Threat Reports

Cyber Alert – 24 June 2020

This alert was created automatically by our award-winning intelligence product Silobreaker Online. Story selection is determined by an algorithm and based on a set of queries initially set by a Silobreaker user. Contact productinfo[at]silobreaker[dot]com for more information.

Heat – Trending Malware and Threat Actors
Name Heat 1 Heat 7 Vol 1 Vol 7
Ryuk Ransomware 17 21
LokiBot Trojan 32 55
Trickbot Malware 24 32
Fxmsp 7 7
Sodinokibi Ransomware 16 25
XOR.DDoS 6 8
Kaiji Malware 6 9
Lazarus Group 6 27
Masad Stealer 4 5
GuLoader 6 7
Data Breaches
InfosecurityMag – Exposed Code in Contact Tracing Apps: Copycats and Worse https://t.co/ubVOdNPWGn
InfosecurityMag – TwitterJun 23 2020 12:08
Exposed Code in Contact Tracing Apps: Copycats and Worse https://www.infosecurity-magazine.com/blogs/exposed-contact-tracing?utm_source=twitterfeed&utm_medium=twitter
cybersecboardrm – A daily average of 80,000 printers exposed online via IPP #Cybersecurity #security https://t.co/5SOUT2Ylvi
cybersecboardrm – TwitterJun 23 2020 14:42
A daily average of 80,000 printers exposed online via IPP #Cybersecurity #security…
Exposed Code in Contact Tracing Apps: Copycats and Worse
Infosecurity – BlogJun 23 2020 12:08
Exposed Code in Contact Tracing Apps: Copycats and Worse The global discussion surrounding contact tracing apps has long been about the pressing issue of privacy. When it comes to such sensitive information like one’s health condition,…
Secnewsbytes – A daily average of 80,000 printers exposed online via IPPSecurity Affairs https://t.co/SawP6g2SDm
Secnewsbytes – TwitterJun 23 2020 16:55
A daily average of 80,000 printers exposed online via IPPSecurity Affairs https://securityaffairs.co/wordpress/105120/hacking/80000-printers-exposed-online-ipp.html
Hacker Groups
Fxmsp: the untold story of infamous seller of access to corporate networks who made at least USD 1.5 mln
Group-IBJun 23 2020 16:39
Group-IB, a Singapore-based cybersecurity company, has issued a comprehensive report on Fxmsp — a heavyweight of the Russian-speaking cyber underground who made a name for himself selling access to corporate networks. Group-IB researchers analyzed…
Anonymous Hackers Target U.S. Police Again- No More Impunity
CERT-EU – Latest Articles Ongoing Threats – RSSJun 24 2020 01:46
Facebook/Anonymous. Anonymous is back in the headlines with claims that another attack on a U.S. police website is linked to the hactivist group. In the weeks since Anonymous hackers threatened Minneapolis Police Department (MPD), that it would…
New Malware Attributed to North Korea’s Hidden Cobra/Lazarus Threat Group
CERT-EU – Latest Articles Ongoing Threats – RSSJun 23 2020 19:00
Read the original article: New Malware Attributed to North Korea’s Hidden Cobra/Lazarus Threat Group On May 12th, 2020, the United States Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) released…
ACSC Releases Advisory on Cyber Campaign using Copy-Paste Compromises
CERT-EU – Latest Articles Ongoing Threats – RSSJun 23 2020 09:15
Original release date: June 22, 2020 The Australian Cyber Security Centre (ACSC) has released an advisory regarding an ongoing cyber campaign involving “copy-paste compromises” targeting Australian government and commercial networks. According to the…
Malware
Grandoreiro malware: what it is, how it works and how to prevent it | Malware spotlight
Security Bloggers NetworkJun 23 2020 13:00
Introduction One of the few things that attracts the attention of malware researchers more than novel types of malware is malware that expands its attack horizon to new areas of the globe. Couple… Go on to the site to read the full…
InfoSecHotSpot – Sodinokibi Ransomware Now Scans Networks For PoS Systems Attackers are compromising large companies with the Cobalt… https://t.co/xetpSxnkjN
InfoSecHotSpot – TwitterJun 23 2020 23:28
Sodinokibi Ransomware Now Scans Networks For PoS Systems Attackers are compromising large companies with the Cobalt Strike malware, and then deploying the Sodinokibi ransomware. https://bit.ly/3fUOdyy…
European victims refuse to bow to Thanos ransomware
BleepingComputer.comJun 23 2020 21:17
A Thanos ransomware campaign targeting mid-level employees of multiple organizations from Austria, Switzerland, and Germany was met by the victims' refusal to pay the ransoms demanded to have their data decrypted. […]
Ryuk ransomware deployed two weeks after Trickbot infection
BleepingComputer.comJun 23 2020 09:49
Activity logs on a server used by the TrickBot trojan in post-compromise stages of an attack show that the actor takes an average of two weeks pivoting to valuable hosts on the network before deploying Ryuk ransomware. […]
Vulnerabilities
BitDefender flaw allows hacking your phone or laptop remotely
CERT-EU VulnerabilitiesApplicationsJun 23 2020 19:01
, which would put thousands of users at risk. “The incorrect input validation vulnerability in the Safepay browser component of BitDefender Total Security 2020 allows a specially crafted external web page to execute remote commands within the Safepay…
NA – CVE-2020-14940 – An issue was discovered in…
CERT-EU VulnerabilitiesApplicationsJun 23 2020 16:09
An issue was discovered in io/gpx/GPXDocumentReader.java in TuxGuitar 1.5.4. It uses misconfigured XML parsers, leading to XXE while loading GP6 (.gpx) and GP7 (.gp) tablature files. COMPANY. Security-Database help your corporation foresee and avoid…
Fixing all vulnerabilities is unrealistic, you need to zero in on what matters
Help Net Security – NewsJun 24 2020 03:30
As technology constantly advances, software development teams are bombarded with security alerts at an increasing rate. This has made it nearly impossible to remediate every vulnerability, rendering the ability to properly prioritize remediation…
CVEnew – CVE-2020-11068 In LoRaMac-node before 4.4.4, a reception buffer overflow can happen due to the received buffer size… https://t.co/dvNvlAIER8
CVEnew – TwitterJun 23 2020 17:45
CVE-2020-11068 In LoRaMac-node before 4.4.4, a reception buffer overflow can happen due to the received buffer size not being checked. This has been fixed in 4.4.4. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11068
Ongoing Campaigns
XORDDoS, Kaiji DDoS Botnets Target Docker Servers
Security WeekJun 23 2020 12:18
The distributed denial-of-service (DDoS) botnets named XORDDoS and Kaiji recently started targeting exposed Docker servers, Trend Micro warned on Monday. , also known as XOR.DDoS, has been around since 2014 and it has been targeting Linux systems. ,…
Brute-force attacks explained, and why they are on the rise
CSO MagazineJun 23 2020 10:29
Brute-force attack definition A brute-force attack sees an attacker repeatedly and systematically submitting different usernames and passwords in an attempt to eventually guess credentials correctly. This simple but resources-intensive,…
Ryuk Ransomware Deployed Two Weeks After Initial Trickbot Infection
Security Bloggers NetworkJun 23 2020 13:40
Several attack campaigns waited two weeks after achieving a successful Trickbot infection before they deployed Ryuk ransomware as their final payload. SentinelOne came across the attacks as the result of monitoring an attack server employed by…
EduardKovacs – The XORDDoS and Kaiji DDoS botnets have started targeting exposed Docker servers, Trend Micro warns. https://t.co/SYfJb6NMh8
EduardKovacs – TwitterJun 23 2020 12:25
The XORDDoS and Kaiji DDoS botnets have started targeting exposed Docker servers, Trend Micro warns. https://www.securityweek.com/xorddos-kaiji-ddos-botnets-target-docker-servers

Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.

More News

  • COVID-19 Alert – 08 July 2020

    Silobreaker's Daily COVID-19 Alert for 08 July 2020
  • Cyber Alert – 08 July 2020

    Cyber Alert: Exposed dating service databases leak sensitive info on romance-seekers...
  • COVID-19 Alert – 07 July 2020

    Silobreaker's Daily COVID-19 Alert for 07 July 2020
View all News

Request a demo

Get in touch