Threat Reports

Cyber Alert – 23 July 2020

This alert was created automatically by our award-winning intelligence product Silobreaker Online. Story selection is determined by an algorithm and based on a set of queries initially set by a Silobreaker user. Contact productinfo[at]silobreaker[dot]com for more information.

Heat – Trending Malware and Threat Actors
Name Heat 1 Heat 7 Vol 1 Vol 7
Lazarus Group 17 17
EMOTET Trojan 33 181
MGBot 6 14
QakBot 5 19
SilkBean 3 3
China Chopper 3 5
Taidoor 2 2
FALLCHILL Malware 2 2
Kinsing Malware 2 2
WannaCry Ransomware 2 5
Data Breaches
D-Link blunder: Firmware encryption key exposed in unencrypted image
BleepingComputer.comJul 22 2020 16:01
The router manufacturer leaks encryption keys in some firmware versions letting reverse engineers decrypt the latest firmware images. […]
Dinosn – D-Link blunder: Firmware encryption key exposed in unencrypted image https://t.co/fDHh2ID919
Dinosn – TwitterJul 22 2020 17:38
D-Link blunder: Firmware encryption key exposed in unencrypted image https://www.bleepingcomputer.com/news/security/d-link-blunder-firmware-encryption-key-exposed-in-unencrypted-image/
BleepinComputer – D-Link blunder: Firmware encryption key exposed in unencrypted image – @Ax_Sharma
https://t.co/VQGHc9slDc
BleepinComputer – TwitterJul 22 2020 16:02
D-Link blunder: Firmware encryption key exposed in unencrypted image – @Ax_Sharma
https://www.bleepingcomputer.com/news/security/d-link-blunder-firmware-encryption-key-exposed-in-unencrypted-image/
Securityblog – RT @BleepinComputer: D-Link blunder: Firmware encryption key exposed in unencrypted image – @Ax_Sharma
https://t.co/VQGHc9slDc
Securityblog – TwitterJul 22 2020 16:45
RT @BleepinComputer: D-Link blunder: Firmware encryption key exposed in unencrypted image – @Ax_Sharma
https://www.bleepingcomputer.com/news/security/d-link-blunder-firmware-encryption-key-exposed-in-unencrypted-image/
Hacker Groups
peterkruse – Golden Chickens: Evolution of the MaaS: Latest Golden Chickens MaaS Tools Updates and Observed Attacks, https://t.co/qJEMeNYnCu
peterkruse – TwitterJul 22 2020 16:38
Golden Chickens: Evolution of the MaaS: Latest Golden Chickens MaaS Tools Updates and Observed Attacks, https://quointelligence.eu/2020/07/golden-chickens-evolution-of-the-maas/
North Korea’s Lazarus Group Developing Cross-Platform Malware Framework
CERT-EU – Latest Articles Ongoing Threats – RSSJul 22 2020 20:20
. The APT group, known for its attack on Sony Pictures in 2014, has created an "advanced malware framework" that can launch and manage attacks against systems running Windows, MacOS, and Linux. The Lazarus Group, an advanced persistent threat (APT)…
threatpost – The OilRig APT is back, with new #cyberattacks that use a revised backdoor tool, called RDAT. (via @Unit42_Intel)
https://t.co/WuCbko6JZZ
threatpost – TwitterJul 22 2020 21:23
The OilRig APT is back, with new #cyberattacks that use a revised backdoor tool, called RDAT. (via @Unit42_Intel)
https://threatpost.com/oilrig-apt-unique-backdoor/157646/
OilRig APT Drills into Malware Innovation with Unique Backdoor
CERT-EU – Latest Articles Ongoing Threats – RSSJul 22 2020 21:53
A series of cyberattacks on a telecom company in the Middle East has signaled the return of the OilRig APT. The attacks also revealed a revised backdoor tool in the group’s arsenal, called RDAT. The attacks were observed in April by Palo Alto…
Malware
MalwareTechBlog – Now that Emotet is dropping TrickBot and QakBot, I’m just imagining the TrickBot and QakBot ransomware teams runnin… https://t.co/yK8QX5BfRz
MalwareTechBlog – TwitterJul 22 2020 18:46
Now that Emotet is dropping TrickBot and QakBot, I'm just imagining the TrickBot and QakBot ransomware teams running into each other inside the same network. https://twitter.com/MalwareTechBlog/status/1286009733694910464/photo/1
JRoosen – RT @MalwareTechBlog: Now that Emotet is dropping TrickBot and QakBot, I’m just imagining the TrickBot and QakBot ransomware teams running i…
JRoosen – TwitterJul 22 2020 18:48
RT @MalwareTechBlog: Now that Emotet is dropping TrickBot and QakBot, I'm just imagining the TrickBot and QakBot ransomware teams running into each other inside the same network. https://twitter.com/MalwareTechBlog/status/1286009733694910464/photo/1
Links Discovered Between Bazar and TrickBot
CywareJul 22 2020 07:25
Recently, Trickbot has been found coupling up with another malware family. The scoop Since April, the Bazar backdoor has been used against victims in Europe and the U.S. The most affected organizations belong to the healthcare, IT, travel, and…
DarkReading – Researchers saw a 400% jump in macOS malware from 2018 to 2019. Most macOS malware aims to deliver unwanted ads or… https://t.co/2a6MoLQbz8
DarkReading – TwitterJul 22 2020 18:05
Researchers saw a 400% jump in macOS malware from 2018 to 2019. Most macOS malware aims to deliver unwanted ads or send users to websites they didn't mean to visit. Inside the most common types, from Shlayer Trojan to FakeFileOpener:…
Vulnerabilities
CVEnew – CVE-2020-10917 This vulnerability allows remote attackers to execute arbitrary code on affected installations of NE… https://t.co/BUSVfaKp65
CVEnew – TwitterJul 22 2020 23:45
CVE-2020-10917 This vulnerability allows remote attackers to execute arbitrary code on affected installations of NEC ESMPRO Manager 6.42. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RMI service….
CVE-2020-3452
CERT-EU VulnerabilitiesApplicationsJul 22 2020 22:48
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and read…
CVE-2020-15896
CERT-EU VulnerabilitiesApplicationsJul 22 2020 21:51
Description. An authentication-bypass issue was discovered on D-Link DAP-1522 devices 1.4x before 1.10b04Beta02. There exist a few pages that are directly accessible by any unauthorized user, e.g., logout.php and login.php. This occurs because of…
Copy-Paste Compromises: Threat Actors Target Telerik UI, Citrix, and SharePoint Vulnerabilities (CVE-2019-18935)
Tenable BlogJul 22 2020 21:14
Threat actors utilize publicly available proof of concept code and exploit scripts to target unpatched vulnerabilities within organizations and government entities. Background On June 19, the Australian Cyber Security Centre (ACSC) published…
Ongoing Campaigns
The Changing Face of Phishing: How One of the Most Common Attacks is Evolving
Webroot Threat BlogJul 22 2020 21:02
Reading Time: ~ 3 min. Most people are familiar with phishing attacks. After all, they’re one of the most common forms of data breach around. At their most basic, phishing attacks are attempts to steal confidential information by pretending…
Drastic Increase in Credential Stuffing Attacks in the Media Industry
CywareJul 22 2020 07:25
Credentials for music and video music streaming services are in popular demand on cyber-criminal platforms. Recently, there has been an increase in the use of credential stuffing tools, since conducting credential stuffing attacks is simple,…
Lazarus hackers deploy ransomware, steal data using MATA malware
BleepingComputer.comJul 22 2020 18:49
A recently discovered malware framework known as MATA and linked to the North Korean-backed hacking group known as Lazarus was used in attacks targeting corporate entities from multiple countries since April 2018 for ransomware deployment and data…
patrickwardle – RT @shanvav: The hackers (suspected Lazarus Group) are aggressively deploying a malware framework that includes targeting for Windows, Linu…
patrickwardle – TwitterJul 22 2020 15:37
RT @shanvav: The hackers (suspected Lazarus Group) are aggressively deploying a malware framework that includes targeting for Windows, Linux, and macOS. The framework has exhibited signs that it allows attackers to move laterally once they have…

Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.

More News

  • COVID-19 Alert – 03 August 2020

    Silobreaker's Daily COVID-19 Alert for 03 August 2020
  • Cyber Alert – 03 August 2020

    Cyber Alert: InfoSecHotSpot - 10 billion records exposed in unsecured databases, study says The databases contain personal information that could… https://t.co/LYBl2kpNgL...
  • COVID-19 Alert – 02 August 2020

    Silobreaker's Daily COVID-19 Alert for 02 August 2020
View all News

Request a demo

Get in touch