20 February 2021
This alert was created automatically by our award-winning intelligence product Silobreaker Online. Story selection is determined by an algorithm and based on a set of queries initially set by a Silobreaker user. Contact us here for more information.
Heat – Trending Malware and Threat Actors
| Name | Heat 1 | Heat 7 | Vol 1 | Vol 7 |
|---|---|---|---|---|
| MassLogger |  |
 |
13 | 28 |
| Cuba Ransomware | |
 |
6 | 6 |
| DoppelPaymer Ransomware |  |
|
6 | 24 |
| Turla Spyware | |
|
4 | 5 |
| Myanmar Hackers | |
|
3 | 4 |
| Silver Sparrow Malware | |
|
3 | 4 |
| Bluenoroff | |
|
3 | 11 |
| AppleJeus Trojan | |
|
3 | 17 |
| Sunburst Backdoor | |
 |
7 | 20 |
| Maze Ransomware | |
|
4 | 16 |
Data Breaches
Jamaica’s immigration website exposed thousands of travelers’ dataSeclists.org – Data Loss – Feb 19 2021 15:49Posted by Destry Winant on Feb 19 hxxps://techcrunch[.]com/2021/02/17/jamaica-immigration-travelers-data-exposed/ A security lapse by a Jamaican government contractor has exposed immigration records and COVID-19 test results for hundreds of thousa…
When a breach occurs, how teams act and react is critical to how smoothly a business gets back on track. One common problem is sharing inaccurate and ineffective information, which will increase confusion and sow mistrust.
More on breach etiquette: hxxps://bit[.]ly/3bgdS3HDarkReading – Twitter – Feb 19 2021 16:10When a breach occurs, how teams act and react is critical to how smoothly a business gets back on track. One common problem is sharing inaccurate and ineffective information, which will increase confusion and sow mistrust.
More on breach etiquette:…
More on breach etiquette: hxxps://bit[.]ly/3bgdS3HDarkReading – Twitter – Feb 19 2021 16:10When a breach occurs, how teams act and react is critical to how smoothly a business gets back on track. One common problem is sharing inaccurate and ineffective information, which will increase confusion and sow mistrust.
More on breach etiquette:…
Breach Etiquette: How to Mind Your Manners When It MattersSeclists.org – Data Loss – Feb 19 2021 15:49Posted by Destry Winant on Feb 19…
Massive Breach Fuels Calls For US Action On Cybersecurity – Associated PressSecurityPhresh – Feb 19 2021 10:37Massive breach fuels calls for US action on cybersecurityAssociated Press
Hacker Groups
Data Breaches: ShinyHunters’ Dominance ContinuesITSecurity.Org – RSS – Feb 19 2021 15:50Feedzy Cybercrime , Fraud Management & Cybercrime , Fraud Risk Management Prolific Cybercrime Group Recently Tied to Breaches of E-Commerce and Dating Sites (euroinfosec) o February 18, 2021 ShinyHunters disclosed its breach of dating site…
Every industry has defining moments. The APT1 report that came out 8 years ago today is one of those moments for #infosec.
Watch the actual APT1 attacker sessions and intrusion activities in the video below.
▶️ Read the APT1 report: hxxp://feye[.]io/apt1 hxxps://twitter[.]com/Mandiant/status/1362853013518503936/video/1
Mandiant – Twitter – Feb 19 2021 19:54Every industry has defining moments. The APT1 report that came out 8 years ago today is one of those moments for #infosec.Watch the actual APT1 attacker sessions and intrusion activities in the video below.
▶️ Read the APT1 report:…
“And if the sophisticated, advanced, persistent, threat actors had access sufficient to modify the stored software code which was then fed out to at least 100 customer companies, then shouldn’t we assume they probably had (or have) much wider reach as well?”VickerySec – Twitter – Feb 20 2021 00:51“And if the sophisticated, advanced, persistent, threat actors had access sufficient to modify the stored software code which was then fed out to at least 100 customer companies, then shouldn’t we assume they probably had (or have) much wider reach…
RT @RangoonPost: Myanmar hackers target military-run websites after internet blackout hxxp://news[.]yahoo[.]com/myanmar-hackers-target-military-run-095426398.html?soc_src=community&soc_trk=tw via @YahooNewsAnonymousSwizz – Twitter – Feb 20 2021 00:01RT @RangoonPost: Myanmar hackers target military-run websites after internet blackout hxxp://news[.]yahoo[.]com/myanmar-hackers-target-military-run-095426398.html?soc_src=community&soc_trk=tw via @YahooNews
Malware
IronNetInjector: Turla’s New Malware Loading ToolUnit 42 – Palo Alto Networks Blog – Feb 19 2021 14:00IronPython has been used for malicious purposes before, but in its new malware loading tool IronNetInjector, threat group Turla uses it in a new way. The post …
Kia outage may be the result of ransomware A week-long outage for Kia is reportedly connected to a ransomware attack from the DoppelPaymer gang, says BleepingComputer. hxxps://tek[.]io/3uflw77 hxxps://twitter[.]com/InfoSecHotSpot/status/1362962954791051264/photo/1InfoSecHotSpot – Twitter – Feb 20 2021 03:11Kia outage may be the result of ransomware A week-long outage for Kia is reportedly connected to a ransomware attack from the DoppelPaymer gang, says BleepingComputer. hxxps://tek[.]io/3uflw77…
DoppelPaymer Gang Reportedly Attacked Kia Motors America with RansomwareHOTforSecurity – Feb 19 2021 15:11…
MacOS users warned of new EvilQuest malwareIT Pro UK – Feb 19 2021 15:18Security researchers have warned they’ve spotted a third ransomware variant that targets macOS in the wild. According to Varonis’s February 2021 Malware Trends Report , EvilQuest, also known as ThiefQuest, and Mac[.]Ransom.K, is ransomware that…
Vulnerabilities
Smart doorbells and cameras are loaded with dumb software flaws hxxps://www[.]cyberscoop[.]com/geeni-merkury-smart-doorbells-cameras-flaws-research/CyberScoopNews – Twitter – Feb 20 2021 02:12Smart doorbells and cameras are loaded with dumb software flaws hxxps://www[.]cyberscoop[.]com/geeni-merkury-smart-doorbells-cameras-flaws-research/
CVE-2020-9050 Path Traversal vulnerability exists in Metasys Reporting Engine (MRE) Web Services which could allow a remote unauthenticated attacker to access and download arbitrary files from the system. hxxps://cve[.]mitre[.]org/cgi-bin/cvename.cgi?name=CVE-2020-9050CVEnew – Twitter – Feb 19 2021 18:45CVE-2020-9050 Path Traversal vulnerability exists in Metasys Reporting Engine (MRE) Web Services which could allow a remote unauthenticated attacker to access and download arbitrary files from the system….
Re: CVE-2021-20200: Linux kernel: close race between munmap() and expand_upwards()/downwards()Open Source Security – Feb 19 2021 18:54Posted by Rohit Keshri on Feb 19 Hello Alexandros, CVE-2021-20200 is a duplicate of CVE-2020-29369, and we are revoking this. Regards, .. Rohit Keshri / Red Hat Product Security Team PGP: OX01BC 858A 07B7 15C8 EF33 BFE2 2EEB 0CBC 84A4 4C2D secalert…
CVE-2020-24617 Mailtrain through 1.24.1 allows SQL Injection in statsClickedSubscribersByColumn in lib/models/campaigns[.]js via /campaigns/clicked/ajax because variable column names are not properly escaped. hxxps://cve[.]mitre[.]org/cgi-bin/cvename.cgi?name=CVE-2020-24617CVEnew – Twitter – Feb 19 2021 23:45CVE-2020-24617 Mailtrain through 1.24.1 allows SQL Injection in statsClickedSubscribersByColumn in lib/models/campaigns[.]js via /campaigns/clicked/ajax because variable column names are not properly escaped….
Ongoing Campaigns
New Masslogger Trojan variant exfiltrates user credentialsSecurity Affairs – Feb 19 2021 18:06MassLogger Windows credential stealer infamous is back and it has been upgraded to steal credentials from Outlook, Chrome,…
Masslogger Trojan Upgraded to Steal All Your Outlook, Chrome CredentialsTHN : The Hacker News – Feb 19 2021 09:18A credential stealer infamous for targeting Windows systems has resurfaced in a new phishing campaign that aims to steal credentials from Microsoft Outlook, Google Chrome, and instant messenger apps. Primarily directed against users in Turkey, Latvia,…
RT @kmkz_security: WINDOWS KERNEL ZERO-DAY EXPLOIT (CVE-2021-1732) IS USED BY BITTER APT IN TARGETED ATTACK
hxxps://ti[.]dbappsecurity[.]com[.]cn/blog/index.php/2021/02/10/windows-kernel-zero-day-exploit-is-used-by-bitter-apt-in-targeted-attack/Securityblog – Twitter – Feb 19 2021 10:08RT @kmkz_security: WINDOWS KERNEL ZERO-DAY EXPLOIT (CVE-2021-1732) IS USED BY BITTER APT IN TARGETED ATTACK
hxxps://ti[.]dbappsecurity[.]com[.]cn/blog/index.php/2021/02/10/windows-kernel-zero-day-exploit-is-used-by-bitter-apt-in-targeted-attack/
hxxps://ti[.]dbappsecurity[.]com[.]cn/blog/index.php/2021/02/10/windows-kernel-zero-day-exploit-is-used-by-bitter-apt-in-targeted-attack/Securityblog – Twitter – Feb 19 2021 10:08RT @kmkz_security: WINDOWS KERNEL ZERO-DAY EXPLOIT (CVE-2021-1732) IS USED BY BITTER APT IN TARGETED ATTACK
hxxps://ti[.]dbappsecurity[.]com[.]cn/blog/index.php/2021/02/10/windows-kernel-zero-day-exploit-is-used-by-bitter-apt-in-targeted-attack/
DDoS Attacks in Fourth Quarter of 2020 – A ReportCyware – Feb 19 2021 20:28According to an analysis by Kaspersky , DDoS attacks were observed to be reducing in late-2020. One of the main reasons behind this drop is that cybercriminals are now repurposing their botnets towards cryptomining. DDoS attack trends in Q4 2020…
Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.
