Threat Reports

Cyber Alert – 22 July 2020

This alert was created automatically by our award-winning intelligence product Silobreaker Online. Story selection is determined by an algorithm and based on a set of queries initially set by a Silobreaker user. Contact productinfo[at]silobreaker[dot]com for more information.

Heat – Trending Malware and Threat Actors
Name Heat 1 Heat 7 Vol 1 Vol 7
EMOTET Trojan 28 154
QakBot 9 15
LokiBot Trojan 26 73
Stuxnet 6 22
KeyBoy malware 2 2
Shedun Malware 2 2
Android.HiddenAds 2 2
Rancor Group 2 2
Android BankBot 2 2
China Chopper 2 2
Data Breaches
7 VPN services left data of millions of users exposed online
Security AffairsJul 21 2020 12:40
vpnMentor experts reported that seven Virtual Private Network (VPN)  recently left 1.2 terabytes of private user data exposed to online. Security experts from vpnMentor have discovered a group of seven free VPN (virtual private network) apps that…
hackerfantastic – RT @stevelord: Iranian hacker training videos exposed online https://t.co/6rS8JAb1yB https://t.co/q9gzYTtSNP
hackerfantastic – TwitterJul 21 2020 16:45
RT @stevelord: Iranian hacker training videos exposed online https://www.zdnet.com/article/iranian-cyberspies-leave-training-videos-exposed-online/?utm_source=dlvr.it&utm_medium=twitter https://twitter.com/stevelord/status/1285616674775990275/photo/1…
Microsoft 365 adds endpoint data leak protection in public preview
BleepingComputer.comJul 21 2020 19:29
Microsoft announced today the extension of Data Loss Prevention (Endpoint DLP) to Microsoft 365 customers' endpoints, making it easier for organizations to prevent data leaks, inappropriate or unintentional data sharing or transfer, and other similar…
Secnewsbytes – Expanse Researchers Show More Than 8,000 F5 BIG-IP TMUIs Are Still Exposed on the Internet | Expanse Inc. https://t.co/FsinC7biOg
Secnewsbytes – TwitterJul 21 2020 05:21
Expanse Researchers Show More Than 8,000 F5 BIG-IP TMUIs Are Still Exposed on the Internet | Expanse Inc. https://expanse.co/blog/expanse-researchers-show-more-than-8000-f5-big-ip-tmuis-are-still-exposed-on-the-internet/
Hacker Groups
Latest Golden Chickens MaaS Tools Updates and Observed Attacks
BluelivJul 21 2020 15:44
Four new different attacks have been observed using malware as a service from the Golden Chickens portfolio throughout March and April that are now being declassified. The analysis concludes that the MaaS Operator Badbullzvenom is responsible…
thegrugq – RT @instacyber: https://t.co/pD4sw10Tl6: “I view the disclosed activity as so different from known-prior APT29 behavior that it deserves to…
thegrugq – TwitterJul 21 2020 12:35
RT @instacyber: https://pylos.co/2020/07/17/that-crazy-cozy-bear/: "I view the disclosed activity as so different from known-prior APT29 behavior that it deserves to be carved out as a separate entity.

I'd say I disagree here. APT29 has always had…

Bing_Chris – This is almost definitely APT41
https://t.co/P1oKqXfB4Q
Bing_Chris – TwitterJul 21 2020 16:31
This is almost definitely APT41
https://www.fireeye.com/blog/threat-research/2020/03/apt41-initiates-global-intrusion-campaign-using-multiple-exploits.html
Iranian APT exposes operations on misconfigured server. Molerats resurface with malicious Android app. More ransomware with OT targeting capabilities.
The CyberWireJul 21 2020 20:06
At a glance. Iranian threat actor exposes operations on misconfigured server. The Molerats resurface with a malicious Android app. More ransomware gains OT-specific targeting capabilities. Emotet operators launch new phishing campaigns. Zoom fixes…
Malware
Emotet botnet is now heavily spreading QakBot malware
BleepingComputer.comJul 21 2020 17:25
Researchers tracking Emotet botnet noticed that the malware started to push QakBot banking trojan at an unusually high rate, replacing the longtime TrickBot payload. […]
BleepinComputer – Emotet botnet is now heavily spreading QakBot malware – @Ionut_Ilascu
https://t.co/QNohbFHZLH
BleepinComputer – TwitterJul 21 2020 17:58
Emotet botnet is now heavily spreading QakBot malware – @Ionut_Ilascu
https://www.bleepingcomputer.com/news/security/emotet-botnet-is-now-heavily-spreading-qakbot-malware/
Emotet Resumes Activity After Five Months of Silence
Security WeekJul 21 2020 11:06
The Emotet Trojan has resumed activity after more than five months of absence from the threat landscape, security researchers warn. Active for over half a decade, has evolved from a banking Trojan to information stealer and malware downloader, and has…
JRoosen – RT @BleepinComputer: Emotet botnet is now heavily spreading QakBot malware – @Ionut_Ilascu
https://t.co/QNohbFHZLH
JRoosen – TwitterJul 22 2020 02:28
RT @BleepinComputer: Emotet botnet is now heavily spreading QakBot malware – @Ionut_Ilascu
https://www.bleepingcomputer.com/news/security/emotet-botnet-is-now-heavily-spreading-qakbot-malware/
Vulnerabilities
InfoSecHotSpot – Details and PoC for critical SharePoint RCE flaw released Last week, a “wormable” remote code execution flaw in the… https://t.co/YorX9vlcVb
InfoSecHotSpot – TwitterJul 21 2020 10:58
Details and PoC for critical SharePoint RCE flaw released Last week, a “wormable” remote code execution flaw in the Windows DNS Server service (CVE-2020-1350) temporarily overshadowed all the other flaws patched by Microsoft on July 2020 Patch…
thinksnews – CVE-2020-1350 – Windows DNS Server Vulnerability – SIGRed https://t.co/DUJXW4vara
thinksnews – TwitterJul 21 2020 08:19
CVE-2020-1350 – Windows DNS Server Vulnerability – SIGRed https://vrls.ws/posts/cve-2020-1350-windows-dns-server-vulnerability-sigred/
Critical Adobe Photoshop Flaws Patched in Emergency Update
Threatpost.comJul 21 2020 15:06
Adobe issued out-of-band patches for critical flaws tied to 12 CVEs in Photoshop and other applications.
SecurityWeek – Adobe Patches Critical Code Execution Flaws in Bridge, Photoshop, Prelude https://t.co/gmBzMEe64B
SecurityWeek – TwitterJul 21 2020 15:24
Adobe Patches Critical Code Execution Flaws in Bridge, Photoshop, Prelude https://www.securityweek.com/adobe-patches-critical-code-execution-flaws-bridge-photoshop-prelude
Ongoing Campaigns

Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.

More News

  • COVID-19 Alert – 03 August 2020

    Silobreaker's Daily COVID-19 Alert for 03 August 2020
  • Cyber Alert – 03 August 2020

    Cyber Alert: InfoSecHotSpot - 10 billion records exposed in unsecured databases, study says The databases contain personal information that could… https://t.co/LYBl2kpNgL...
  • COVID-19 Alert – 02 August 2020

    Silobreaker's Daily COVID-19 Alert for 02 August 2020
View all News

Request a demo

Get in touch