27 April 2021

This alert was created automatically by our award-winning intelligence product Silobreaker Online. Story selection is determined by an algorithm and based on a set of queries initially set by a Silobreaker user. Contact us here for more information.

Heat – Trending Malware and Threat Actors
Name Heat 1 Heat 7 Vol 1 Vol 7
EMOTET Trojan 28 67
Shlayer Trojan 8 8
FluBot Android Banking Trojan 8 14
Babuk Locker 8 11
Supernova Webshell 5 26
Trickbot Malware 5 11
CozyDuke 2 2
Pegasus Malware 2 3
Anonymous Group 2 4
WannaCry Ransomware 3 8
Data Breaches
SLA Breaches: How To Define, Handle & Avoid SLA BreachesInformation Age – Apr 26 2021 15:23When it comes to service management, the main determinant of quality and customer satisfaction is (usually) whether the service provider keeps their promises. Service level agreements (SLAs) are usually the go-to reference for what any company…
OR: Centennial schools to close for 2 days after hackers breach school technology systemsOffice of Inadequate Security – Apr 27 2021 02:19Jayati Ramakrishnan reports: A Portland-area school district has canceled Tuesday and Wednesday classes as staffers work to…
Microstation CAD and VBA; Apple Patches Everything (and 0-Day); Hashicorp code signing key exposed;
hxxps://i5c[.]us/p7474 hxxps://twitter[.]com/sans_isc/status/1386864030132969476/photo/1
sans_isc – Twitter – Apr 27 2021 02:05Microstation CAD and VBA; Apple Patches Everything (and 0-Day); Hashicorp code signing key exposed;
hxxps://i5c[.]us/p7474 hxxps://twitter[.]com/sans_isc/status/1386864030132969476/photo/1
CVE-2021-30635 Sonatype Nexus Repository Manager 3.x before 3.30.1 allows a remote attacker to get a list of files and directories that exist in a UI-related folder via directory traversal (no customer-specific data is exposed). hxxps://cve[.]mitre[.]org/cgi-bin/cvename.cgi?name=CVE-2021-30635CVEnew – Twitter – Apr 27 2021 04:45CVE-2021-30635 Sonatype Nexus Repository Manager 3.x before 3.30.1 allows a remote attacker to get a list of files and directories that exist in a UI-related folder via directory traversal (no customer-specific data is exposed)….
Hacker Groups
Don’t Risk Getting Caught by Kr3pto Phishing KitsSecurity Bloggers Network – Apr 26 2021 14:00Akamai's threat research team recently published a report showing that a new phishing toolkit named Kr3pto was targeting UK banking customers. A phishing kit is an all-in-one software package that lets just about anyone create and launch phishing…
@KevinsMemes Lulzsec was about attention and they got thoroughly spanked for it. We respect a number of the people involved. But, it’s not the way.YourAnonNews – Twitter – Apr 26 2021 07:25@KevinsMemes Lulzsec was about attention and they got thoroughly spanked for it. We respect a number of the people involved. But, it's not the way.
The BBC is running a podcast series on the Lazarus group. Episode 1 is the story of the Sony hack and how the Lazarus Group hackers caused mayhem in Hollywood and for Sony Pictures Entertainment. hxxps://www[.]bbc[.]co[.]uk/sounds/play/p09dx4p1virusbtn – Twitter – Apr 26 2021 13:30The BBC is running a podcast series on the Lazarus group. Episode 1 is the story of the Sony hack and how the Lazarus Group hackers caused mayhem in Hollywood and for Sony Pictures Entertainment. hxxps://www[.]bbc[.]co[.]uk/sounds/play/p09dx4p1
RT @virusbtn: The BBC is running a podcast series on the Lazarus group. Episode 1 is the story of the Sony hack and how the Lazarus Group hackers caused mayhem in Hollywood and for Sony Pictures Entertainment. hxxps://www[.]bbc[.]co[.]uk/sounds/play/p09dx4p1security4all – Twitter – Apr 26 2021 15:41RT @virusbtn: The BBC is running a podcast series on the Lazarus group. Episode 1 is the story of the Sony hack and how the Lazarus Group hackers caused mayhem in Hollywood and for Sony Pictures Entertainment….
Malware
Law enforcement delivers final blow to EmotetCyberscoop – News – Apr 26 2021 13:35Law enforcement officials are taking another stab at taking down Emotet. For years cybercriminals have used Emotet, a botnet or a network of infected computers that …
