23 May 2021

This alert was created automatically by our award-winning intelligence product Silobreaker Online. Story selection is determined by an algorithm and based on a set of queries initially set by a Silobreaker user. Contact us here for more information.

Heat – Trending Malware and Threat Actors
Name Heat 1 Heat 7 Vol 1 Vol 7
GPCode Ransomware 3 5
STRRAT 3 22
Phorpiex Malware 2 4
Hermes Ransomware 2 4
Bizarro Banking Trojan 3 47
TerraLoader 1 1
Shamoon Virus 1 1
Gootloader 1 2
Qlocker Ransomware 3 24
NotPetya Ransomware 2 13
Data Breaches
A dozen #Android apps exposed data of 100M+ users
hxxps://securityaffairs[.]co/wordpress/118112/mobile-2/android-apps-exposed-data.html
#securityaffairs #hacking #mobile
securityaffairs – Twitter – May 22 2021 08:19A dozen #Android apps exposed data of 100M+ users
hxxps://securityaffairs[.]co/wordpress/118112/mobile-2/android-apps-exposed-data.html
#securityaffairs #hacking #mobile
100M Users’ Data Exposed via Third-Party Cloud Misconfigurations #Cybersecurity #security hxxps://www[.]darkreading[.]com/cloud/100m-users-data-exposed-via-third-party-cloud-misconfigurations/d/d-id/1341084cybersecboardrm – Twitter – May 23 2021 03:18100M Users' Data Exposed via Third-Party Cloud Misconfigurations #Cybersecurity #security hxxps://www[.]darkreading[.]com/cloud/100m-users-data-exposed-via-third-party-cloud-misconfigurations/d/d-id/1341084
Riagg files of thousands of patients open and exposed in a basementOffice of Inadequate Security – May 22 2021 21:33The this post uses machine translation of a report in Dutch. It concerns the discovery of patient files on CDs found…
Do consumers now feel more exposed than ever to the risk of fraud? hxxps://www[.]helpnetsecurity[.]com/2021/05/18/consumers-fraud/ – @Marqeta @vidya_peters #cybersecurity #security #infosecurity #itsecurity #CISO #cybersecuritynews #securitynews hxxps://twitter[.]com/helpnetsecurity/status/1396119043036352518/photo/1helpnetsecurity – Twitter – May 22 2021 15:01Do consumers now feel more exposed than ever to the risk of fraud? hxxps://www[.]helpnetsecurity[.]com/2021/05/18/consumers-fraud/ – @Marqeta @vidya_peters #cybersecurity #security #infosecurity #itsecurity #CISO #cybersecuritynews #securitynews…
Hacker Groups
Hear ye, DarkSide! This honorable ransomware court is now in sessionArs Technica Risk Assessment – May 22 2021 14:46
DarkSide, the ransomware-as-a-service that shut down Colonial Pipeline two weeks ago, stands accused of skipping town without paying affiliates. Now, DarkSide is on trial by hxxp://XSS[.]is, the cybercrime forum that helped match the business partners.dangoodin001 – Twitter – May 22 2021 15:05DarkSide, the ransomware-as-a-service that shut down Colonial Pipeline two weeks ago, stands accused of skipping town without paying affiliates. Now, DarkSide is on trial by hxxp://XSS[.]is, the cybercrime forum that helped match the business…
Firm traced the massive ransomware sums paid to DarkSide gangFOXBusiness.com – May 22 2021 15:46IHS Markit vice chairman Daniel Yergin weighs in on the impact of the colonial pipeline shutdown and his outlook for renewable energy. An analytics firm identified the bitcoin wallet used by the ransomware group behind the Colonial Pipeline attack and…
Malware
Watch out as fake ransomware attack infects PCs with StrRATHackRead – May 22 2021 19:11By Habiba Rashid StrRAT malware steals credentials and changes file name extension to .crimson but it does not encrypt any data like in a ransomware attack. This is a post from HackRead[.]com Read the original post: …
Deep Dive Malware Analysis Series Of Hermes Ransomware – Pt 2Reverse Engineering – May 22 2021 11:59submitted by /u/AGDCservices [link] [comments]
Deep Dive Malware Analysis Series Of Hermes Ransomware – Pt 2 hxxps://www[.]reddit[.]com/r/ReverseEngineering/comments/nih2sk/deep_dive_malware_analysis_series_of_hermes/Dinosn – Twitter – May 22 2021 15:33Deep Dive Malware Analysis Series Of Hermes Ransomware – Pt 2 hxxps://www[.]reddit[.]com/r/ReverseEngineering/comments/nih2sk/deep_dive_malware_analysis_series_of_hermes/
Watch out as fake ransomware attack infects PCs with StrRAT hxxps://www[.]hackread[.]com/fake-ransomware-attack-strrat-infects-pcs/Dinosn – Twitter – May 22 2021 19:30Watch out as fake ransomware attack infects PCs with StrRAT hxxps://www[.]hackread[.]com/fake-ransomware-attack-strrat-infects-pcs/
Vulnerabilities
CVE-2021-1358 A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. This vulnerability is due to improper input validation of the URL parameter… hxxps://cve[.]mitre[.]org/cgi-bin/cvename.cgi?name=CVE-2021-1358CVEnew – Twitter – May 22 2021 07:45CVE-2021-1358 A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. This vulnerability is due to improper input validation of the URL…
Qlocker ransomware leverages HBS flaw to infect QNAP NAS devicesSecurity Affairs – May 22 2021 20:15QNAP warns customers of updating the HBS 3 disaster recovery app to prevent Qlocker ransomware attack. Taiwanese vendor QNAP is warning its customers of updating the HBS 3 disaster recovery app running on their Network Attached Storage (NAS)…
CVE-2021-1254 Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to … hxxps://cve[.]mitre[.]org/cgi-bin/cvename.cgi?name=CVE-2021-1254CVEnew – Twitter – May 22 2021 07:45CVE-2021-1254 Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due…
Ongoing Campaigns
Conti Ransomware hit 16 US health and emergency Services, said FBISecurity Affairs – May 22 2021 13:53Conti ransomware targeted over 400 organizations worldwide, 290 in the US, and at least 16 healthcare and first responder networks. The Federal Bureau of Investigation (FBI) revealed that the …
MITM Attack 2: Understanding DNS SpoofingMedium Cybersecurity – RSS – May 22 2021 18:36
3.4 billion credential stuffing attacks and more than 736 million web application attacks hit financial services organizations in 2020.

Local File Inclusion (LFI) attacks were the number one web application attack type followed by SQLi and XSS.
hxxps://www[.]akamai[.]com/us/en/about/news/press/2021-press/akamai-soti-security-research-phishing-for-finance.jsp
Bank_Security – Twitter – May 22 2021 13:513.4 billion credential stuffing attacks and more than 736 million web application attacks hit financial services organizations in 2020.

Local File Inclusion (LFI) attacks were the number one web application attack type followed by SQLi and…

Bizarro banking malware targets 70 banks in Europe and South AmericaDataBreaches.net – May 22 2021 21:05Ionut Ilascu reports: A banking trojan named Bizarro that originates from Brazil has crossed the borders and started to target customers of 70 banks in Europe and South America. Once landed on a Windows system, the malware can force users into…

Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.

Silobreaker Daily Cyber Alert

Sign up for the latest news on data breaches, hacker groups, malware and vulnerabilities.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal