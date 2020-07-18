Cyber Alert – 18 July 2020
|Heat – Trending Malware and Threat Actors
|Name
|Heat 1
|Heat 7
|Vol 1
|Vol 7
|EMOTET Trojan
|64
|74
|APT35
|14
|24
|ITG18
|11
|16
|APT29
|17
|64
|WellMess
|7
|34
|WellMail
|5
|24
|BlackRock Malware
|4
|25
|Nefilim Ransomware
|4
|14
|Dridex Malware
|5
|14
|Zimbra Ransomware
|2
|3
|Data Breaches
|How exposed are you to cybercrime?
|Malwarebytes Unpacked – Jul 17 2020 15:00
|No country, business, or person is immune to cybercrime, and as the Internet’s influence on our daily lives grows exponentially, so will the level of malicious activity throughout the world. An ever-changing cyber landscape will always carry…
|Iranian Hackers Accidentally Exposed Their Training Videos (40 GB) Online
|THN : The Hacker News – Jul 17 2020 10:23
|An OPSEC error by an Iranian threat actor has laid bare the inner workings of the hacking group by providing a rare insight into the "behind-the-scenes look into their methods." IBM's X-Force Incident Response Intelligence Services (IRIS) got hold of…
|Secnewsbytes – Iran-Linked Hackers Accidentally Exposed 40 GB of Their Files | https://t.co/1QeMXr4hZr https://t.co/qB8PKh3IR2
|Secnewsbytes – Twitter – Jul 17 2020 05:26
|Iran-Linked Hackers Accidentally Exposed 40 GB of Their Files | http://SecurityWeek.Com https://www.securityweek.com/iran-linked-hackers-accidentally-exposed-40-gb-their-files
|Iran-linked APT35 accidentally exposed 40 GB associated with their operations
|Security Affairs – Jul 17 2020 13:49
|Iran-linked APT35 group accidentally exposed one of its servers, leaving online roughly 40 GB of videos and other files associated with its operations. Researchers at IBM X-Force Incident Response Intelligence Services (IRIS) discovered an…
|Hacker Groups
|Russian group Cozy Bear is tied to hacking on Covid vaccine research
|ThePrint – Jul 17 2020 07:19
|UK, US and Canada jointly announced that APT29, also known as Cozy Bear or The Dukes, was behind the hacking attempt, but didn’t identify specific victims.
|That Crazy Cozy Bear
|CERT-EU – Latest Articles Ongoing Threats – RSS – Jul 17 2020 21:43
|. Also known as Cozy Bear , the group is associated with activities ranging from political to economic espionage over the past several years. Notably, while other public, Western government attribution of Russian-linked espionage activities has been…
|Cozy Bear and Fancy Bear: what are the Russian intelligence hacking operations?
|MSN UK – Jul 17 2020 08:35
|The British, US and Canadian governments have accused the Russian hacking group Cozy Bear of trying to steal vital coronavirus information, including research about a possible vaccine. UK security minister James Brokenshire went further the next day,…
|COVID-19 Research and Vaccine Research Targeted by APT29 Group
|HOTforSecurity – Jul 17 2020 12:59
|…
|Malware
|Updates on ThiefQuest, the Quickly-Evolving macOS Malware
|Security Intelligence TrendLabs – Trend Micro – Jul 17 2020 12:00
|…
|BleepinComputer – Be safe out there. It is never good when Emotet is spewing forth their campaigns as it only leads to more spam, Tri… https://t.co/KMfsqXEqfd
|BleepinComputer – Twitter – Jul 17 2020 20:30
|Be safe out there. It is never good when Emotet is spewing forth their campaigns as it only leads to more spam, TrickBot infections, and eventually ransomware infections.
Would not be surprised if we saw an uptick in Ryuk/Conti cases over the next…
|Emotet Lives!
|Dark Reading – All Stories – Jul 17 2020 20:30
|Emotet malware has back to action after a four-month hiatus that allowed cybersecurity experts to worry about other things.
|virusbtn – Spamhaus researchers look at recent activity by the Qbot/Qakbot malware https://t.co/RgoGt2IiCK https://t.co/yzwT52MpWO
|virusbtn – Twitter – Jul 17 2020 19:04
|Spamhaus researchers look at recent activity by the Qbot/Qakbot malware https://www.spamhaus.org/news/article/799/tracking-qbot https://twitter.com/virusbtn/status/1284202216971280384/photo/1
|Vulnerabilities
|NA – CVE-2020-1640 – An improper use of a validation framework when…
|CERT-EU VulnerabilitiesApplications – Jul 17 2020 23:37
|An improper use of a validation framework when processing incoming genuine BGP packets within Juniper Networks RPD (routing protocols process) daemon allows an attacker to crash RPD thereby causing a Denial of Service (DoS) condition. This framework…
|SAP RECON Flaw: Albatross Around the Neck
|Cyware – Jul 17 2020 06:55
|A critical flaw, with a CVSS score of 10, has been disclosed for SAP users. The scoop A critical vulnerability has been patched by SAP that is found in the SAP NetWeaver AS JAVA (LM Configuration Wizard) versions 7.30 to 7.50. Dubbed RECON (Remotely…
|Security Flaws & Fixes – W/E – 7/17/20
|Tech-Wreck InfoSec Blog – Jul 17 2020 15:29
|100,000 WordPress Sites Affected by Drag-and-Drop Plugin Flaw (07/13/2020) The WordFence Threat Intelligence Team uncovered a number of …
|SecurityWeek – Apple Patches Multiple Code Execution Flaws in Audio Components https://t.co/nDJiGgULdH
|SecurityWeek – Twitter – Jul 17 2020 14:03
|Apple Patches Multiple Code Execution Flaws in Audio Components https://www.securityweek.com/apple-patches-multiple-code-execution-flaws-audio-components
|Ongoing Campaigns
|Brazilian Banking Trojans Spread to Other Nations
|Bank Info Security – Jul 17 2020 16:18
|Kaspersky: Fraudsters Now Target North America, Europe, Latin America Prajeet Nair (@prajeetspeaks) • July 17, 2020 This chart shows how the Guildma banking Trojan, which is one of four strains developed in Brazil over the last several years, has…
|Cozy Bear Hackers Target Covid-19 Research Centres in UK, US and Canada
|Information Security Buzz – Jul 17 2020 09:54
|An advisory published by the UK National Cyber Security Centre (NCSC) warns of activity by Russian hacking group APT29 and explicitly calls out efforts to target the US, UK, and Canadian vaccine research, according to CNN . Cyber actors from the…
|Media Is the Most Targeted Industry in Credential Stuffing Attacks
|Security Bloggers Network – Jul 17 2020 12:52
|…
|Covid-19 vaccines, economies in peril after Russian APT29 attacks
|SC Magazine US – Jul 17 2020 23:35
|Warnings by officials in the U.S., U.K. and Canada that Russia’s Cozy Bear, APT29, is actively trying to steal Covid-19 vaccine research by hacking vaccine trials and dropping WellMess and WellMail malware proves at least two things: Russia military…
