Cyber Alert – 23 June 2020
This alert was created automatically by our award-winning intelligence product Silobreaker Online. Story selection is determined by an algorithm and based on a set of queries initially set by a Silobreaker user. Contact productinfo[at]silobreaker[dot]com for more information.
| Heat – Trending Malware and Threat Actors | ||||
|---|---|---|---|---|
| Name | Heat 1 | Heat 7 | Vol 1 | Vol 7 |
| NitroHack |  |
 |
6 | 14 |
| Pegasus Malware |  |
 |
5 | 8 |
| Nefilim Ransomware | |
|
5 | 8 |
| CryptoLocker | |
|
4 | 4 |
| Truniger Hacker Group | |
|
4 | 5 |
| NEPHILIM Ransomware | |
 |
4 | 4 |
| Clop Ransomware | |
|
4 | 4 |
| Dridex Malware | |
|
5 | 13 |
| FTCODE Ransomware | |
|
3 | 3 |
| Guccifer2 | |
|
3 | 3 |
| Data Breaches |
| XORDDoS, Kaiji Botnet Malware Variants Target Exposed Docker Servers |
| TrendLabs Security Intelligence – Jun 22 2020 11:58 |
| … |
| Comment: Potentially Sensitive Data From Over 200 US Police Departments Exposed Online By ‘BlueLeak’s |
| Information Security Buzz – Jun 22 2020 11:13 |
| Hundreds of thousands of potentially sensitive files from police departments across the United States were leaked online last week. The collection, dubbed “BlueLeaks” and made searchable online, stems from a security breach at a Texas web design… |
| BleepinComputer – According to @bad_packets, Indiabulls has a Citrix Netscaler ADC gateway exposed that is vulnerable to CVE-2019-197… https://t.co/SfOLcZcCrX |
| BleepinComputer – Twitter – Jun 23 2020 01:05 |
| According to @bad_packets, Indiabulls has a Citrix Netscaler ADC gateway exposed that is vulnerable to CVE-2019-19781. It is not known if this vulnerability was used in the attack. |
| BleepinComputer – On their data leak, CLOP has released screenshots of documents allegedly stolen during this attack and stated that… https://t.co/jgIg0yZvpD |
| BleepinComputer – Twitter – Jun 23 2020 01:05 |
| On their data leak, CLOP has released screenshots of documents allegedly stolen during this attack and stated that Indiabulls have 24 hours to negotiate with them. https://twitter.com/BleepinComputer/status/1275233426413621254/photo/1 |
| Hacker Groups |
| ACSC Releases Advisory on Cyber Campaign using Copy-Paste Compromises |
| CERT-EU – Latest Articles Ongoing Threats – RSS – Jun 22 2020 15:48 |
| The Australian Cyber Security Centre (ACSC) has released an advisory regarding an ongoing cyber campaign involving “copy-paste compromises” targeting Australian government and commercial networks. According to the advisory, a sophisticated malicious… |
| Dark Basin Uncovering a Massive Hack-For-Hire Operation |
| Blueliv – Jun 22 2020 13:44 |
| Researchers give the name Dark Basin to a hack-for-hire organization that has targeted thousands of individuals and organizations on six continents, including senior politicians, government prosecutors, CEOs, journalists, and human rights… |
| Rare Acidbox malware targeted Russian organizations using Turla APT exploit |
| CERT-EU – Latest Articles Ongoing Threats – RSS – Jun 22 2020 08:01 |
| Security researchers came across a new malware, which they dubbed AcidBox, that leverages an exploit previously associated with Turla cyber espionage group. The Turla group, also tracked as Snake, Uroburos, Waterbug, Venomous Bear and KRYPTON, has… |
| lorenzofb – Around 4 years ago, with the help of @thegrugq, @pwnallthethings, and @RidT, we revealed that Guccifer 2.0 was like… https://t.co/AC1jlHmFop |
| lorenzoFB – Twitter – Jun 22 2020 18:52 |
| Around 4 years ago, with the help of @thegrugq, @pwnallthethings, and @RidT, we revealed that Guccifer 2.0 was likely a Russian govt operation.
We were the first to call BS on Guccifer 2.0, and an indictment and the Mueller report later confirmed… |
| Malware |
| Securityblog – Discord modified to steal accounts by new NitroHack malware https://t.co/TCvyce9sSZ |
| Securityblog – Twitter – Jun 22 2020 12:50 |
| Discord modified to steal accounts by new NitroHack malware https://flip.it/MhpgEY |
| Vulnerabilities |
| NA – CVE-2020-7262 – Improper Access Control vulnerability in McAfee… |
| CERT-EU VulnerabilitiesApplications – Jun 22 2020 11:31 |
| This vulnerability is currently undergoing analysis and not all information is available. Please check back soon to view the completed vulnerability summary Improper Access Control vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.10.0… |
| CVEnew – CVE-2020-1727 A vulnerability was found in Keycloak before 9.0.2, where every Authorization URL that points to an I… https://t.co/10yHnaOR9D |
| CVEnew – Twitter – Jun 22 2020 19:00 |
| CVE-2020-1727 A vulnerability was found in Keycloak before 9.0.2, where every Authorization URL that points to an IDP server lacks proper input validation as it allows a wide range of characters. This flaw allows a malicious to craft deep links that… |
| NA – CVE-2020-10740 – A vulnerability was found in Wildfly in… |
| CERT-EU VulnerabilitiesApplications – Jun 22 2020 23:34 |
| A vulnerability was found in Wildfly in versions before 20.0.0.Final, where a remote deserialization attack is possible in the Enterprise Application Beans(EJB) due to lack of validation/filtering capabilities in wildfly. |
| CVEnew – CVE-2019-14894 A flaw was found in the CloudForms management engine version 5.10 and CloudForms management version… https://t.co/XRF65wyJHY |
| CVEnew – Twitter – Jun 22 2020 19:00 |
| CVE-2019-14894 A flaw was found in the CloudForms management engine version 5.10 and CloudForms management version 5.11, which triggered remote code execution through NFS schedule backup. An attacker logged into the management console could use this… |
| Ongoing Campaigns |
Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.