28 April 2021

This alert was created automatically by our award-winning intelligence product Silobreaker Online. Story selection is determined by an algorithm and based on a set of queries initially set by a Silobreaker user. Contact us here for more information.

Heat – Trending Malware and Threat Actors
Name Heat 1 Heat 7 Vol 1 Vol 7
Babuk Locker 21 31
Shlayer Trojan 14 22
EMOTET Trojan 21 88
Pegasus Malware 3 5
Lazarus Group 7 22
Sodinokibi Ransomware 10 78
FluBot Android Banking Trojan 3 15
Conti Ransomware 4 7
Chopper ASPX Web Shell 2 4
CozyDuke 2 5
Data Breaches
Sensitive source codes exposed in Microsoft Azure Blob account leakHackRead – Apr 28 2021 00:54By Habiba Rashid The research team at vpnMentor, who discovered the data, believes that it belongs to Microsoft. Here's what was leaked and what we know so far. This is a post from HackRead[.]com Read the original post: …
Two million database servers are currently exposed across cloud providers | The Record by Recorded Future hxxps://therecord[.]media/two-million-database-servers-are-currently-exposed-across-cloud-providers/Secnewsbytes – Twitter – Apr 28 2021 05:11Two million database servers are currently exposed across cloud providers | The Record by Recorded Future hxxps://therecord[.]media/two-million-database-servers-are-currently-exposed-across-cloud-providers/
Is It Ethical To Buy Breached Data?Security Bloggers Network – Apr 27 2021 07:30
Do credit monitoring and ID protection services do much for breach victims?Cyberscoop – News – Apr 27 2021 17:30It has become a staple for companies that are hit by big data breaches: extending free crediting monitoring and identity protection services to customers whose sensitive personal information is at risk. There’s nothing wrong with companies…
Hacker Groups
The FBI and DHS have issued a Joint Cybersecurity Advisory on the threat posed by the Russian Foreign Intelligence Service (SVR) via the cyber actor known as APT 29 (aka the Dukes, Cozy Bear, Yttrium and CozyDuke) hxxps://lnkd[.]in/g3bf3K4gollmann – Twitter – Apr 27 2021 22:01The FBI and DHS have issued a Joint Cybersecurity Advisory on the threat posed by the Russian Foreign Intelligence Service (SVR) via the cyber actor known as APT 29 (aka the Dukes, Cozy Bear, Yttrium and CozyDuke) hxxps://lnkd[.]in/g3bf3K4
Have any other TAs been linked with this “Cosmic Lynx” group?singe – Twitter – Apr 27 2021 17:42Have any other TAs been linked with this “Cosmic Lynx” group?
Patched Exchange to head off Hafnium? You might only be halfway to safetyThe Register – Apr 27 2021 07:14Office 365 shop? You may be exposed too. Here’s why – according to Sophos Promo If you’re running Microsoft Exchange anywhere in your organisation and you’re not extremely concerned about the threat from Hafnium, you haven’t been paying attention this…
Nice try, Lazarus Group. hxxps://twitter[.]com/vxunderground/status/1387227445166739468/photo/1vxunderground – Twitter – Apr 28 2021 02:09Nice try, Lazarus Group. hxxps://twitter[.]com/vxunderground/status/1387227445166739468/photo/1
Malware
Washington DC police force confirms data breach after ransomware upstart Babuk posts trophies to Tor blogThe Register – Apr 27 2021 12:33Newish criminal gang 'trying to make a name for themselves' Ransomware criminals have posted trophy pictures on their Tor blog after attacking the police force for US capital Washington DC. The Metropolitan Police Department said it was "aware of…
Ransomware: don’t expect a full recovery, however much you payNaked Security – Sophos – Apr 27 2021 13:00Turns out the ransomware crooks aren't that good at keeping their promises…
The Babuk group has given the police three days to pay-up before it shares the data with local gangs >> hxxps://bit[.]ly/32V8QpLInfosecurityMag – Twitter – Apr 27 2021 17:45The Babuk group has given the police three days to pay-up before it shares the data with local gangs >> hxxps://bit[.]ly/32V8QpL
Ransomware Recovery Costs Near $2MDark Reading: – Apr 27 2021 18:35The cost of recovering from a ransomware attack has more than doubled in one year, Sophos researchers report.
Vulnerabilities
CVE-2021-30642 An input validation flaw in the Symantec Security Analytics web UI 7.2 prior 7.2.7, 8.1, prior to 8.1.3-NSR3, 8.2, prior to 8.2.1-NSR2 or 8.2.2 allows a remote, unauthenticated attacker to execute arbitrary OS commands on the target with … hxxps://cve[.]mitre[.]org/cgi-bin/cvename.cgi?name=CVE-2021-30642CVEnew – Twitter – Apr 27 2021 15:45CVE-2021-30642 An input validation flaw in the Symantec Security Analytics web UI 7.2 prior 7.2.7, 8.1, prior to 8.1.3-NSR3, 8.2, prior to 8.2.1-NSR2 or 8.2.2 allows a remote, unauthenticated attacker to execute arbitrary OS commands on the target…
Apple’s AirDrop Comes with a Security FlawE Hacking News – Apr 27 2021 08:13Due to its intriguing features, the much-hyped announcement of AirDrop at the Apple event drew a lot of attention. However, it has recently been discovered that AirDrop has a security loophole that allows users to see personal information such as…
RT @DecipherSec: Apple Patches MacOS Flaw Exploited By Shlayer Malware hxxps://decipher[.]sc/apple-fixes-macos-flaw-under-attack-by-shlayer-malware #decipher #deciphersecpatrickwardle – Twitter – Apr 27 2021 19:08RT @DecipherSec: Apple Patches MacOS Flaw Exploited By Shlayer Malware hxxps://decipher[.]sc/apple-fixes-macos-flaw-under-attack-by-shlayer-malware #decipher #deciphersec
Hackers Exploit 0-Day Gatekeeper Flaw to Attack MacOS ComputersTHN : The Hacker News – Apr 27 2021 10:29Security is only as strong as the weakest link. As further proof of this, Apple released an update to macOS operating systems to address an actively exploited zero-day vulnerability that could circumvent all security protections, thus permitting…
Ongoing Campaigns
APT trends report Q1 2021Kaspersky Lab – Apr 27 2021 10:00
Forget Ransomware, Microsoft Says Cryptojacking Is Our Biggest ThreatDataBreaches.net – Apr 27 2021 11:53Simon Batt reports: For a while, ransomware attacks were a hacker’s and scammer’s favorite tool for extracting money from their victims. Now, Microsoft reports that ransomware has now fallen out of favor in place of another kind of…
CISA, NIST published an advisory on supply chain attacksSecurity Affairs – Apr 27 2021 15:33CISA and NIST published a report on software supply chain attacks that shed light on the associated risks and provide instructions on how to mitigate them. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the National Institute…
Anomali Cyber Watch:  HabitsRAT Targeting Linux and Windows Servers, Lazarus Group Targetting South Korean Orgs, Multiple Zero-Days and MoreThreatStream Blog – Apr 27 2021 17:24The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Android Malware, RATs, Phishing, QLocker Ransomware and Vulnerabilities. The IOCs related to these stories are…

Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.

Silobreaker's Daily Cyber Alert

Sign up for the latest news on data breaches, hacker groups, malware and vulnerabilities.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal