Cyber Alert – 24 April 2020
|Heat – Trending Malware and Threat Actors
|Name
|Heat 1
|Heat 7
|Vol 1
|Vol 7
|Nazar APT
|4
|4
|The Shadow Brokers
|4
|4
|APT32
|4
|13
|Evil Eye APT
|3
|4
|MedusaLocker
|2
|2
|Shlayer Trojan
|2
|2
|APT35
|2
|2
|APT27
|2
|3
|Anonymous Group
|2
|2
|ATMJaDi
|1
|1
|Data Breaches
|IN: Nagaland govt investigating data leak of stranded persons
|Office of Inadequate Security – Apr 23 2020 12:12
|Medolenuo Ambrocia reports: Kohima: A major data breach in the government of Nagaland website to help citizens stranded…
|SBA reveals potential data breach impacting 8,000 emergency business loan applicants
|ZDNet Zero Day Blog – Apr 23 2020 11:50
|A US Senator says that the White House has “got to get it together.”
|Paay Misconfiguration Leaves Transaction Data Exposed
|Dark Reading: – Apr 23 2020 21:30
|The New York-based credit-card processor left a server without password protection for approximately three weeks.
|SBA Loan Program for COVID-19 Relief Suffers Data Breach
|Security Bloggers Network – Apr 23 2020 14:11
|Hacker Groups
|Expert identifies new Nazar APT group referenced in 2017 Shadow Brokers leak
|Security Affairs – Apr 23 2020 21:48
|A security expert uncovered an old APT operation, tracked Nazar, by analyzing the NSA hacking tools included in the dump leaked by Shadow Brokers in 2017. Juan Andres Guerrero-Saade, a former Kaspersky and Google researcher, uncovered an old APT…
|Vietnam-linked APT32 group launches COVID-19-themed attacks against China
|Security Affairs – Apr 23 2020 18:29
|The Vietnam-linked cyberespionage group tracked as APT32 carried out hacking campaigns against Chinese entities to collect intelligence on the COVID-19 crisis. Vietnam-linked APT group …
|COVID-19 cyber espionage saw Chinese ministry targeted by Ocean Lotus: FireEye
|ZDNet Security – Apr 23 2020 05:47
|Spear phishing campaign out of Vietnam went after information related to coronavirus, security firm says.
|Chinese Threat Actor Targets Uyghurs With New iOS Exploit
|Security Week – Apr 23 2020 12:09
|A Chinese threat actor tracked as Evil Eye has updated the tools it uses to target Uyghurs, a minority Turkic ethnic group in the Xinjiang Uyghur Autonomous Region in Northwest China, incident response and threat intelligence firm Volexity reports. Ev…
|Malware
|Threat Spotlight: MedusaLocker
|Cisco Blog Security – Apr 23 2020 15:37
|By Edmund Brumaghin, with contributions from Amit Raut. Overview MedusaLocker is a ransomware family that has been observed being deployed since its …
|Maze ransomware – what you need to know
|Graham Cluley – Apr 23 2020 13:02
|Maze is a particularly sophisticated strain of Windows ransomware that has hit companies and organisations around the world, demanding a cryptocurrency payment be made in return for the safe recovery of encrypted data. But what makes Maze so…
|MAC 10.7.5 server has NEMTY 2.6 REVENGE ransomware
|MalwareTips.com – Apr 23 2020 18:32
|Are there any cleanup tools for OSX? Is erase the HD and reinstall OSX, then restoring files the only good method on this type of mac infection? There is a RAID drive that is also infected. Possibly other network computers similarly ransomed. There is…
|Attackers Target Oil and Gas Industry With AgentTesla
|BankInfoSecurity – Apr 23 2020 14:15
|Two Campaigns Appear Tied to Global Oil Crisis, Researchers…
|Vulnerabilities
|Zero-Day Vulnerabilities in iOS Mail App Exploited in Targeted Attacks
|Security Week – Apr 23 2020 09:06
|The Mail application in iOS is affected by two critical zero-day vulnerabilities that appear to have been exploited in targeted attacks since at least January 2018, cybersecurity automation company ZecOps reported on Wednesday. According to ZecOps,…
|Apple Rushes to Patch iOS Zero-Day Flaws
|CUInfoSecurity – Apr 23 2020 17:23
|Vulnerabilities Have Likely Been Exploited for Years, Researchers Warn Ap (VenkatApurva) • April 23, 2020 Apple is now preparing final patches for two zero-day vulnerabilities that a security firm says have been exploited by certain attackers to seize…
|NSA shares list of vulnerabilities commonly exploited to plant web shells
|ZDNet Zero Day Blog – Apr 23 2020 12:48
|NSA and ASD issue joint advisory on detecting and dealing with web shells.
|Microsoft issued Out-of-Band advisory to address Autodesk FBX flaws
|Security Affairs – Apr 23 2020 14:34
|Microsoft released an out-of-band advisory to address security vulnerabilities affecting Autodesk FBX vulnerabilities in Office, Office 365, and Paint 3D. Researchers from Autodesk discovered multiple vulnerabilities that affect the Autodesk FBX…
|Ongoing Campaigns
