This alert was created automatically by our award-winning intelligence product Silobreaker Online. Story selection is determined by an algorithm and based on a set of queries initially set by a Silobreaker user. Contact productinfo[at]silobreaker[dot]com for more information.
| Heat – Trending Malware and Threat Actors | ||||
|---|---|---|---|---|
| Name | Heat 1 | Heat 7 | Vol 1 | Vol 7 |
| Conti Ransomware |  |
 |
13 | 14 |
| Lazarus Group | |
 |
22 | 34 |
| LokiBot Trojan | |
|
20 | 54 |
| Ryuk Ransomware | |
 |
8 | 15 |
| Goblin Panda | |
|
6 | 8 |
| Dharma Ransomware |  |
|
9 | 52 |
| Trickbot Malware | |
|
7 | 14 |
| SunCrypt Ransomware | |
|
3 | 3 |
| BetaBot | |
|
3 | 5 |
| SourMint | |
|
3 | 6 |
| Data Breaches |
| Expert Commentary: Travel Site Exposed 37 Million Records Before Meow Attack |
| Information Security Buzz – Aug 25 2020 10:14 |
| RailYatri, the company behind one of India’s most popular travel booking sites exposed 43GB of customer and corporate data before it was deleted by the infamous “Meow” attacker. A team at SafetyDetectives discovered an Elasticsearch server without… |
| Almost 235 Million YouTube, TikTok and Instagram Profiles Exposed Online by Unsecured Database |
| HOTforSecurity – Aug 25 2020 14:57 |
| … |
| BleepinComputer – This data leak site currently includes 26 victims, with some being well-known. For each victim, a dedicated page i… https://t.co/11E41HFX8X |
| BleepinComputer – Twitter – Aug 25 2020 18:15 |
| This data leak site currently includes 26 victims, with some being well-known. For each victim, a dedicated page is created with samples of leaked data. https://twitter.com/BleepinComputer/status/1298323202305925122/photo/1 |
| Dinosn – Almost 235 Million YouTube, TikTok and Instagram Profiles Exposed Online by Unsecured Database https://t.co/0y2v4xzATE |
| Dinosn – Twitter – Aug 26 2020 04:04 |
| Almost 235 Million YouTube, TikTok and Instagram Profiles Exposed Online by Unsecured Database http://feedproxy.google.com/~r/SecurityBloggersNetwork/~3/cIX53-Mmx5I/ |
| Hacker Groups |
| DeathStalker threat group spies on small and medium businesses |
| CyberSecurity Help – Blog – RSS – Aug 25 2020 11:23 |
| The group does not appear to be motivated by financial gain, instead, DeathStalker is focused on sensitive business data. |
| North Korea’s Lazarus targets cryptocurrency vertical |
| Computer Weekly – Aug 25 2020 11:45 |
| APT group behind the infamous WannaCry incident is targeting cryptocurrency operators, according to new research The Lazarus Group, the advanced persistent threat (APT) group aligned to the interests of the North Korean government, is orchestrating a… |
| The Trail of BlackTech’s Cyber Espionage Campaigns |
| Vyagers – RSS – Aug 26 2020 01:57 |
| https://www.trendmicro.com/en_us/research/17/f/following-trail-blacktech-cyber-espionage-campaigns.html |
| APT36 Sharpens Tools While Focusing on New Targets |
| Cyware – Aug 25 2020 19:24 |
| Transparent Tribe aka APT36, a Pakistan-based APT group, is known for surveillance and spying government and military organizations in India and Afghanistan. Recently, they have been observed further enhancing their arsenal with new toolkits and… |
| Malware |
| GOT: Conti (Ryuk) joins the ranks of ransomware gangs operating data leak sites |
| ZDNet Security – Aug 25 2020 17:17 |
| More and more ransomware gangs are now operating sites where they leak sensitive data from victims who refuse to pay the ransom demand. |
| ZDNet – GOT: Conti (Ryuk) joins the ranks of ransomware gangs operating data leak sites https://t.co/hh43UR8rFI by @campuscodi |
| ZDNet – Twitter – Aug 25 2020 17:17 |
| GOT: Conti (Ryuk) joins the ranks of ransomware gangs operating data leak sites https://zd.net/2EwGQjd by @campuscodi |
| BleepinComputer – Conti is now one out of 17 other ransomware operations that steal data, including Ako, Avaddon, Clop, CryLock, Dopp… https://t.co/ZOK6HcxBZa |
| BleepinComputer – Twitter – Aug 25 2020 18:15 |
| Conti is now one out of 17 other ransomware operations that steal data, including Ako, Avaddon, Clop, CryLock, DoppelPaymer, Maze, MountLocker, Nemty, Nephilim, Netwalker, Pysa/Mespinoza, Ragnar Locker, REvil, Sekhmet, Snatch, and… |
| BleepinComputer – With Conti, there are now 17 ransomware operations leaking data. These operations include, Ako, Avaddon, Clop, CryL… https://t.co/bnkBirGsk4 |
| BleepinComputer – Twitter – Aug 25 2020 23:27 |
| With Conti, there are now 17 ransomware operations leaking data. These operations include, Ako, Avaddon, Clop, CryLock, DoppelPaymer, Maze, MountLocker, Nemty, Nephilim, Netwalker, Pysa/Mespinoza, Ragnar Locker, REvil, Sekhmet, Snatch, and Snake… |
| Vulnerabilities |
| CVEnew – CVE-2020-17404 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo… https://t.co/imrLLLQiIP |
| CVEnew – Twitter – Aug 25 2020 21:45 |
| CVE-2020-17404 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page… |
| Enterprise Application Access Client (EAA) Vulnerability (CVE-2019-18847) – Remote Code Execution and Privilege Escalation in Zero Trust Model. |
| Reddit – Netsec – Aug 25 2020 18:03 |
| submitted by /u/knapstack123 [link]… |
| CVEnew – CVE-2020-15641 This vulnerability allows remote attackers to disclose sensitive information on affected installatio… https://t.co/GLy5sKiorv |
| CVEnew – Twitter – Aug 25 2020 21:45 |
| CVE-2020-15641 This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole 5.5.0.64. Authentication is not required to exploit this vulnerability. The specific flaw exists within… |
| CVEnew – CVE-2020-15640 This vulnerability allows remote attackers to disclose sensitive information on affected installatio… https://t.co/zVAWT1NJUA |
| CVEnew – Twitter – Aug 25 2020 21:45 |
| CVE-2020-15640 This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole 5.5.0.64. Authentication is not required to exploit this vulnerability. The specific flaw exists within… |
| Ongoing Campaigns |
| Hack-for-Hire Group Targets Financial Sector Since 2012 |
| Security Week – Aug 25 2020 12:06 |
| A hack-for-hire group has been targeting organizations in the financial sector since 2012, for cyber-espionage purposes, Kaspersky’s security researchers reveal. Dubbed DeathStalker, the “mercenary” advanced persistent threat (APT) has been targeting… |
| Law Enforcement Agencies Warn of Vishing Attacks Targeting Employees |
| Security Bloggers Network – Aug 25 2020 07:15 |
| … |
| Weekly Threat Briefing: Cryptominers, Phishing, APT Group, and More |
| ThreatStream Blog – Aug 25 2020 14:00 |
| The various threat intelligence stories in this iteration of the Weekly Threat Briefing discuss the following topics: APT, Backdoor, GoldenSpy, Phishing, Ransomware, and Vulnerabilities. The IOCs related to these stories… |
Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.
This alert was created automatically by our award-winning intelligence product Silobreaker Online. Story selection is determined by an algorithm and based on a set of queries initially set by a Silobreaker user. Contact productinfo[at]silobreaker[dot]com for more information.
| Heat – Trending Malware and Threat Actors | ||||
|---|---|---|---|---|
| Name | Heat 1 | Heat 7 | Vol 1 | Vol 7 |
| Conti Ransomware |  |
 |
13 | 14 |
| Lazarus Group | |
 |
22 | 34 |
| LokiBot Trojan | |
|
20 | 54 |
| Ryuk Ransomware | |
 |
8 | 15 |
| Goblin Panda | |
|
6 | 8 |
| Dharma Ransomware |  |
|
9 | 52 |
| Trickbot Malware | |
|
7 | 14 |
| SunCrypt Ransomware | |
|
3 | 3 |
| BetaBot | |
|
3 | 5 |
| SourMint | |
|
3 | 6 |
| Data Breaches |
| Expert Commentary: Travel Site Exposed 37 Million Records Before Meow Attack |
| Information Security Buzz – Aug 25 2020 10:14 |
| RailYatri, the company behind one of India’s most popular travel booking sites exposed 43GB of customer and corporate data before it was deleted by the infamous “Meow” attacker. A team at SafetyDetectives discovered an Elasticsearch server without… |
| Almost 235 Million YouTube, TikTok and Instagram Profiles Exposed Online by Unsecured Database |
| HOTforSecurity – Aug 25 2020 14:57 |
| … |
| BleepinComputer – This data leak site currently includes 26 victims, with some being well-known. For each victim, a dedicated page i… https://t.co/11E41HFX8X |
| BleepinComputer – Twitter – Aug 25 2020 18:15 |
| This data leak site currently includes 26 victims, with some being well-known. For each victim, a dedicated page is created with samples of leaked data. https://twitter.com/BleepinComputer/status/1298323202305925122/photo/1 |
| Dinosn – Almost 235 Million YouTube, TikTok and Instagram Profiles Exposed Online by Unsecured Database https://t.co/0y2v4xzATE |
| Dinosn – Twitter – Aug 26 2020 04:04 |
| Almost 235 Million YouTube, TikTok and Instagram Profiles Exposed Online by Unsecured Database http://feedproxy.google.com/~r/SecurityBloggersNetwork/~3/cIX53-Mmx5I/ |
| Hacker Groups |
| DeathStalker threat group spies on small and medium businesses |
| CyberSecurity Help – Blog – RSS – Aug 25 2020 11:23 |
| The group does not appear to be motivated by financial gain, instead, DeathStalker is focused on sensitive business data. |
| North Korea’s Lazarus targets cryptocurrency vertical |
| Computer Weekly – Aug 25 2020 11:45 |
| APT group behind the infamous WannaCry incident is targeting cryptocurrency operators, according to new research The Lazarus Group, the advanced persistent threat (APT) group aligned to the interests of the North Korean government, is orchestrating a… |
| The Trail of BlackTech’s Cyber Espionage Campaigns |
| Vyagers – RSS – Aug 26 2020 01:57 |
| https://www.trendmicro.com/en_us/research/17/f/following-trail-blacktech-cyber-espionage-campaigns.html |
| APT36 Sharpens Tools While Focusing on New Targets |
| Cyware – Aug 25 2020 19:24 |
| Transparent Tribe aka APT36, a Pakistan-based APT group, is known for surveillance and spying government and military organizations in India and Afghanistan. Recently, they have been observed further enhancing their arsenal with new toolkits and… |
| Malware |
| GOT: Conti (Ryuk) joins the ranks of ransomware gangs operating data leak sites |
| ZDNet Security – Aug 25 2020 17:17 |
| More and more ransomware gangs are now operating sites where they leak sensitive data from victims who refuse to pay the ransom demand. |
| ZDNet – GOT: Conti (Ryuk) joins the ranks of ransomware gangs operating data leak sites https://t.co/hh43UR8rFI by @campuscodi |
| ZDNet – Twitter – Aug 25 2020 17:17 |
| GOT: Conti (Ryuk) joins the ranks of ransomware gangs operating data leak sites https://zd.net/2EwGQjd by @campuscodi |
| BleepinComputer – Conti is now one out of 17 other ransomware operations that steal data, including Ako, Avaddon, Clop, CryLock, Dopp… https://t.co/ZOK6HcxBZa |
| BleepinComputer – Twitter – Aug 25 2020 18:15 |
| Conti is now one out of 17 other ransomware operations that steal data, including Ako, Avaddon, Clop, CryLock, DoppelPaymer, Maze, MountLocker, Nemty, Nephilim, Netwalker, Pysa/Mespinoza, Ragnar Locker, REvil, Sekhmet, Snatch, and… |
| BleepinComputer – With Conti, there are now 17 ransomware operations leaking data. These operations include, Ako, Avaddon, Clop, CryL… https://t.co/bnkBirGsk4 |
| BleepinComputer – Twitter – Aug 25 2020 23:27 |
| With Conti, there are now 17 ransomware operations leaking data. These operations include, Ako, Avaddon, Clop, CryLock, DoppelPaymer, Maze, MountLocker, Nemty, Nephilim, Netwalker, Pysa/Mespinoza, Ragnar Locker, REvil, Sekhmet, Snatch, and Snake… |
| Vulnerabilities |
| CVEnew – CVE-2020-17404 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo… https://t.co/imrLLLQiIP |
| CVEnew – Twitter – Aug 25 2020 21:45 |
| CVE-2020-17404 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page… |
| Enterprise Application Access Client (EAA) Vulnerability (CVE-2019-18847) – Remote Code Execution and Privilege Escalation in Zero Trust Model. |
| Reddit – Netsec – Aug 25 2020 18:03 |
| submitted by /u/knapstack123 [link]… |
| CVEnew – CVE-2020-15641 This vulnerability allows remote attackers to disclose sensitive information on affected installatio… https://t.co/GLy5sKiorv |
| CVEnew – Twitter – Aug 25 2020 21:45 |
| CVE-2020-15641 This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole 5.5.0.64. Authentication is not required to exploit this vulnerability. The specific flaw exists within… |
| CVEnew – CVE-2020-15640 This vulnerability allows remote attackers to disclose sensitive information on affected installatio… https://t.co/zVAWT1NJUA |
| CVEnew – Twitter – Aug 25 2020 21:45 |
| CVE-2020-15640 This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole 5.5.0.64. Authentication is not required to exploit this vulnerability. The specific flaw exists within… |
| Ongoing Campaigns |
| Hack-for-Hire Group Targets Financial Sector Since 2012 |
| Security Week – Aug 25 2020 12:06 |
| A hack-for-hire group has been targeting organizations in the financial sector since 2012, for cyber-espionage purposes, Kaspersky’s security researchers reveal. Dubbed DeathStalker, the “mercenary” advanced persistent threat (APT) has been targeting… |
| Law Enforcement Agencies Warn of Vishing Attacks Targeting Employees |
| Security Bloggers Network – Aug 25 2020 07:15 |
| … |
| Weekly Threat Briefing: Cryptominers, Phishing, APT Group, and More |
| ThreatStream Blog – Aug 25 2020 14:00 |
| The various threat intelligence stories in this iteration of the Weekly Threat Briefing discuss the following topics: APT, Backdoor, GoldenSpy, Phishing, Ransomware, and Vulnerabilities. The IOCs related to these stories… |
Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.
