22 November 2020

This alert was created automatically by our award-winning intelligence product Silobreaker Online. Story selection is determined by an algorithm and based on a set of queries initially set by a Silobreaker user. Contact us here for more information.

Heat – Trending Malware and Threat Actors
Name Heat 1 Heat 7 Vol 1 Vol 7
Grelos Skimmer 4 24
PwndLocker 3 6
QakBot 5 16
Phorpiex Malware 2 7
Zloader Malware 2 16
BANLOAD Trojan 1 1
Trickbot Malware 9 44
Mount Locker Ransomware 2 21
Bart Ransomware 1 1
LulzSec 1 6
Data Breaches
Secnewsbytes – https://t.co/RY6hJazPjL exposed data of millions after database mess up https://t.co/iHzZ8quDsBSecnewsbytes – Twitter – Nov 21 2020 13:37http://Pray.com exposed data of millions after database mess up https://www.hackread.com/pray-com-exposed-after-database-mess-up/
SecurityWeek – Millions of SMS Pro Messages Exposed – https://t.co/tIpakM6d8JSecurityWeek – Twitter – Nov 21 2020 19:20Millions of SMS Pro Messages Exposed – https://www.securityweek.com/go-sms-pro-exposes-messages-millions-users
Lazada denies being behind data leakOffice of Inadequate Security – Nov 21 2020 14:05The Bangkok Post reports: Online retail operator, Lazada, insisted on Friday it was not responsible for leaking any online…
JRoosen – RT @andpalmier: 🎣 #phishing targeting @HMRCgovuk #covid19 themed 🇬🇧

CC @ActorExpose @JAMESWT_MHT @malwrhunterteam @Spam404

⚠️ credenti…JRoosen – Twitter – Nov 21 2020 14:00RT @andpalmier: 🎣 #phishing targeting @HMRCgovuk #covid19 themed 🇬🇧

CC @ActorExpose @JAMESWT_MHT @malwrhunterteam @Spam404

⚠️ credentials of victims are exposed!

Thread for more details ⬇️…

Hacker Groups
CyberScoopNews – Symantec implicates APT10 in sweeping hacking campaign against Japanese firms https://t.co/4gxb6iExrV by @snlyngaasCyberScoopNews – Twitter – Nov 22 2020 01:07Symantec implicates APT10 in sweeping hacking campaign against Japanese firms https://hubs.ly/H0Bl7Lm0 by @snlyngaas
CyberScoopNews – Vietnamese hacking group OceanLotus uses imitation news sites to spread malware https://t.co/3rBIw0sJRf by @shanvavCyberScoopNews – Twitter – Nov 21 2020 22:07Vietnamese hacking group OceanLotus uses imitation news sites to spread malware https://hubs.ly/H0Bl66y0 by @shanvav
anon_indonesia – The Anonymous Indonesia News Daily is out! https://t.co/JWGD5ekjOx #jakpost #malwareanon_indonesia – Twitter – Nov 22 2020 03:14The Anonymous Indonesia News Daily is out! https://paper.li/anon_indonesia/1435572762?edition_id=e0d42190-2c70-11eb-a6b9-002590a5ba2d #jakpost #malware
Grelos Skimmer Variant Co-Opts Magecart InfrastructureCyberSecurityBoard.com – RSS – Nov 21 2020 20:47Researchers have identified a fresh variant of the Grelos skimmer that has co-opted the infrastructure that MageCart uses for its own skimming attacks against … …
Malware
TrickBot turns 100: Latest malware released with new featuresBleepingComputer.com – Nov 21 2020 16:01The TrickBot cybercrime gang has released the hundredth version of the TrickBot malware with additional features to evade detection. […]
ZDNet – The malware that usually installs ransomware and you need to remove right away https://t.co/L15R16JVk0ZDNet – Twitter – Nov 21 2020 08:15The malware that usually installs ransomware and you need to remove right away…
ZDNet – The malware that usually installs ransomware and you need to remove right away https://t.co/SUGBMNJu6kZDNet – Twitter – Nov 21 2020 12:30The malware that usually installs ransomware and you need to remove right away…
French newspaper crippled by ransomware attackOffice of Inadequate Security – Nov 21 2020 16:18Le Monde, in conjunction with AFP, reports that the French daily, the Paris-Normandy has been the victim of what is…
Vulnerabilities
securityaffairs – #Drupal addressed CVE-2020-13671 Remote Code Execution flaw
https://t.co/eFPtwjGf5z
#securityaffairs #hacking
securityaffairs – Twitter – Nov 21 2020 22:25#Drupal addressed CVE-2020-13671 Remote Code Execution flaw

Drupal addressed CVE-2020-13671 Remote Code Execution flaw


#securityaffairs #hacking

VMware privilege escalation vulnerabilities (CVE-2020-4004, CVE-2020-4005) – https://www.vmware.com/security/advisories/VMSA-2020-0026.html, (Sat, Nov 21st)SANS Internet Storm Center, InfoCON: green – Nov 21 2020 11:31———– Guy Bruneau IPSS Inc. My Handler Page Twitter: GuyBruneau gbruneau at isc dot sans dot edu (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
InfoSecHotSpot – Hundreds of Thousands of SMBGhost and BlueKeep Infected Systems Are Still Up and Running Despite the existence of p… https://t.co/txtf6m5E7JInfoSecHotSpot – Twitter – Nov 21 2020 22:28Hundreds of Thousands of SMBGhost and BlueKeep Infected Systems Are Still Up and Running Despite the existence of patches that fix serious vulnerabilities such as SMBGhost and BlueKeep, hundreds of thousands of active devices running right now still…
Dinosn – Git LFS Exploit for Remote Code Execution | CVE-2020–27955 https://t.co/Jqao6PryK9Dinosn – Twitter – Nov 21 2020 18:01Git LFS Exploit for Remote Code Execution | CVE-2020–27955 https://medium.com/bugbountywriteup/git-lfs-exploit-for-remote-code-execution-cve-2020-27955-e8f4786163c3?source=rss—-7b722bfd1b8d—4
Ongoing Campaigns
Qbot Banking Trojan Now Deploying Egregor RansomwareBankInfoSecurity – Nov 21 2020 16:41Researchers: Attacks Linked to Egregor Have…
What Is Cybersecurity?TechNadu – Nov 21 2020 08:03The word “cybersecurity” gets thrown around a lot, but what is it exactly? Cybersecurity is a wide field that contains multiple disciplines. Cybersecurity isn’t so much defined by what people in the field do but more by what they aim to accomplish. As…
cybersecboardrm – UNDERSTANDING SMS PHISHING ATTACKS #Cybersecurity #security https://t.co/gaijdcaRiQcybersecboardrm – Twitter – Nov 21 2020 22:57UNDERSTANDING SMS PHISHING ATTACKS #Cybersecurity #security https://medium.com/@Josue_Martins/understanding-sms-phishing-attacks-e617932296d2?_branch_match_id=link-858812856820521955
GoDaddy Employees Used in Attacks on Multiple Cryptocurrency ServicesKrebs on Security – Nov 21 2020 18:15Fraudsters redirected email and web traffic destined for several cryptocurrency trading platforms over the past week. The attacks were facilitated by scams targeting employees at GoDaddy, the world’s largest domain name…

Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal