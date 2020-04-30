Cyber Alert – 30 April 2020
|Heat – Trending Malware and Threat Actors
|Name
|Heat 1
|Heat 7
|Vol 1
|Vol 7
|PhantomLance
|4
|21
|Shade Ransomware
|3
|22
|Robbinhood Ransomware
|2
|2
|Mailto Ransomware
|2
|2
|Bloodhound Malware
|1
|1
|Aurora Ransomware
|1
|1
|MRAT Mobile Remote Access Trojan
|1
|1
|Skipper malware
|1
|2
|Mabna Institute
|1
|1
|Cobalt Dickens
|1
|1
|Data Breaches
|ProtonMail-run website boasting ‘complete guide’ to GDPR left credential-baring .git repo exposed online
|The Register – Apr 29 2020 09:10
|Ooo, double irony! An EU-sponsored GDPR advice website run by Proton Technologies had a vulnerability that let anyone clone it and extract a MySQL database username and password. The vulnerability in question allowed the entire contents of the…
|Estonia: Foreign hackers breached local email provider for targeted attacks
|ZDNet Security – Apr 29 2020 13:13
|Hackers hijacked a small number of Mail.ee accounts "belonging to persons of interest to a foreign country."
|Warwick University was hacked and kept breach secret from students and staff
|Seclists.org – Data Loss – Apr 29 2020 14:30
|Posted by Destry Winant on Apr 29…
|Nintendo Breach Affects 160,000 User Accounts
|Seclists.org – Data Loss – Apr 29 2020 14:31
|Posted by Destry Winant on Apr 29 https://www.infosecurity-magazine.com/news/nintendo-breach-affects-160000/ Nintendo has begun restricting log-ins and resetting affected passwords after admitting that as many as 160,000 accounts may have been…
|Hacker Groups
|“PhantomLance” Has Infiltrated the Google Play Store More Than Once
|TechNadu – Apr 29 2020 09:18
|PhantomLance has infected Google Play Store users in at least three separate incidents. The latest campaign entered the official Android market last November and used a system cleaner application. The actors behind seem to be the OceanLotus/APT32, and…
|Malware
|I can’t find the malware even though there was a profile
|MalwareTips.com – Apr 29 2020 14:00
|Hi! I removed a profile from the system preference as suggested here. But my browser keeps redirecting all my safari and chrome searches to in.search.yahoo.com (safe finder). I can’t seem to find any malware in the finder > application. I really…
|Vulnerabilities
|Critical GitLab Flaw Earns Bounty Hunter $20K
|Threatpost.com – Apr 29 2020 16:39
|A GitLab path traversal flaw could allow attackers to read arbitrary files and remotely execute code.
|USN-4341-2: Samba vulnerability
|Ubuntu Security Notices – Apr 29 2020 16:38
|samba vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Summary Samba could be made to consume resources if it received a specially crafted LDAP query. Software Description samba – SMB/CIFS…
|Flaw in defunct WordPress plugin exploited to create backdoor
|Naked Security – Sophos – Apr 29 2020 11:27
|A vulnerability in the defunct OneTone WordPress theme plugin is being exploited to compromise entire sites while installing backdoor admin accounts.
|Adobe fixes critical flaws in Magento, Adobe Illustrator and Bridge
|Help Net Security – News – Apr 29 2020 09:12
|Adobe has pushed out security updates fixing critical flaws in Magento Commerce, Open Source Enterprise and Community editions, Adobe Illustrator 2020 for Windows, and Adobe Bridge for Windows. Magento security update According to the security…
|Ongoing Campaigns
