This alert was created automatically by our award-winning intelligence product Silobreaker Online. Story selection is determined by an algorithm and based on a set of queries initially set by a Silobreaker user. Contact productinfo[at]silobreaker[dot]com for more information.

Heat – Trending Malware and Threat Actors
Name Heat 1 Heat 7 Vol 1 Vol 7
APT28 12 38
Armada Collective Group 7 7
Guccifer2 3 4
Golang Malware 3 3
BlackEnergy 2 2
WellMess 3 13
RansomExx 2 6
Bart Ransomware 2 2
Sodinokibi Ransomware 5 28
NanoCore RAT 2 4
Data Breaches
Gym app management platform exposed info of thousands of users
BleepingComputer.comAug 18 2020 11:53
Hackers could hijack user accounts in dozens of fitness and gym mobile applications, even where the two-factor authentication (2FA) mechanism was active. […]
Dinosn – Gym app management platform exposed info of thousands of users https://t.co/BjGY0tQk2B
Dinosn – TwitterAug 18 2020 12:52
Gym app management platform exposed info of thousands of users https://www.bleepingcomputer.com/news/security/gym-app-management-platform-exposed-info-of-thousands-of-users/
BleepinComputer – Gym app management platform exposed info of thousands of users – @Ionut_Ilascu
https://t.co/wyz0gvGzh2
BleepinComputer – TwitterAug 18 2020 11:53
Gym app management platform exposed info of thousands of users – @Ionut_Ilascu
https://www.bleepingcomputer.com/news/security/gym-app-management-platform-exposed-info-of-thousands-of-users/
Metacurity – Gym app management platform exposed info of thousands of users https://t.co/HAvgGJm8Q4
Metacurity – TwitterAug 18 2020 19:57
Gym app management platform exposed info of thousands of users https://www.bleepingcomputer.com/news/security/gym-app-management-platform-exposed-info-of-thousands-of-users/#.XzwyqdSuRx8.twitter
Hacker Groups
Mythic Leopard
CERT-EU – Latest Articles Ongoing Threats – RSSAug 18 2020 18:14
Also known as Transparent Tribe and C-Major. This threat actor uses social engineering and spear phishing to target military and defense organizations in India, for the purpose of espionage.
Charming Kitten
CERT-EU – Latest Articles Ongoing Threats – RSSAug 18 2020 19:44
Also known as Charming Kitten, APT 35, Newscaster, Ajax Security Team, Phosphorus, and Group 83. Possibly linked to This threat actor uses watering hole attacks and fake profiles to lure targets from the U.S. government for espionage purposes. Also…
Lazarus Group
CERT-EU – Latest Articles Ongoing Threats – RSSAug 18 2020 19:44
This threat actor targets and compromises entities primarily in South Korea and South Korean interests for espionage, disruption, and destruction. It has also been known to conduct cyber operations for financial gain, including targeting…
PLA Unit 61398
CERT-EU – Latest Articles Ongoing Threats – RSSAug 18 2020 19:44
U.S. cybersecurity firm Mandiant, later purchased by FireEye, released a report in February 2013 that exposed one of China’s cyber espionage units, Unit 61398. The group, which FireEye called APT 1, is a unit within China’s People’s Liberation Army…
Malware
US liquor giant hit by ransomware – what the rest of us can do to help
Naked Security – SophosAug 18 2020 16:59
If blackmailers dump data stolen from a company that refused to pay – don't even peek at the data, Reward the refusal…
gh0std4ncer – RT @blackorbird: #WellMess malware: analysis of its Command and Control (C2) server
“The WellMess backdoor does share some design similarit…
gh0std4ncer – TwitterAug 18 2020 15:50
RT @blackorbird: #WellMess malware: analysis of its Command and Control (C2) server
"The WellMess backdoor does share some design similarities with a previous Blue Kitsune tool called Seaduke."
Seaduke -> Duke
C2…
InfoSecHotSpot – IcedID Trojan Rebooted with New Evasive Tactics Juniper identifies phishing campaign targeting business customers w… https://t.co/XjeJr7boC7
InfoSecHotSpot – TwitterAug 18 2020 19:58
IcedID Trojan Rebooted with New Evasive Tactics Juniper identifies phishing campaign targeting business customers with malware using password protection, among other techniques, to avoid detection. https://bit.ly/3aDV4us…
kfalconspb – RT @MrBlackCipher: When you’re on a ransomware IR engagement, the malware is contained, then someone in IT restores an infected workstation…
kfalconspb – TwitterAug 18 2020 21:54
RT @MrBlackCipher: When you're on a ransomware IR engagement, the malware is contained, then someone in IT restores an infected workstation backup causing the ransomware script to run again and re-encrypt the only working DC….
Vulnerabilities
Security Bulletin: IBM Cloud Private is vulnerable to IBM WebSphere Application Server Liberty vulnerabilities (CVE-2020-4303, CVE-2020-4304)
CERT-EU VulnerabilitiesApplicationsAug 19 2020 00:10
Share this post: IBM Cloud Private is vulnerable to IBM WebSphere Application Server Liberty vulnerabilities. Affected product(s) and affected version(s): IBM Product Security Vulnerabilities. See information about: IBM Security Bulletins, IBM…
Critical flaw in Jenkins Server can cause information disclosure
Security AffairsAug 18 2020 17:55
A critical vulnerability in Jenkins server software could result in memory corruption and cause confidential information disclosure. A critical vulnerability in Jenkins server software, tracked as  …
daveaitel – RT @CVEnew: CVE-2020-7019 In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was found when running a scrolling search with F…
daveaitel – TwitterAug 18 2020 17:46
RT @CVEnew: CVE-2020-7019 In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was found when running a scrolling search with Field Level Security. If a user runs the same query another more privileged user recently ran, the scrolling…
[Bug 1869646] CVE-2019-17638 : Bump jenkins version to 2.235.5
CERT-EU VulnerabilitiesApplicationsAug 18 2020 17:26
As code freeze is in a few days, we will try to fix this one on 4.6 . Jenkins bundles Winstone-Jetty, a wrapper around Jetty, to act as HTTP and servlet server when started using java -jar jenkins.war. This is how Jenkins is run when using any of the…
Ongoing Campaigns
DDoS Extorters Claim to Be Armada Collective, Fancy Bear
Security WeekAug 18 2020 11:06
Cybercriminals claiming to represent well-known threat groups such as Fancy Bear and Armada Collective have been threatening organizations with distributed denial of service (DDoS) attacks, Akamai warns. The attacks started roughly a week ago and are…
Weekly Threat Briefing: APT Groups, Ransomware, Vulnerabilities, Zero-Day Exploits and More
ThreatStream BlogAug 18 2020 15:00
Weekly Threat Briefing: APT Groups, Ransomware, Vulnerabilities, Zero-Day Exploits and More. The various threat intelligence stories in this iteration of the Weekly Threat Briefing discuss the following topics: APT, Data breach, CactusPete,…
Operation PowerFall – Yet Another Attack Campaign Using Zero-Day Exploits
CywareAug 18 2020 18:24
Kaspersky recently revealed details about an attack campaign, launched in May 2020, against a South Korean company. What happened? Dubbed “ Operation PowerFall ,” the attack campaign involved exploitation zero-day vulnerabilities in Windows and…
New Campaign Combines Extortion, DDoS
Dark Reading:Aug 18 2020 20:10
Latest attacks bank on the reputation of two prominent APT groups to increase the threat credibility.

Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.

This alert was created automatically by our award-winning intelligence product Silobreaker Online. Story selection is determined by an algorithm and based on a set of queries initially set by a Silobreaker user. Contact productinfo[at]silobreaker[dot]com for more information.

Heat – Trending Malware and Threat Actors
Name Heat 1 Heat 7 Vol 1 Vol 7
APT28 12 38
Armada Collective Group 7 7
Guccifer2 3 4
Golang Malware 3 3
BlackEnergy 2 2
WellMess 3 13
RansomExx 2 6
Bart Ransomware 2 2
Sodinokibi Ransomware 5 28
NanoCore RAT 2 4
Data Breaches
Gym app management platform exposed info of thousands of users
BleepingComputer.comAug 18 2020 11:53
Hackers could hijack user accounts in dozens of fitness and gym mobile applications, even where the two-factor authentication (2FA) mechanism was active. […]
Dinosn – Gym app management platform exposed info of thousands of users https://t.co/BjGY0tQk2B
Dinosn – TwitterAug 18 2020 12:52
Gym app management platform exposed info of thousands of users https://www.bleepingcomputer.com/news/security/gym-app-management-platform-exposed-info-of-thousands-of-users/
BleepinComputer – Gym app management platform exposed info of thousands of users – @Ionut_Ilascu
https://t.co/wyz0gvGzh2
BleepinComputer – TwitterAug 18 2020 11:53
Gym app management platform exposed info of thousands of users – @Ionut_Ilascu
https://www.bleepingcomputer.com/news/security/gym-app-management-platform-exposed-info-of-thousands-of-users/
Metacurity – Gym app management platform exposed info of thousands of users https://t.co/HAvgGJm8Q4
Metacurity – TwitterAug 18 2020 19:57
Gym app management platform exposed info of thousands of users https://www.bleepingcomputer.com/news/security/gym-app-management-platform-exposed-info-of-thousands-of-users/#.XzwyqdSuRx8.twitter
Hacker Groups
Mythic Leopard
CERT-EU – Latest Articles Ongoing Threats – RSSAug 18 2020 18:14
Also known as Transparent Tribe and C-Major. This threat actor uses social engineering and spear phishing to target military and defense organizations in India, for the purpose of espionage.
Charming Kitten
CERT-EU – Latest Articles Ongoing Threats – RSSAug 18 2020 19:44
Also known as Charming Kitten, APT 35, Newscaster, Ajax Security Team, Phosphorus, and Group 83. Possibly linked to This threat actor uses watering hole attacks and fake profiles to lure targets from the U.S. government for espionage purposes. Also…
Lazarus Group
CERT-EU – Latest Articles Ongoing Threats – RSSAug 18 2020 19:44
This threat actor targets and compromises entities primarily in South Korea and South Korean interests for espionage, disruption, and destruction. It has also been known to conduct cyber operations for financial gain, including targeting…
PLA Unit 61398
CERT-EU – Latest Articles Ongoing Threats – RSSAug 18 2020 19:44
U.S. cybersecurity firm Mandiant, later purchased by FireEye, released a report in February 2013 that exposed one of China’s cyber espionage units, Unit 61398. The group, which FireEye called APT 1, is a unit within China’s People’s Liberation Army…
Malware
US liquor giant hit by ransomware – what the rest of us can do to help
Naked Security – SophosAug 18 2020 16:59
If blackmailers dump data stolen from a company that refused to pay – don't even peek at the data, Reward the refusal…
gh0std4ncer – RT @blackorbird: #WellMess malware: analysis of its Command and Control (C2) server
“The WellMess backdoor does share some design similarit…
gh0std4ncer – TwitterAug 18 2020 15:50
RT @blackorbird: #WellMess malware: analysis of its Command and Control (C2) server
"The WellMess backdoor does share some design similarities with a previous Blue Kitsune tool called Seaduke."
