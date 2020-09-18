Cyber Alert – 18 September 2020
This alert was created automatically by our award-winning intelligence product Silobreaker Online. Story selection is determined by an algorithm and based on a set of queries initially set by a Silobreaker user. Contact us here for more information.
|Heat – Trending Malware and Threat Actors
|Name
|Heat 1
|Heat 7
|Vol 1
|Vol 7
|APT41
|38
|116
|Maze Ransomware
|21
|47
|APT39
|8
|8
|Cerberus Malware
|9
|18
|MrbMiner
|7
|16
|Ragnar Locker
|6
|7
|Trickbot Malware
|10
|29
|Winnti Group
|6
|18
|SunCrypt Ransomware
|7
|16
|LockBit Ransomware
|4
|13
|Hacker Groups
|US charges APT 41 group members for hacking over 100 companies
|HackRead – Sep 17 2020 12:23
|By Deeba Ahmed Two Malaysian hackers and five Chinese hackers allegedly part of a state-sponsored hacking group APT 41 charged for hacking 100 companies worldwide. This is a post from HackRead.com Read the original post: …
|RedDelta Resumes Operations
|IBM X-Force Exchange – Advisory Tag – RSS – Sep 17 2020 13:36
|Summary The threat group RedDelta has resumed its attacks on the Vatican and other Catholic organizations after a brief hiatus, Recorded Future reports. Threat Type Malware, Spearphishing, Campaign Overview The Insikt Group reported on the threat-group…
|TA505 Campaign IoCs
|IBM X-Force Exchange – Advisory Tag – RSS – Sep 17 2020 15:47
|Summary A report from Rewterz provides IoCs that are associated with an active TA505 campaign. TA505 is also known as EvilCorp and are tracked by IBM X-Force as Hive0065. Threat Type Malware, APT Overview TA505 is a threat group known to have been…
|Before QAnon, Anonymous was leading Save the Children marches
|Daily Dot – Sep 17 2020 12:00
|…
|Malware
|LockBit malware: What it is, how it works and how to prevent it | Malware spotlight
|Security Bloggers Network – Sep 17 2020 13:00
|Introduction LockBit is a data encryption malware in operation since September 2019 and a recent Ransomware-as-a-Service (RaaS), in which developers are in charge of the payment site and development… Go on to the site to read the full…
|Maze Ransomware Attack Borrows RagnarLocker Hacking Move
|BankInfoSecurity – Sep 17 2020 17:46
|Ransomware Gang Cross-Pollination Continues as LockBit Launches Its Own Leaks Site Stop me if you think you've heard this one before: Some ransomware attackers are hiding attack code in virtual machines or creating new leaking sites to pressure…
|GossiTheDog – Ugh, Maze ransomware peeps using the Ragnar Locker technique of putting their ransomware inside a Windows 7 Virual… https://t.co/jjxCLPul19
|GossiTheDog – Twitter – Sep 17 2020 13:33
|Ugh, Maze ransomware peeps using the Ragnar Locker technique of putting their ransomware inside a Windows 7 Virual Machine (with no security tools) to try to evade detection on endpoints.
|How to Protect Your Enterprise from Ako Ransomware: Essentials to Keep in Mind
|Heimdal Security Blog – Sep 17 2020 14:10
|You might be tempted to think that you’ve seen it all before as far as cyberattacks are concerned. Enter Ako ransomware, a strain discovered at the beginning of 2020 that is bound to take even the most seasoned experts by…
|Vulnerabilities
|Threat Brief: Microsoft Vulnerability CVE-2020-1472 “Zerologon”
|Unit 42 – Palo Alto Networks Blog – Sep 17 2020 21:00
|CVE-2020-1472, also known as "Zerologon," was given a "critical" security rating from Microsoft and a CVSS score of 10.0. The post Threat Brief: Microsoft Vulnerability…
|kaspersky – #Microsoft’s patch for the CVE-2020-1472 vulnerability in the Netlogon protocol aka Zerologon is an update you shou… https://t.co/7np22Yd0sW
|kaspersky – Twitter – Sep 17 2020 20:01
|#Microsoft's patch for the CVE-2020-1472 vulnerability in the Netlogon protocol aka Zerologon is an update you shouldn't miss. https://kas.pr/f69c https://twitter.com/kaspersky/status/1306684615197892615/video/1
|Zerologon – hacking Windows servers with a bunch of zeros
|Naked Security – Sophos – Sep 17 2020 11:13
|Cryptography is hard. And cryptographic blunders can be hard to spot. This one was there for years…
|CVEnew – CVE-2020-14338 A flaw was found in Wildfly’s implementation of Xerces, specifically in the way the XMLSchemaValidat… https://t.co/I9XJbcKA2d
|CVEnew – Twitter – Sep 17 2020 16:45
|CVE-2020-14338 A flaw was found in Wildfly's implementation of Xerces, specifically in the way the XMLSchemaValidator class in the JAXP component of Wildfly enforced the "use-grammar-pool-only" feature. This flaw allows a specially-crafted X……
|Ongoing Campaigns
|What is DDoS mitigation and how does it work?
|AlienVault Blogs – Sep 17 2020 05:01
|This blog was written by a third party author. Distributed denial of service (DDoS) attacks are a favorite method for attackers to disrupt or debilitate firewalls, online services, and websites by overwhelming systems with malicious traffic…
|Major Global Ransom Denial of Service Campaign Continues Rising Trend in Global DDoS Attacks
|Imperva Data Security Blog – Sep 17 2020 20:44
|Extortionists Claim Connection to Fancy Bear and Lazarus Group In the past weeks the number of serious Ransom Denial of Service (RDoS) threats has ramped-up considerably, with extortion campaigns targeting thousands of large commercial…
|Chinese Antivirus Firm Was Part of APT41 ‘Supply Chain’ Attack
|Security Bloggers Network – Sep 17 2020 22:03
|The U.S. Justice Department this week indicted seven Chinese nationals for a decade-long hacking spree that targeted more than 100 high-tech and online gaming companies. The government alleges the men used malware-laced phishing emails and "supply…
|Credential Stuffing Attacks Raising Alarm for U.S. Financial Sector
|Cyware – Sep 17 2020 18:26
|Credential stuffing, in the past, was used for targeting online services such as online gaming, video streaming, or food delivery businesses. However, with an ever-increasing success rate of this tactic, several professional hackers have started…
Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.