Threat Reports

  Tags: daily cyber digest

Cyber Alert – 20 July 2020

Heat – Trending Malware and Threat Actors
Name Heat 1 Heat 7 Vol 1 Vol 7
Ghost Squad Hackers 2 5
EMOTET Trojan 8 105
BazarBackdoor 2 10
Nefilim Ransomware 3 17
Turla Spyware 1 1
Powerview 1 1
njRAT Malware 1 1
BlackRock Malware 2 28
TA542 1 3
Shiny Hunters 1 4
Data Breaches
dinodaizovi – Tired: “don’t collect such-and-such data that got breached”

Wired: “here is how you can deliver this particular fe… https://t.co/n4ohBmJf4B
dinodaizovi – TwitterJul 19 2020 15:33
Tired: "don't collect such-and-such data that got breached"

Wired: "here is how you can deliver this particular feature or experience you want at scale without having to collect and/or store as much data as a potential breach liability"
neirajones – 👀 Iranian Hackers Accidentally Exposed Training Videos 🙄

#cybercrime #infosec
https://t.co/s8FcvkMdNM
#cybercrime #infosec https://t.co/rChcCCQ6cc
neirajones – TwitterJul 19 2020 12:09
👀 Iranian Hackers Accidentally Exposed Training Videos 🙄
https://bit.ly/3jljBZd
#cybercrime #infosec https://twitter.com/neirajones/status/1284822554314776576/photo/1
securityaffairs – #Iran-linked #APT35 accidentally exposed 40 GB associated with their operations

#securityaffairs #hacking #APT
https://t.co/DLhBfFmYzu
#securityaffairs #hacking #APT
securityaffairs – TwitterJul 19 2020 09:35
#Iran-linked #APT35 accidentally exposed 40 GB associated with their operations

Iran-linked APT35 accidentally exposed 40 GB associated with their operations


#securityaffairs #hacking #APT
neirajones – 👀 Iranian Hackers Accidentally Exposed Training Videos 🙄⠀
https://t.co/0mor3I8hzT ⠀
#cybercrime #infosec… https://t.co/004odgGPd7
neirajones – TwitterJul 19 2020 10:56
👀 Iranian Hackers Accidentally Exposed Training Videos 🙄⠀
https://buff.ly/3eHsc5b ⠀
#cybercrime #infosec https://instagr.am/p/CC0gNYSgbin/ https://twitter.com/neirajones/status/1284804227844505601/photo/1
Hacker Groups
Ghost Squad Hackers defaced a second European Space Agency (ESA) site in a week
CERT-EU – Latest Articles Ongoing Threats – RSSJul 19 2020 19:54
Read the original article: Ghost Squad Hackers defaced a second European Space Agency (ESA) site in a week A group of hacktivists that goes online with the name Ghost Squad Hackers has defaced for the second time in a week a site of the European…
NCSC – Detection and mitigation advice for organisations involved in coronavirus vaccine development targeted with custom malware by APT29
ncsc – TwitterJul 19 2020 07:22
Detection and mitigation advice for organisations involved in coronavirus vaccine development targeted with custom malware by APT29 https://www.ncsc.gov.uk/news/advisory-apt29-targets-covid-19-vaccine-development…
jorgeorchilles – @EdgarR0jas Cozy Bear
jorgeorchilles – TwitterJul 19 2020 14:27
@EdgarR0jas Cozy Bear
anon_indonesia – The Anonymous Indonesia News Daily is out! Stories via @sureshdr #jakpost
anon_indonesia – TwitterJul 20 2020 03:14
The Anonymous Indonesia News Daily is out! https://paper.li/anon_indonesia/1435572762?edition_id=2b7bff20-ca37-11ea-b578-002590a5ba2d Stories via @sureshdr #jakpost
Malware
ZDNet – Bazar backdoor linked to Trickbot banking Trojan campaigns
ZDNet – TwitterJul 19 2020 10:15
Bazar backdoor linked to Trickbot banking Trojan campaigns…
ZDNet – Bazar backdoor linked to Trickbot banking Trojan campaigns https://t.co/R5QX79xZfc
ZDNet – TwitterJul 19 2020 15:30
Bazar backdoor linked to Trickbot banking Trojan campaigns…
Data stolen in ransomware attack on French telco Orange
SiliconANGLEJul 20 2020 02:58
French telecommunications company Orange S.A. has been targeted by a ransomware attack with data stolen. First reported by Bleeping Computer, the ransomware attack targeted Orange’s Business Services division that offers enterprise solutions…
Emotet botnet returns with new Microsoft Office phishing campaign
SiliconANGLEJul 20 2020 02:52
The infamous botnet Emotet is back after a five-month break with a new Microsoft Office phishing campaign. The return of Emotet was first spotted by Malwarebytes Labs July 13 and the campaign took off by July 17. Emotet first emerged in 2014, and…
Vulnerabilities
HoneyPoC: Data Analytics from the FakePoC of CVE-2020-1350
Reddit – NetsecJul 20 2020 00:08
submitted by /u/6yearsisalongtimetoo [link] [comments]
cybersecboardrm – Major Flaws Open the Edge to Attack #Cybersecurity #digital #infosec
cybersecboardrm – TwitterJul 20 2020 01:52
Major Flaws Open the Edge to Attack #Cybersecurity #digital #infosec https://www.darkreading.com/perimeter/major-flaws-open-the-edge-to-attack/d/d-id/1338375?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple&utm_source=dlvr.it&utm_medium=twitter
Dinosn – Micropatch Available for "SIGRed", the Wormable Remote Code Execution in Windows DNS Server (CVE-2020-1350)
Dinosn – TwitterJul 19 2020 05:48
Micropatch Available for "SIGRed", the Wormable Remote Code Execution in Windows DNS Server (CVE-2020-1350) https://blog.0patch.com/2020/07/micropatch-available-for-sigred.html
Firewall defense from LibSSH Authentication Bypass AKA CVE-2018–10993
CERT-EU VulnerabilitiesApplicationsJul 19 2020 17:21
In this story, I share with you the research and defense solution against the LibSSH authentication bypass vulnerability, on the year of discovery, as I’ve developed during an Information Security workshop at Tel-Aviv University. The solution enables…
Ongoing Campaigns
Diebold Nixdorf warns of a wave of ATM black box attacks across Europe
Security AffairsJul 19 2020 09:27
ATM maker Diebold Nixdorf is warning banks a new ATM black box attack technique that was recently employed in cyber thefts in Europe. Black box attacks…
Overconfident about their security, businesses are falling victims to bot attacks
Help Net Security – NewsJul 20 2020 03:00
Many businesses are at risk from bot attacks, despite an awareness of the problem and a widely held belief that they have the problem under control, Netacea reveals. Global businesses at risk from bot attacks The research surveyed businesses…