Seaduke -> Duke
C2…
InfoSecHotSpot – IcedID Trojan Rebooted with New Evasive Tactics Juniper identifies phishing campaign targeting business customers w… https://t.co/XjeJr7boC7
InfoSecHotSpot – TwitterAug 18 2020 19:58
IcedID Trojan Rebooted with New Evasive Tactics Juniper identifies phishing campaign targeting business customers with malware using password protection, among other techniques, to avoid detection. https://bit.ly/3aDV4us…
kfalconspb – RT @MrBlackCipher: When you’re on a ransomware IR engagement, the malware is contained, then someone in IT restores an infected workstation…
kfalconspb – TwitterAug 18 2020 21:54
RT @MrBlackCipher: When you're on a ransomware IR engagement, the malware is contained, then someone in IT restores an infected workstation backup causing the ransomware script to run again and re-encrypt the only working DC….
Vulnerabilities
Security Bulletin: IBM Cloud Private is vulnerable to IBM WebSphere Application Server Liberty vulnerabilities (CVE-2020-4303, CVE-2020-4304)
CERT-EU VulnerabilitiesApplicationsAug 19 2020 00:10
Share this post: IBM Cloud Private is vulnerable to IBM WebSphere Application Server Liberty vulnerabilities. Affected product(s) and affected version(s): IBM Product Security Vulnerabilities. See information about: IBM Security Bulletins, IBM…
Critical flaw in Jenkins Server can cause information disclosure
Security AffairsAug 18 2020 17:55
A critical vulnerability in Jenkins server software could result in memory corruption and cause confidential information disclosure. A critical vulnerability in Jenkins server software, tracked as  …
daveaitel – RT @CVEnew: CVE-2020-7019 In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was found when running a scrolling search with F…
daveaitel – TwitterAug 18 2020 17:46
RT @CVEnew: CVE-2020-7019 In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was found when running a scrolling search with Field Level Security. If a user runs the same query another more privileged user recently ran, the scrolling…
[Bug 1869646] CVE-2019-17638 : Bump jenkins version to 2.235.5
CERT-EU VulnerabilitiesApplicationsAug 18 2020 17:26
As code freeze is in a few days, we will try to fix this one on 4.6 . Jenkins bundles Winstone-Jetty, a wrapper around Jetty, to act as HTTP and servlet server when started using java -jar jenkins.war. This is how Jenkins is run when using any of the…
Ongoing Campaigns
DDoS Extorters Claim to Be Armada Collective, Fancy Bear
Security WeekAug 18 2020 11:06
Cybercriminals claiming to represent well-known threat groups such as Fancy Bear and Armada Collective have been threatening organizations with distributed denial of service (DDoS) attacks, Akamai warns. The attacks started roughly a week ago and are…
Weekly Threat Briefing: APT Groups, Ransomware, Vulnerabilities, Zero-Day Exploits and More
ThreatStream BlogAug 18 2020 15:00
Weekly Threat Briefing: APT Groups, Ransomware, Vulnerabilities, Zero-Day Exploits and More. The various threat intelligence stories in this iteration of the Weekly Threat Briefing discuss the following topics: APT, Data breach, CactusPete,…
Operation PowerFall – Yet Another Attack Campaign Using Zero-Day Exploits
CywareAug 18 2020 18:24
Kaspersky recently revealed details about an attack campaign, launched in May 2020, against a South Korean company. What happened? Dubbed “ Operation PowerFall ,” the attack campaign involved exploitation zero-day vulnerabilities in Windows and…
New Campaign Combines Extortion, DDoS
Dark Reading:Aug 18 2020 20:10
Latest attacks bank on the reputation of two prominent APT groups to increase the threat credibility.

Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal