting more than 170 million users of its Words With Friends online game, according to a complaint filed in California federal court. The suit filed Wednesday…
|Hacker Groups
|TA505 Group Targeted Corporate Networks With RAT: Report
|Data Breach Today – Apr 17 2020 15:51
|Cybercrime , Fraud Management & Cybercrime , Fraud Risk Management Spear-Phishing Emails Appeared to Originate With HR Departments Akshaya Asokan (asokan_akshaya) • April 17, 2020 The prolific TA505 cybercrime group targeted corporate networks across…
|Syria-linked APT group SEA targets Android users with COVID19 lures
|Security Affairs – Apr 17 2020 07:36
|Syrian-linked APT group SEA recently used COVID-19-themed lures as part of a long-running surveillance campaign, security researchers warn. Syrian hackers are behind a long-running campaign that has been active since January 2018 and that targets…
|CyberCrime – W/E – 4/17/20
|Tech-Wreck InfoSec Blog – Apr 17 2020 21:43
|New York State Was Victim of Hack from Outside US (04/13/2020) Just before its efforts to gear up preparations to deal with the coronavirus pandemic, New York State was hit with a cyberattack that disabled state agency…
|The Good, the Bad and the Ugly in Cybersecurity – Week 16
|SentinelOne – Apr 17 2020 16:00
|The Good The Dutch police have taken down at least 15 DDoS for hire services…
|Malware
|Microsoft: Trickbot in hundreds of unique COVID-19 lures per week
|MalwareTips.com – Apr 18 2020 06:12
|TrickBot is, at the moment, the malware showing up in the highest number of unique COVID-19 related malicious emails and attachments delivered to potential victims' inboxes based on Microsoft's Office 365 Advanced Threat Protection (ATP) data. "B…
|PoetRAT Trojan Targets Energy Sector Using Coronavirus Lures
|News ≈ Packet Storm – Apr 17 2020 15:22
|Nemty Ransomware Ceases Public Operations, Focuses on Private Schemes 4/17/20 12:00 AM
|Trend Micro – Apr 17 2020 11:05
|Threat actors behind Nemty ransomware close down their ransomware-as-a-service (RaaS) operation as they zero in on private schemes, as reported by BleepingComputer . This was confirmed in a Russian hacker forum post that security researcher Vitali…
|Nemty ransomware operation shuts down public RaaS
|MalwareTips.com – Apr 17 2020 07:33
|The operators of the Nemty ransomware have announced this week they were shutting down their public Ransomware-as-a-Service operation and opting to go private in order to focus and put more rersources on targeted attacks. For those unfamiliar with…
|Vulnerabilities
|Several Botnets Using Zero-Day Vulnerability to Target Fiber Routers
|Security Week – Apr 17 2020 18:17
|Multiple botnets are targeting a zero-day vulnerability in fiber routers in an attempt to ensnare them and leverage their power for malicious purposes, security researchers warn. The security bug impacts Netlink Gigabit Passive Optical Networks (GPON)…
|Cisco addresses critical issues in IP Phones and UCS Director
|Security Affairs – Apr 17 2020 17:26
|Cisco released security patches to address numerous flaws in its products, including critical severity issues that affect IP Phones and UCS Director. The critical vulnerability fixed by Cisco affects IP Phones and resides on the…
|Experts shed the light on the mysterious critical VMware vCenter Server issue
|Security Affairs – Apr 17 2020 21:41
|Security firm Guardicore released technical information on a critical VMware vCenter Server vulnerability recently disclosed by VMware. Earlier this month, VMware has addressed a …
|Security Flaws & Fixes – W/E – 4/17/20
|Tech-Wreck InfoSec Blog – Apr 17 2020 21:44
|Adobe Issues Five Important Security Patches (04/14/2020) Five vulnerabilities have been fixed in Adobe's latest round of software updates. Three items ranked important affect ColdFusion…
|Ongoing Campaigns
