Threat Reports

Cyber Alert – 20 September 2020

Heat – Trending Malware and Threat Actors
Name Heat 1 Heat 7 Vol 1 Vol 7
Ragnar Locker 4 18
Guildma Trojan 2 3
VandaTheGod 3 11
Cobalt Dickens 2 5
ReZer0 1 1
BreachDB 1 1
Mozi Malware 1 5
MassLogger 1 3
Mirai Trojan 1 4
Cerberus Malware 2 23
Data Breaches
Millions, Including World Leaders, Exposed in Chinese Data Leak
Secnewsbytes – TwitterSep 19 2020 07:10
Millions, Including World Leaders, Exposed in Chinese Data Leak https://secalerts.co/article/millions-including-world-leaders-exposed-in-chinese-data-leak #cybersecurity via @secalertsco
Exposed: 6 year old Iranian espionage campaign using Android backdoor
HackReadSep 19 2020 20:52
Home » Security » Exposed: 6 year old Iranian espionage campaign using Android backdoor
Exposed: 6 year old Iranian espionage campaign using Android backdoor
Dinosn – TwitterSep 19 2020 20:43
Exposed: 6 year old Iranian espionage campaign using Android backdoor https://www.hackread.com/iranian-espionage-campaign-using-android-backdoor/
GossiTheDog – I may do an https://t.co/AaBuE0fx7B write up of this vulnerability as there’s a surprising amount of misinformation… https://t.co/CxCBm10zu1
GossiTheDog – TwitterSep 19 2020 19:20
I may do an http://opensecurity.global write up of this vulnerability as there's a surprising amount of misinformation around, e.g. I'm seeing people saying this can't be done over the internet (it can, and lots of orgs have exposed their DCs to…
Hacker Groups
Iran`s Rana Plus car to be launched in October
Trend – RSSSep 19 2020 13:21
Iranian APT group Silent Librarian (aka Cobalt Dickens) just launched new attacks against universities in the US. New targets are; University of Adelaide and Columbia University, Several new domains on TLD: .me put in place.
peterkruse – TwitterSep 20 2020 04:21
Iranian APT group Silent Librarian (aka Cobalt Dickens) just launched new attacks against universities in the US. New targets are; University of Adelaide and Columbia University,

Several new domains on TLD: .me put in place. @USCERT_gov…
'Vakinha' breach dump catalogued in BreachDB – 4,836,878 email accounts #databreach #CyberSecurity
4,836,878 email accounts #databreach #CyberSecurity
Sign up for a FREE B…
Secnewsbytes – TwitterSep 19 2020 17:59
RT @teambreachDB: 'Vakinha' breach dump catalogued in BreachDB –
4,836,878 email accounts #databreach #CyberSecurity
Sign up for a FREE BreachDB account:
https://breachdb.ctm360.com/signup/form
Securityblog – RT @peterkruse: Iranian APT group Silent Librarian (aka Cobalt Dickens) just launched new attacks against universities in the US. New targe…
Securityblog – TwitterSep 20 2020 04:25
RT @peterkruse: Iranian APT group Silent Librarian (aka Cobalt Dickens) just launched new attacks against universities in the US. New targets are; University of Adelaide and Columbia University,

Several new domains on TLD: .me put in place….
Malware
Maze attackers adopt Ragnar Locker virtual machine technique
DataBreaches.netSep 19 2020 15:10
Andrew Brandt and Peter Mackenzie of Sophos report: While conducting an investigation into an attack in July in which the attackers repeatedly attempted to infect computers with Maze ransomware, analysts with Sophos’ Managed Threat Response (MTR)…
Ransomware: Hackers took just three days to find this fake industrial network and fill it with malware
cybersecboardrm – TwitterSep 19 2020 06:30
Ransomware: Hackers took just three days to find this fake industrial network and fill it with malware #Cybersecurity #security…
Cerberus banking Trojan source code released for free to cyberattackers
ZDNet – TwitterSep 20 2020 04:15
Cerberus banking Trojan source code released for free to cyberattackers…
Help! Malware via Malwarebytes app
MalwareTips.comSep 19 2020 20:48
Not sure what to do here…
Vulnerabilities
Micropatch for Zerologon, the "perfect" Windows vulnerability (CVE-2020-1472)
gh0std4ncer – TwitterSep 19 2020 07:29
RT @Dinosn: Micropatch for Zerologon, the "perfect" Windows vulnerability (CVE-2020-1472) https://blog.0patch.com/2020/09/micropatch-for-zerologon-perfect.html
The DHS has issued an emergency directive requiring, in law, that federal agencies patch CVE-2020-1472 aka Zerologon by Monday, or switch off unpatched domain controllers.
GossiTheDog – TwitterSep 19 2020 06:54
The DHS has issued an emergency directive requiring, in law, that federal agencies patch CVE-2020-1472 aka Zerologon by Monday, or switch off unpatched domain controllers. https://cyber.dhs.gov/ed/20-04/…
opexxx – RT @GossiTheDog: A reminder to all organisations that they should ensure they patched CVE-2020-1472 (a Netlogon vulnerability from August 2…
opexxx – TwitterSep 19 2020 09:34
RT @GossiTheDog: A reminder to all organisations that they should ensure they patched CVE-2020-1472 (a Netlogon vulnerability from August 2020 Windows patch set) on all domain controllers.
gh0std4ncer – RT @GossiTheDog: The DHS has issued an emergency directive requiring, in law, that federal agencies patch CVE-2020-1472 aka Zerologon by Mo…
gh0std4ncer – TwitterSep 19 2020 07:30
RT @GossiTheDog: The DHS has issued an emergency directive requiring, in law, that federal agencies patch CVE-2020-1472 aka Zerologon by Monday, or switch off unpatched domain controllers. https://cyber.dhs.gov/ed/20-04/…
Ongoing Campaigns
Tutanota encrypted email service suffers DDoS cyberattacks
BleepingComputer.comSep 19 2020 16:31
Encrypted email service, Tutanota has experienced a series of DDoS attacks this week, first targeting the Tutanota website and further its DNS providers. […]

