Threat Reports

Cyber Alert – 24 July 2020

This alert was created automatically by our award-winning intelligence product Silobreaker Online. Story selection is determined by an algorithm and based on a set of queries initially set by a Silobreaker user. Contact productinfo[at]silobreaker[dot]com for more information.

Heat – Trending Malware and Threat Actors
Name Heat 1 Heat 7 Vol 1 Vol 7
Amadey 7 9
MATA Malware 5 6
LokiBot Trojan 24 80
APT1 Comment Crew 4 5
Ramnit 4 5
EMOTET Trojan 17 199
MGBot 4 18
VHD Ransomware 3 4
FALLCHILL Malware 3 5
GMERA Malware 4 11
Data Breaches
SecurityWeek – Exposed Twilio SDK Abused for Malvertising Attack https://t.co/MdlaA9C0tm
SecurityWeek – TwitterJul 23 2020 18:51
Exposed Twilio SDK Abused for Malvertising Attack https://www.securityweek.com/exposed-twilio-sdk-abused-malvertising-attack
Exposed Twilio SDK Abused For Malvertising Attack
SecurityPhreshJul 23 2020 18:51
Cloud communications platform as a service (CPaaS) company Twilio this week disclosed a security incident that resulted in hackers uploading a modified version of the TaskRouter JS SDK to its site.The incident happened on July 19 and was discovered…
SecurityWeek – Exposed Twilio SDK Abused for Malvertising in Magecart-Linked Attack https://t.co/MdlaA9C0tm
SecurityWeek – TwitterJul 24 2020 00:11
Exposed Twilio SDK Abused for Malvertising in Magecart-Linked Attack https://www.securityweek.com/exposed-twilio-sdk-abused-malvertising-attack
Dutch Lawmaker’s Twitter Account Among 36 With Data Exposed
BankInfoSecurityJul 23 2020 17:44
Social Media Company Says Fraudsters Accessed…
Hacker Groups
OilRig – Recent Target and Updates to RDAT Backdoor
IBM X-Force Exchange – Advisory Tag – RSSJul 23 2020 13:11
Summary In April 2020, the APT group commonly known as OilRig, targeted a telecommunications organization located in the Middle East. A report from Palo Alto's Unit 42 provides information on the attack and the associated malware and tools used by…
IOActive – “In an advisory, the National Cyber Security Centre (NCSC) says a group of Russian adversaries called “APT29,” a.k.… https://t.co/cMkDCjsdhk
IOActive – TwitterJul 23 2020 23:02
"In an advisory, the National Cyber Security Centre (NCSC) says a group of Russian adversaries called "APT29," a.k.a. "the Dukes" or "Cozy Bear," is running a campaign of malicious"activity."

https://ioac.tv/3fWlIRm

Who is behind APT29? What we know about this nation-state cybercrime group
CERT-EU – Latest Articles Ongoing Threats – RSSJul 24 2020 01:53
. APT29 has been accused of targeting coronavirus vaccine organizations, but this is not the first time the group has attracted global attention. In a July 2020 report, the UK and its allies publicly blamed cyber-attacks on organizations involved in…
Mandiant Exposes APT1 – One of China’s Cyber Espionage Units & Releases 3,000 Indicators
FireEye BlogJul 24 2020 00:03
Today, The Mandiant® Intelligence Center™ released an unprecedented report exposing APT1's multi-year, enterprise-scale computer espionage campaign. APT1 is one of dozens of threat groups Mandiant tracks around the world and we consider…
Malware
Ramsay malware: What it is, how it works and how to prevent it | Malware spotlight
CERT-EU VulnerabilitiesApplicationsJul 23 2020 13:50
What is Ramsay? In September of 2019, researchers at ESET discovered a malware framework dubbed Ramsay. This malware was designed to jump air gaps in an organization’s network to infect computers that would otherwise be isolated from malware (unless…
New MATA Multi-platform malware framework linked to NK Lazarus APT
Security AffairsJul 23 2020 14:46
North Korea-linked Lazarus APT Group has used a new multi-platform malware framework, dubbed MATA, to target entities worldwide The notorious Lazarus…
Securityblog – RT @MalwareTechBlog: Now that Emotet is dropping TrickBot and QakBot, I’m just imagining the TrickBot and QakBot ransomware teams running i…
Securityblog – TwitterJul 23 2020 10:24
RT @MalwareTechBlog: Now that Emotet is dropping TrickBot and QakBot, I'm just imagining the TrickBot and QakBot ransomware teams running into each other inside the same network. https://twitter.com/MalwareTechBlog/status/1286009733694910464/photo/1
Analysis of TrickBot Malware – the most prolific COVID-19 themed malware
CERT-EU VulnerabilitiesApplicationsJul 23 2020 17:26
In this article you will learn about: Distribution techniques of TrickBot malware Different modules and tasks of the TrickBot payload Tips to prevent infection by this malware. TrickBot is a constantly evolving Trojan-type malware used primarily to…
Vulnerabilities
PoC Released for Critical CVE-2020-1147 flaw, SharePoint servers exposed to hack
CERT-EU VulnerabilitiesApplicationsJul 23 2020 16:52
CVE-2020-1147 is a critical vulnerability in .NET Framework, SharePoint, and Visual Studio that was recently addressed by Microsoft with the release of the security updates. July 2020 Patch Tuesday The flaw is caused by the lack of check of the…
CVEnew – CVE-2020-10920 This vulnerability allows remote attackers to execute arbitrary code on affected installations of C-… https://t.co/vlSoOC0TsQ
CVEnew – TwitterJul 23 2020 16:45
CVE-2020-10920 This vulnerability allows remote attackers to execute arbitrary code on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to exploit this vulnerability. The specific flaw…
Ongoing Campaigns

Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.

More News

  • COVID-19 Alert – 03 August 2020

    Silobreaker's Daily COVID-19 Alert for 03 August 2020
  • Cyber Alert – 03 August 2020

    Cyber Alert: InfoSecHotSpot - 10 billion records exposed in unsecured databases, study says The databases contain personal information that could… https://t.co/LYBl2kpNgL...
  • COVID-19 Alert – 02 August 2020

    Silobreaker's Daily COVID-19 Alert for 02 August 2020
View all News

Request a demo

Get in touch