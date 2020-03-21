Cyber Alert – 21 March 2020
|Heat – Trending Malware and Threat Actors
|Name
|Heat 1
|Heat 7
|Vol 1
|Vol 7
|Mirai Trojan
|6
|6
|Hawkeye Malware
|5
|7
|Maze Ransomware
|7
|22
|Digital Revolution (hacker group)
|4
|4
|Mukashi
|4
|5
|TA505
|4
|9
|APT28
|4
|14
|PwndLocker
|3
|7
|Netwire RAT
|2
|2
|Ako Ransomware
|2
|5
|Data Breaches
|Data Breaches – W/E – 3/20/20
|Tech-Wreck InfoSec Blog – Mar 20 2020 12:50
|500,000 Legal, Financial Files Leaked from Unused Mobile App (03/17/2020) More than half a million legal and financial documents were exposed through an app that is no longer in use. Researchers at vpnMentor first uncovered the…
|Five billion records exposed in open ‘data breach database’
|Seclists.org – Data Loss – Mar 20 2020 14:53
|Posted by Destry Winant on Mar 20…
|Unsecured Database Exposed 8 Million UK Shoppers Records
|Seclists.org – Data Loss – Mar 20 2020 14:53
|Posted by Destry Winant on Mar 20…
|Norwegian Cruise Line Hit By Data Breach As COVID-19 Continues To Impact Travel Industry
|Forbes – Cybersecurity RSS – Mar 20 2020 14:09
|Travel agents advised to change passwords after Norwegian Cruise Line portal breach
|Hacker Groups
|Report reveals APT28 email scanning activities
|IT Security Guru – Mar 20 2020 11:05
|For the past year, one of Russia’s top state-sponsored hacking units has spent its time scanning and probing the internet for vulnerable email servers, according to a report published yesterday by cyber-security firm Trend Micro. The report deals…
|Russia-linked APT28 has been scanning vulnerable email servers in the last year
|Security Affairs – Mar 20 2020 12:47
|Experts warn of scanning activity conducted by Russia-linked APT28 cyberespionage group, hackers are searching for vulnerable mail servers. According to security researchers from Trend Micro, the Russia-linked …
|The Federal Security Service (FSB) of the Russian Federation purchased equipment for hacking smart devices – Hacker group Digital Revolution
|E Hacking News – Mar 21 2020 04:36
|Hacker group Digital Revolution published documents according to which the FSB ordered the creation of the Fronton program for organizing cyberattacks using the Internet of things devices. According to the technical documentation published by hackers,…
|Russia-Linked Cybercriminals Use Legitimate Tools in Attacks on German Firms
|Security Week – Mar 20 2020 13:25
|In a campaign targeting German companies, the infamous Russia-linked threat actor known as TA505 has been using legitimate tools in addition to malware, Prevailion reports. Also referred to as Evil Corp, is best known for the use of the Dridex Trojan…
|Malware
|Phishing attempts impersonate WHO to deliver HawkEye Malware
|IT Security Guru – Mar 20 2020 11:05
|An ongoing phishing campaign delivering emails posing as official messages from the Director-General of the World Health Organization (WHO) is actively spreading HawkEye malware payloads onto the devices of unsuspecting victims. This spam campaign…
|Revamped HawkEye Keylogger Swoops in on Coronavirus Fears
|Threatpost.com – Mar 20 2020 20:28
|Emails claiming to be directly from WHO’s Dr. Tedros Adhanom Ghebreyesus offer "drug advice" — and malware infections.
|TrickBot banking trojan introduces RDP brute forcing module
|SC Magazine US – Mar 20 2020 12:07
|Malicious actors have created a new module for the TrickBot banking trojan that allows the malware to perform brute force attacks on Microsoft’s Remote Desktop Protocol, specifically targeting U.S. and Hong Kong IP addresses. The module, called…
|PwndLocker Fixes Crypto Bug, Rebrands as ProLock Ransomware
|BleepingComputer.com – Mar 20 2020 21:01
|PwndLocker has rebranded as the ProLock Ransomware after fixing a crypto bug that allowed a free decryptor to be created. […]
|Vulnerabilities
|Proof of Concept Released for kr00k Wi-Fi Vulnerability
|Dark Reading – All Stories – Mar 20 2020 16:45
|The code demonstrates a relatively simple method to exploit a vulnerability in more than a billion devices.
|Security Flaws & Fixes – W/E – 3/20/20
|Tech-Wreck InfoSec Blog – Mar 20 2020 12:52
|Adobe Releases Patches for Acrobat, Photoshop (03/18/2020) Adobe released a number of …
|Bored during lockdown? Why not try out these data-spilling KrØØk Wi-Fi bug exploits against your nearby devices
|The Register – Mar 20 2020 22:08
|It's not like you can snoop on anyone right now anyway, right? Proof-of-concept exploit code has emerged for last month 's data-leaking KrØØk vulnerability present in a billion-plus Wi-Fi-connected devices and computers. The team at infosec outfit…
|New Mirai Variant Delivered to Zyxel NAS Devices Via Recently Patched Flaw
|Security Week – Mar 20 2020 20:06
|A new variant of the notorious malware has been delivered by cybercriminals to network-attached storage (NAS) devices made by Zyxel through the exploitation of a recently patched vulnerability. Zyxel informed customers last month that some of its and are…
|Ongoing Campaigns
