Cyber Alert – 20 August 2020
|Heat – Trending Malware and Threat Actors
|Name
|Heat 1
|Heat 7
|Vol 1
|Vol 7
|WannaRen
|21
|21
|LokiBot Trojan
|25
|63
|Golang Malware
|9
|12
|PurpleWave
|7
|7
|APT28
|11
|49
|Stop Ransomware
|3
|5
|AgentTesla Keylogger
|5
|16
|Nefilim Ransomware
|3
|4
|IRCflu
|2
|2
|EquationDrug
|2
|2
|Data Breaches
|235 Million Instagram, TikTok And YouTube User Profiles Exposed In Massive Data Leak
|Forbes – Cybersecurity RSS – Aug 19 2020 13:00
|Got an Instagram, TikTok or YouTube account? 235 million users potentially affected by massive profile data leak.
|‘Cense.AI’ Exposed 2.5 Million Medical Records Online
|TechNadu – Aug 19 2020 10:18
|An AI-based SaaS solution provider has exposed a large number of sensitive records online. The firm has also risked its network to ransomware attacks and even a catastrophic takeover. The data that has been leaked concern people who receive medical…
|Hacker Groups
|RedCurl APT Group Launched Massive Corporate Espionage Campaign
|Cyware – Aug 19 2020 18:24
|An advanced persistent threat group—apparently filled with Russian speakers—has gone beyond the modus operandi of simple cybercrime to now specialize in corporate espionage. RedCurl, the concealed adversary Cybersecurity firm Group-IB discovered the…
|A deep dive into Avivore
|Science Direct Computer Fraud Security – RSS – Aug 19 2020 14:19
|Publication date: August 2020 Source: Computer Fraud & Security, Volume 2020, Issue 8 Author(s): Oliver Fay
|Bank_Security – The extortion demands are originating from copycats using the reputation of known attack groups like Fancy Bear and… https://t.co/m42H9PHBrM
|Bank_Security – Twitter – Aug 19 2020 07:12
|The extortion demands are originating from copycats using the reputation of known attack groups like Fancy Bear and Armada Collective as a means of intimidation in order to expedite payment.
|thegrugq – RT @nicoleperlroth: The Senate report also confirms what has long been reported: Fancy Bear aka APT28 aka Unit 26165 handled the technical…
|thegrugq – Twitter – Aug 19 2020 06:23
|RT @nicoleperlroth: The Senate report also confirms what has long been reported: Fancy Bear aka APT28 aka Unit 26165 handled the technical bits of the 2016 hacking campaign. Sandworm aka BlackEnergy aka 74455 oversaw the influence operation, as well…
|Malware
|WannaRen ransomware author contacts security firm to share decryption key
|ZDNet Security – Aug 19 2020 13:13
|A major ransomware outbreak hit China back in April.
|Vulnerabilities
|Actively exploited CVE-2020-1464 Windows Spoofing flaw was known since 2018
|Security Affairs – Aug 19 2020 07:42
|The actively exploited Windows spoofing vulnerability (CVE-2020-1464) recently patched by Microsoft has been known for more than two years. The actively exploited Windows spoofing flaw, tracked as …
|Ongoing Campaigns
|Emotet’s Rapid Infection Further Contaminates US, UK Businesses Using COVID-19 Spam
|Cyware – Aug 19 2020 19:24
|Emotet malware had been dormant between February 2020 to mid-July 2020. Now, by observing the rapid rate of updates in its features and capabilities, it seems the developers behind the botnet are planning to compensate for the lost timespan by making…
|Voice Phishers Targeting Corporate VPNs
|Krebs on Security – Aug 19 2020 13:55
|The COVID-19 epidemic has brought a wave of email phishing attacks that try to trick work-at-home employees into giving away credentials needed to remotely access their employers’ networks. But one increasingly brazen group of crooks is…
|Threat Recap: Darkside, Crysis, Negasteal, Coinminer 8/19/20 12:00 PM
|Trend Micro – Aug 19 2020 10:42
|Insights and analysis by Miguel Ang, Raphael Centeno, Don Ovid Ladores, Nikko Tamaña, and Llallum Victoria In the past few weeks, we have spotted notable developments for different types of threats. For ransomware, a new family named Darkside…
|Recent Deeds Of REvil Ransomware Family – A Quick Look
|Cyware – Aug 19 2020 18:24
|REvil (aka Sodinokibi) is ransomware that first appeared in early 2019. This ransomware has made its name as one of the notorious malware families. Here is a quick look at its recent deeds. Top targets In the past few months, the REvil ransomware…