RT @lordx64: UPDATE ⚡ MOSERPASS stage 2 analysis was added to the blog. Big thanks to @peterkruse for sharing the stage 2 sample with me. Bottom line: 29 000 entreprise customers of ClickStudios if targeted by MOSERPASS are at high risk of getting compromised later hxxps://lordx64[.]medium[.]com/initial-analysis-of-passwordstate-supply-chain-attack-backdoor-code-aaff1df389e4Jan0fficial – Twitter – Apr 26 2021 10:32RT @lordx64: UPDATE ⚡ MOSERPASS stage 2 analysis was added to the blog. Big thanks to @peterkruse for sharing the stage 2 sample with me. Bottom line: 29 000 entreprise customers of ClickStudios if targeted by MOSERPASS are at high risk of getting…
Avaddon Ransomware Group Hit the Small Italian Municipality of Villafranca d’AstiTechNadu – Apr 26 2021 10:03The small town of Villafranca in northern Italy has suffered an Avaddon ransomware attack. The actors have stolen sensitive documents and have already published alarming samples. The municipality is threatened with DDoSing if its officials don’t…
Developing — Babuk claims to have hacked Metropolitan D.C. PoliceOffice of Inadequate Security – Apr 26 2021 22:55The threat actors known as Babuk have added the Metropolitan Police D.C. to their leak site, adding, “We will not…
Vulnerabilities
CVE-2021-31826 Shibboleth Service Provider 3.x before 3.2.2 is prone to a NULL pointer dereference flaw involving the session recovery feature. The flaw is exploitable (for a daemon crash) on systems not using this feature if a crafted cookie is supplied. hxxps://cve[.]mitre[.]org/cgi-bin/cvename.cgi?name=CVE-2021-31826CVEnew – Twitter – Apr 27 2021 05:45CVE-2021-31826 Shibboleth Service Provider 3.x before 3.2.2 is prone to a NULL pointer dereference flaw involving the session recovery feature. The flaw is exploitable (for a daemon crash) on systems not using this feature if a crafted cookie is…
CVE-2021-3472 A flaw was found in xorg-x11-server in versions before 1.20.11. An integer underflow can occur in xserver which can lead to a local privilege escalation. The highest threat from this vulnerability is to data confidentiality and integrity a… hxxps://cve[.]mitre[.]org/cgi-bin/cvename.cgi?name=CVE-2021-3472CVEnew – Twitter – Apr 26 2021 15:43CVE-2021-3472 A flaw was found in xorg-x11-server in versions before 1.20.11. An integer underflow can occur in xserver which can lead to a local privilege escalation. The highest threat from this vulnerability is to data confidentiality and…
Cryptomining Campaign Leverages Exchange Server FlawsBankInfoSecurity – Apr 26 2021 13:41Cybereason Says Russian Hacking…
Apple Patches Serious MacOS Security FlawDark Reading – All Stories – Apr 26 2021 22:50The bug can put Mac users at "grave risk" as it allows attackers to bypass Apple's security mechanisms, a researcher reports.
Ongoing Campaigns
All about cross-site scripting (XSS)InfoSec Bug Bounty Write-ups – RSS – Apr 26 2021 09:27Hello Amazing Hackers, Hope you guys Doing well and hunting lots of bugs and Dollars ! Well, let’s start and learn about cross-site scripting attacks and methodologies to find them. What is cross-site scripting…
CISA and NIST Release New Interagency Resource: Defending Against Software Supply Chain AttacksCISA Current Activity – Apr 26 2021 12:07Original release date: April 26, 2021 A software supply chain attack—such as the recent SolarWinds Orion attack—occurs when a cyber threat actor infiltrates a software vendor’s network and employs malicious code to compromise the software before…
Passwordstate Was Hacked in a Supply Chain AttackHeimdal Security Blog – Apr 26 2021 14:55Passwordstate, the on-premises password management solution being used by over 370,000 security and IT professionals from 29,000 companies worldwide and serving companies from the Fortune 500 rankings, from a wide range of industry sectors, like…

Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.

Silobreaker Daily Cyber Alert

Sign up for the latest news on data breaches, hacker groups, malware and vulnerabilities.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal