25 March 2021

This alert was created automatically by our award-winning intelligence product Silobreaker Online. Story selection is determined by an algorithm and based on a set of queries initially set by a Silobreaker user. Contact us here for more information.

Heat – Trending Malware and Threat Actors
Name Heat 1 Heat 7 Vol 1 Vol 7
Purple Fox Malware 22 31
Black Kingdom Ransomware 14 42
IcedID Trojan 9 17
Evil Eye APT 6 6
BazarLoader 5 6
HDDCryptor 3 3
Sodinokibi Ransomware 11 84
Zloader Malware 3 5
APT29 3 4
Insomnia Malware 2 2
Data Breaches
Billions of FBS Records Exposed in Online Trading Broker Data Leak hxxps://securityaffairs[.]co/wordpress/115925/data-breach/fbs-data-breach.htmlDinosn – Twitter – Mar 24 2021 16:44Billions of FBS Records Exposed in Online Trading Broker Data Leak hxxps://securityaffairs[.]co/wordpress/115925/data-breach/fbs-data-breach.html
Billions of FBS Records Exposed in Online Trading Broker Data LeakSecurity Affairs – Mar 24 2021 14:52Ata Hakcil led the team of white hat hackers from WizCase in identifying a major data leak on online trading broker FBS’ websites. The data from FBS[.]com and FBS[.]eu comprised millions of confidential records including names, passwords,…
Billions of FBS Records Exposed in Online Trading Broker Data Leak
hxxps://securityaffairs[.]co/wordpress/115925/data-breach/fbs-data-breach.html
#securityaffairs #hacking
securityaffairs – Twitter – Mar 24 2021 14:53Billions of FBS Records Exposed in Online Trading Broker Data Leak
hxxps://securityaffairs[.]co/wordpress/115925/data-breach/fbs-data-breach.html
#securityaffairs #hacking
5G network slicing vulnerability leaves enterprises exposed to cyberattacksHelp Net Security – News – Mar 24 2021 12:23AdaptiveMobile Security today publicly disclosed details of a major security flaw in the architecture of 5G network slicing and virtualized network functions. The fundamental vulnerability has the potential to allow data access and denial of…
Hacker Groups
Facebook Moves Against ‘Evil Eye’ Hackers Targeting UyghursWired -Security – Mar 24 2021 18:34The company’s investigation into a Chinese espionage campaign took researchers beyond Facebook’s own platforms.
New ICS Threat Activity Group: STIBNITEDragos Blog – RSS – Mar 24 2021 15:09Dragos first disclosed four new threat activity groups targeting ICS/OT last month in the ICS Cybersecurity 2020 Year in Review report. In this blog post, we will provide more…
Chat Digest – Kr3pto LLC 2021/03/24 15:37 – 15:37 UTCKr3pto LLC – Telegram – Mar 24 2021 15:37[15:37] : “`🏦 BANK : DISCOVER
✉ EMAIL : aim[.]com
👥 GENDER : ❌
🌆 STATE : N/A
📱 CARRIER : N/A
💵 PRICE : $140
🔶 EXTRA : FICO SCORE: 782“`
SilverFish: Swiss firm accesses servers linked to SolarWinds hackers hxxps://www[.]hackread[.]com/swiss-firms-access-solarwinds-hackers-servers/Dinosn – Twitter – Mar 24 2021 14:27SilverFish: Swiss firm accesses servers linked to SolarWinds hackers hxxps://www[.]hackread[.]com/swiss-firms-access-solarwinds-hackers-servers/
Malware
Watch out as Purple Fox malware with worm module hits WindowsHackRead – Mar 24 2021 17:41By Waqas According to researchers, Purple Fox malware attacks intensified significantly, and it has launched a total of 90,000 attacks since May 2020. This is a post from HackRead[.]com Read the original post: …
Ransomware Incidents Continue to Dominate Threat Landscape Cisco Talos’ IR engagements found attackers relied heavily on malware like Zloader and BazarLoader to distribute ransomware in the past three months. hxxps://bit[.]ly/3smaGer hxxps://twitter[.]com/InfoSecHotSpot/status/1374891571116654593/photo/1InfoSecHotSpot – Twitter – Mar 25 2021 01:11Ransomware Incidents Continue to Dominate Threat Landscape Cisco Talos' IR engagements found attackers relied heavily on malware like Zloader and BazarLoader to distribute ransomware in the past three months. hxxps://bit[.]ly/3smaGer…
Purple Fox malware evolves to propagate across Windows machinesZDNet Security – Mar 24 2021 11:21The malware’s new worm capabilities have resulted in a rapidly-increasing infection rate.
Emotet v IcedID submissions on @abuse_ch (bottom is Emotet, top is IcedID) hxxps://twitter[.]com/bry_campbell/status/1374688680166748163/photo/1bry_campbell – Twitter – Mar 24 2021 11:44Emotet v IcedID submissions on @abuse_ch (bottom is Emotet, top is IcedID) hxxps://twitter[.]com/bry_campbell/status/1374688680166748163/photo/1
Vulnerabilities
CVE-2019-19349 An insecure modification vulnerability in the /etc/passwd file was found in the container operator-framework/operator-metering as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/… hxxps://cve[.]mitre[.]org/cgi-bin/cvename.cgi?name=CVE-2019-19349CVEnew – Twitter – Mar 24 2021 16:45CVE-2019-19349 An insecure modification vulnerability in the /etc/passwd file was found in the container operator-framework/operator-metering as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify…
CVE-2019-19350 An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ansible-service-broker as shipped in Red Hat Openshift 4 and 3.11. An attacker with access to the container could use this flaw to modify /etc/passw… hxxps://cve[.]mitre[.]org/cgi-bin/cvename.cgi?name=CVE-2019-19350CVEnew – Twitter – Mar 24 2021 16:45CVE-2019-19350 An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ansible-service-broker as shipped in Red Hat Openshift 4 and 3.11. An attacker with access to the container could use this flaw to modify…
CVE-2021-1449 A vulnerability in the boot logic of Cisco Access Points Software could allow an authenticated, local attacker to execute unsigned code at boot time. The vulnerability is due to an improper check that is performed by the area of code that … hxxps://cve[.]mitre[.]org/cgi-bin/cvename.cgi?name=CVE-2021-1449CVEnew – Twitter – Mar 24 2021 20:45CVE-2021-1449 A vulnerability in the boot logic of Cisco Access Points Software could allow an authenticated, local attacker to execute unsigned code at boot time. The vulnerability is due to an improper check that is performed by the area of code…
CVE-2019-19353 An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/hive as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate the… hxxps://cve[.]mitre[.]org/cgi-bin/cvename.cgi?name=CVE-2019-19353CVEnew – Twitter – Mar 24 2021 16:45CVE-2019-19353 An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/hive as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate…
Ongoing Campaigns
TrickBot Spreading Actively, Launches Phishing SchemesCyware – Mar 24 2021 20:28TrickBot malware is actively spreading via spear-phishing campaigns and targeting several entities based in North America. According to the recent warnings from several federal agencies, an advanced threat group is using phishing emails to lure…
Purple Fox malware can now spread between Windows devicesIT Pro UK – Mar 24 2021 12:36A nasty malware strain affecting Windows machines, known as Purple Fox, has developed worm-like functionality that allows it to spread between devices on an automated basis. Purple Fox was first discovered in March 2018 as a malware strain that…
Black Kingdom ransomware is targeting Microsoft Exchange serversSecurity Affairs – Mar 24 2021 13:37Security experts reported that a second ransomware gang, named Black Kingdom, is targeting Microsoft Exchange servers. After the public disclosure of …
Brazil leads in phishing attacksZDNet Security – Mar 24 2021 23:16One in five Internet users were targeted at least once in 2020, but awareness is growing in the country, according to research.

Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.

Silobreaker Daily Cyber Alert

Sign up for the latest news on data breaches, hacker groups, malware and vulnerabilities.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal