25 October 2020
This alert was created automatically by our award-winning intelligence product Silobreaker Online. Story selection is determined by an algorithm and based on a set of queries initially set by a Silobreaker user. Contact us here for more information.
Heat – Trending Malware and Threat Actors
| Name | Heat 1 | Heat 7 | Vol 1 | Vol 7 |
|---|---|---|---|---|
| TRITON Malware |  |
 |
10 | 41 |
| WastedLocker | |
 |
6 | 16 |
| Energetic Bear |  |
|
3 | 24 |
| Evil Corp | |
 |
2 | 5 |
| Locky Bart | |
|
1 | 1 |
| TEMP.Veles | |
|
1 | 1 |
| Triton APT | |
|
1 | 1 |
| Jaff Ransomware | |
|
1 | 1 |
| Unit 29155 | |
|
1 | 3 |
| BitPaymer Ransomware | |
|
1 | 2 |
Data Breaches
ZDNet – Nvidia tackles code execution flaws, data leaks in GeForce Experience https://t.co/CvnfmBD00XZDNet – Twitter – Oct 25 2020 06:45Nvidia tackles code execution flaws, data leaks in GeForce Experience…
securitybrew – I’m pondering @amazon security protocols. They never ask me to change my password, keep transactions incredibly pa… https://t.co/T8ZoxsxHIVsecuritybrew – Twitter – Oct 25 2020 01:37I'm pondering @amazon security protocols. They never ask me to change my password, keep transactions incredibly painless. Yet, no breaches I've experienced. I think they should share their risk management policies.
da_667 – @LesterCovax @AwfulyPrideful @Gwunhar Call me whatever you want, but I really don’t consider into the breach a rogu… https://t.co/W3OK8CnEP4da_667 – Twitter – Oct 25 2020 03:41@LesterCovax @AwfulyPrideful @Gwunhar Call me whatever you want, but I really don't consider into the breach a rogue-like so much as its just a procedural turn-based strategy. I played it a little bit, I couldn't get into it. My perfectionist in me…
Hacker Groups
InfoSecHotSpot – Russian APT group ‘Energetic Bear’ attacking state and local networks There’s no evidence to suggest that the group… https://t.co/KTJsRMcOr7InfoSecHotSpot – Twitter – Oct 25 2020 01:58Russian APT group 'Energetic Bear' attacking state and local networks There's no evidence to suggest that the group has been able to compromise the integrity of elections data https://bit.ly/37AJRvv…
Russia’s Clandestine Chemical Weapons Programme and the GRU’s Unit 29155 – bellingcatReddit – Intelligence News – RSS – Oct 24 2020 06:40…
anon_indonesia – The Anonymous Indonesia News Daily is out! https://t.co/fDjPJweYHb Stories via @sureshdr @NSAGov #becybersmartanon_indonesia – Twitter – Oct 25 2020 03:15The Anonymous Indonesia News Daily is out! https://paper.li/anon_indonesia/1435572762?edition_id=4fc1eef0-1670-11eb-8430-002590a5ba2d Stories via @sureshdr @NSAGov #becybersmart
Secnewsbytes – Wizard Spider Modifies and Expands Toolset [Adversary Update] https://t.co/8AwX8IdyVaSecnewsbytes – Twitter – Oct 24 2020 17:27Wizard Spider Modifies and Expands Toolset [Adversary Update] https://www.crowdstrike.com/blog/wizard-spider-adversary-update/
Malware
Boyne Resorts ski and golf resort operator hit with WastedLocker ransomwareSecurity Affairs – Oct 24 2020 13:31The systems at the US-based ski and golf resort operator were infected with the WastedLocker ransomware, the incident impacted reservation systems. Boyne Resorts is a collection of mountain and lakeside resorts, ski areas, and attractions spanning…
cybersecboardrm – Boyne Resorts ski and golf resort operator hit with WastedLocker ransomware #Cybersecurity #ransomware #security https://t.co/qakLGovs6tcybersecboardrm – Twitter – Oct 24 2020 14:30Boyne Resorts ski and golf resort operator hit with WastedLocker ransomware #Cybersecurity #ransomware #security…
Emotet malware now wants you to upgrade Microsoft WordMalwareTips.com – Oct 24 2020 17:28motet switched to a new template this week that pretends to be a Microsoft Office message stating that Microsoft Word needs to be updated to add a new feature. Emotet is a malware infection that spreads through emails containing Word documents with…
ZDNet – US Treasury sanctions Russian research institute behind Triton malware https://t.co/v493H4GtKqZDNet – Twitter – Oct 24 2020 08:45US Treasury sanctions Russian research institute behind Triton malware…
Vulnerabilities
bad_packets – Mass scanning activity detected from 109.92.5.143 (🇷🇸) attempting to exploit Citrix (NetScaler) servers vulnerable… https://t.co/8ktJ50wqwYbad_packets – Twitter – Oct 24 2020 18:10Mass scanning activity detected from 109.92.5.143 (🇷🇸) attempting to exploit Citrix (NetScaler) servers vulnerable to CVE-2019-19781 (https://badpackets.net/over-25000-citrix-netscaler-endpoints-vulnerable-to-cve-2019-19781/).
Query our API for…
bad_packets – Mass scanning activity detected from 12.239.13.148 (🇺🇸) checking for Pulse Secure VPN servers vulnerable to CVE-201… https://t.co/BvyemLoGaqbad_packets – Twitter – Oct 24 2020 18:12Mass scanning activity detected from 12.239.13.148 (🇺🇸) checking for Pulse Secure VPN servers vulnerable to CVE-2019-11510 (https://nvd.nist.gov/vuln/detail/CVE-2019-11510). #threatintel…
securityaffairs – RT @cybersecmnl: The idea to reward white hat hackers for reporting security flaws is not new for the Chinese firm that claimed to have alr…securityaffairs – Twitter – Oct 24 2020 13:32RT @cybersecmnl: The idea to reward white hat hackers for reporting security flaws is not new for the Chinese firm that claimed to have already paid out more than $40,000 through its bug bounty program. #Cybersecurity https://cstu.io/0fb99f via…
Securityblog – RT @Dinosn: Jira’s CVE-2020-14181 is easy exploitable simply by browsing at https://server/secure/ViewUserHover.jspa?username=username_to_t…Securityblog – Twitter – Oct 24 2020 19:49RT @Dinosn: Jira's CVE-2020-14181 is easy exploitable simply by browsing at https://server/secure/ViewUserHover.jspa?username=username_to_test, eg https://server/secure/ViewUserHover.jspa?username=admin (someone asked few days back for an exploit…
Ongoing Campaigns
US Treasury imposes sanctions on a Russian research institute behind Triton malwareSecurity Affairs – Oct 24 2020 11:30US Treasury Department announced sanctions against Russia’s Central Scientific Research Institute of Chemistry and Mechanics behind Triton malware. The US Treasury Department announced sanctions against a Russian research institute for its alleged…
Treasury sanctions Russian research institute for Triton attackSC Magazine US – Oct 24 2020 22:44The Treasury Department’s Office of Foreign Assets Control sanctioned a Russian government research institution linked to Triton malware targeting industrial safety systems, the first time the U.S. took such an action for an industrial control system…
securityaffairs – RT @cybersecmnl: Mandiant researchers speculate FIN11 will continue to target organizations with sensitive proprietary data and that will l…securityaffairs – Twitter – Oct 24 2020 16:57RT @cybersecmnl: Mandiant researchers speculate FIN11 will continue to target organizations with sensitive proprietary data and that will likely pay the ransom to recover their operations after the attacks. #Cybersecurity https://cstu.io/08826e via…
TripwireInc – Phishing attacks are on the rise, making it increasingly important to know how to spot these scams.
@DMBisson look… https://t.co/si7spcwaFk
TripwireInc – Twitter – Oct 24 2020 23:00Phishing attacks are on the rise, making it increasingly important to know how to spot these scams.@DMBisson looks at six of the most common types of attack and how to defend against…
Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.
