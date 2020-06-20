Silobreaker

Threat Reports

Cyber Alert – 20 June 2020

Silobreaker’s Daily Cyber Alert is created and distributed automatically by using our award-winning intelligence product Silobreaker Online.

Heat – Trending Malware and Threat Actors
Name Heat 1 Heat 7 Vol 1 Vol 7
InvisiMole Group 8 33
ACIDBOX 6 29
Turla Spyware 4 5
IcedID Trojan 5 16
Bundlore 3 8
Stuxnet 3 11
Mailto Ransomware 6 7
Turla APT Group 4 12
Neverquest Trojan 2 2
APT30 2 2
Data Breaches
European and North American Countries are Least Exposed to Cyberattacks, New Study Reveals
HOTforSecurityJun 19 2020 12:42
BrianHonan – Hiqa suffered 22 data protection breaches since last year, figures reveal – email account hijacking is mentioned as… https://t.co/FczXisWw4X
BrianHonan – TwitterJun 19 2020 08:01
Hiqa suffered 22 data protection breaches since last year, figures reveal – email account hijacking is mentioned as a breach vector. We see this often when investigating breaches. Please enable MFA on all accounts…
Former DIA Analyst Sentenced to Prison Over Data Leak
Threatpost.comJun 19 2020 20:46
A former Defense Intelligence Agency analyst leaked classified information to two journalists – one of whom he was dating – shedding light on insider threats.
Oracle’s BlueKai tracks you across the web. That data spilled online
Office of Inadequate SecurityJun 19 2020 15:35
Zack Whittaker reports on a leak by Oracle’s BlueKai that exposed tons of consumer data.  Oracle’s not saying…
Hacker Groups
benkow_ – Isn’t that TA564 ?! https://t.co/STWsFmRHYv
benkow_ – TwitterJun 19 2020 11:18
Isn't that TA564 ?! https://twitter.com/MsftSecIntel/status/1273359829390655488
Exposing Ashiyane Digital Security Team – An OSINT Analysis
Dancho Danchev’s Blog – Mind Streams of Information Security KnowledgeJun 19 2020 14:08
Dear blog readers, I wanted to let you know that I've decided to publish a set of high-profile and personally identifiable personal photos of all the leading and currently active Iran-based hacking and Web site defacement groups with the idea to…
InfoSecHotSpot – InvisiMole Group Resurfaces Touting Fresh Toolset, Gamaredon Partnership The InvisiMole threat group has resurfaced… https://t.co/uxmb3YAmk3
InfoSecHotSpot – TwitterJun 19 2020 15:58
InvisiMole Group Resurfaces Touting Fresh Toolset, Gamaredon Partnership The InvisiMole threat group has resurfaced in a new campaign, revealing a new toolset and a strategic collaboration with the high-profile Gamaredon advanced persistent threat…
YourAnonCentral – Anonymous is a global collective; the United States arrested a couple hackers years ago and falsely announced that… https://t.co/qZAESEk9LD
YourAnonCentral – TwitterJun 19 2020 07:21
Anonymous is a global collective; the United States arrested a couple hackers years ago and falsely announced that we were over, which had no impact on the rest of the world.

We never left, we are all very real. You can't kill an idea….
Malware
Mysterious ‘AcidBox’ Malware Used Turla Exploit to Target Russian Organizations
SecurityWeek RSS FeedJun 19 2020 11:18
Targeted attacks delivering a new piece of malware leveraged an exploit previously associated with the Russian-linked Turla hacking group, Palo Alto Networks reveals. …
Ransomware explained: How it works and how to remove it
CERT-EU VulnerabilitiesApplicationsJun 19 2020 10:06
Ransomware definition. Ransomware is a form of malware that encrypts a victim's files. The attacker then demands a ransom from the victim to restore access to the data upon payment. Users are shown instructions for how to pay a fee to get the…
Vulnerabilities
NA – CVE-2020-13276 – User is allowed to set an email as a…
CERT-EU VulnerabilitiesApplicationsJun 20 2020 03:50
This vulnerability is currently undergoing analysis and not all information is available. Please check back soon to view the completed vulnerability summary User is allowed to set an email as a notification email even without verifying the new email…
NA – CVE-2020-14930 – An issue was discovered in BT CTROMS Terminal…
CERT-EU VulnerabilitiesApplicationsJun 20 2020 03:50
An issue was discovered in BT CTROMS Terminal OS Port Portal CT-464. Account takeover can occur because the password-reset feature discloses the verification token. Upon a getverificationcode.jsp request, this token is transmitted not only to the…
Security Flaws & Fixes – W/E – 6/19/20
Tech-Wreck InfoSec BlogJun 19 2020 12:33
Adobe Issues Security Bulletins for 18 Bugs (06/16/2020) Adobe has published security bulletins for a number of its products….
NA – CVE-2020-13275 – A user with an unverified email address could…
CERT-EU VulnerabilitiesApplicationsJun 20 2020 03:50
This vulnerability is currently undergoing analysis and not all information is available. Please check back soon to view the completed vulnerability summary A user with an unverified email address could request an access to domain restricted groups in…
Ongoing Campaigns
AcidBox, a malware that borrows Turla APT exploit, hit Russian organizations
Security AffairsJun 19 2020 13:50
New AcidBox Malware employed in targeted attacks leverages an exploit previously associated with the Russian-linked Turla APT group. Palo Alto Networks researchers analyzed a new malware, dubbed AcidBox, that was employed in targeted attacks and…
NetWalker claims credit for attack on Crozer-Keystone Health System
SC Magazine USJun 20 2020 02:44
The NetWalker ransomware group claimed to be behind an attack on Philadelphia area Crozer-Keystone Health System, prompting the health care provider to take systems offline. The hackers are threatening to begin releasing information nicked in the…

