23 February 2021

This alert was created automatically by our award-winning intelligence product Silobreaker Online. Story selection is determined by an algorithm and based on a set of queries initially set by a Silobreaker user. Contact us here for more information.

Heat – Trending Malware and Threat Actors
Name Heat 1 Heat 7 Vol 1 Vol 7
Equation Group 48 49
APT31 40 40
The Shadow Brokers 27 27
Silver Sparrow Malware 28 50
FIN11 20 23
Clop Ransomware 18 35
APT3 4 4
WatchDog Cryptominer 3 13
Vadokrist Malware 2 3
Carbanak 2 3
Data Breaches
Clubhouse confirms data spillage of its audio streamsBBC News – Technology – Feb 23 2021 04:28A user has been banned for streaming audio from multiple Clubhouse chatrooms onto their website.
Brave browser’s Tor mode exposed users’ dark web activityWeLiveSecurity RSS – Feb 22 2021 19:37A bug in the ad blocking component of Brave’s Tor feature caused the browser to leak users' DNS queries The post Brave…
#Brave browser’s #Tor mode exposed users’ #darkweb activity. #infosec #cybersecurity hxxps://www[.]welivesecurity[.]com/2021/02/22/brave-browser-tor-mode-exposed-dark-web-activity/welivesecurity – Twitter – Feb 22 2021 23:27#Brave browser’s #Tor mode exposed users’ #darkweb activity. #infosec #cybersecurity hxxps://www[.]welivesecurity[.]com/2021/02/22/brave-browser-tor-mode-exposed-dark-web-activity/
RT @startpage: “According to the hacker behind the breach, they found the backup database of CityBee exposed on the internet for public access.”
That’s a lot of exposed records! @saadrajpt @HackRead
#infosec #PrivacyPlease
hxxps://www[.]hackread[.]com/citybee-database-login-credentials-leaked-online/
HackRead – Twitter – Feb 23 2021 02:45RT @startpage: "According to the hacker behind the breach, they found the backup database of CityBee exposed on the internet for public access."
That's a lot of exposed records! @saadrajpt @HackRead
#infosec…
Hacker Groups
The Story of Jian – How APT31 stole and used an unknown Equation Group 0-DayReddit – Netsec – Feb 22 2021 11:01submitted by /u/eyalitki [link] [comments]
Chinese hackers cloned attack tool belonging to NSA’s Equation GroupZDNet | security RSS – Feb 22 2021 11:17Chinese threat actors "cloned" and used a Windows zero-day exploit stolen from the NSA's Equation Group for years before the privilege escalation flaw was patched, researchers say.  Security Every Google Chrome user should click this button now Cyber…
@megabeets_ I’m wondering what led to the conclusion that the initial attribution of the CVE-2017-0005 exploit wasn’t wrongly attributed to APT31, given the fact that its use by Equation Group was unknown at the time when the CVE was attributed to APT31.Fox0x01 – Twitter – Feb 22 2021 15:09@megabeets_ I’m wondering what led to the conclusion that the initial attribution of the CVE-2017-0005 exploit wasn’t wrongly attributed to APT31, given the fact that its use by Equation Group was unknown at the time when the CVE was attributed to…
Malaysian authorities arrested 11 members of ‘Anonymous Malaysia’Manila Bulletin – Feb 23 2021 03:07Share it! [mashshare] In six different raids, Malaysian authorities arrested 11 men they believe are members of Anonymous Malaysia in Pahang, Johor, Perak and the Klang Valley. The suspects are ages between 22 and 40. Deputy Inspector-General of…
Malware
5 Things You Need to Know About Silver SparrowSentinelOne – Feb 22 2021 19:14Researchers at Red Canary recently broke news of a novel new macOS infection dubbed Silver Sparrow. Given headlines that suggest this is a new malware threat that has…
2021-02-22 – IcedID (Bokbot) from same type of URL that normally delivers QakbotMalware-Traffic-Analysis.net – Blog Entries – Feb 22 2021 22:58
IronNetInjector: Turla’s New Malware Loading Tool hxxps://unit42[.]paloaltonetworks[.]com/ironnetinjector/timyardley – Twitter – Feb 22 2021 15:22IronNetInjector: Turla’s New Malware Loading Tool hxxps://unit42[.]paloaltonetworks[.]com/ironnetinjector/
Silver Sparrow macOS malware with M1 compatibility hxxps://redcanary[.]com/blog/clipping-silver-sparrows-wings/rootsecdev – Twitter – Feb 22 2021 13:20Silver Sparrow macOS malware with M1 compatibility hxxps://redcanary[.]com/blog/clipping-silver-sparrows-wings/
Vulnerabilities
CVE-2020-25690 An out-of-bounds write flaw was found in FontForge in versions before 20200314 while parsing SFD files containing certain LayerCount tokens. This flaw allows an attacker to manipulate the memory allocated on the heap, causing the applicat… hxxps://cve[.]mitre[.]org/cgi-bin/cvename.cgi?name=CVE-2020-25690CVEnew – Twitter – Feb 23 2021 04:45CVE-2020-25690 An out-of-bounds write flaw was found in FontForge in versions before 20200314 while parsing SFD files containing certain LayerCount tokens. This flaw allows an attacker to manipulate the memory allocated on the heap, causing the…
CVE-2020-29075 Acrobat Reader DC versions 2020.013.20066 (and earlier), 2020.001.30010 (and earlier) and 2017.011.30180 (and earlier) are affected by an information exposure vulnerability, that could enable an attacker to get a DNS interaction and track… hxxps://cve[.]mitre[.]org/cgi-bin/cvename.cgi?name=CVE-2020-29075CVEnew – Twitter – Feb 23 2021 04:45CVE-2020-29075 Acrobat Reader DC versions 2020.013.20066 (and earlier), 2020.001.30010 (and earlier) and 2017.011.30180 (and earlier) are affected by an information exposure vulnerability, that could enable an attacker to get a DNS interaction and…
Bug bounty hacker earned $5,000 reporting a Stored #XSS flaw in #iCloud[.]com
hxxps://securityaffairs[.]co/wordpress/114866/hacking/stored-xss-flaw-icloud-com.html
#securityaffairs #hacking
securityaffairs – Twitter – Feb 22 2021 13:11Bug bounty hacker earned $5,000 reporting a Stored #XSS flaw in #iCloud[.]com
hxxps://securityaffairs[.]co/wordpress/114866/hacking/stored-xss-flaw-icloud-com.html
#securityaffairs #hacking
CVE-2020-27768 In ImageMagick, there is an outside the range of representable values of type ‘unsigned int’ at MagickCore/quantum-private.h. This flaw affects ImageMagick versions prior to 7.0.9-0. hxxps://cve[.]mitre[.]org/cgi-bin/cvename.cgi?name=CVE-2020-27768CVEnew – Twitter – Feb 23 2021 04:45CVE-2020-27768 In ImageMagick, there is an outside the range of representable values of type 'unsigned int' at MagickCore/quantum-private.h. This flaw affects ImageMagick versions prior to 7.0.9-0….
Ongoing Campaigns
Attacks Targeting Accellion Product Linked to FIN11 Cybercrime GroupSecurity Week – Feb 23 2021 05:06The hacking group behind the recent cyber-attack targeting Accellion’s FTA file transfer service appears to be linked to a threat actor known as FIN11, security researchers with FireEye’s Mandiant division reveal. The attacks on FTA, a, started in…
Watch Out for WatchDogCyware – Feb 22 2021 18:41Cryptocurrency scams have reached an all-time high because of the rising cryptocurrency trading prices. Threat actors are ceaselessly dropping crypto-mining botnets on unsecured systems. The latest one is WatchDog. The scoop WatchDog , a crypto-mining…
Chinese Hackers Cloned Equation Group Exploit Years Before Shadow Brokers LeakSecurity Week – Feb 22 2021 15:17A Chinese threat actor known as APT31 likely acquired and cloned one of the Equation Group’s exploits three years before the targeted vulnerability was publicly exposed as part of “Lost in Translation” leak, cybersecurity firm Check Point says in a…
The hacking group behind the recent cyber-attack targeting Accellion’s FTA file transfer service appears to be linked to a threat actor known as FIN11 hxxps://www[.]securityweek[.]com/attacks-targeting-accellion-product-linked-fin11-cybercrime-groupEduardKovacs – Twitter – Feb 23 2021 05:08The hacking group behind the recent cyber-attack targeting Accellion’s FTA file transfer service appears to be linked to a threat actor known as FIN11 hxxps://www[.]securityweek[.]com/attacks-targeting-accellion-product-linked-fin11-cybercrime-group

Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal