30 April 2021

This alert was created automatically by our award-winning intelligence product Silobreaker Online. Story selection is determined by an algorithm and based on a set of queries initially set by a Silobreaker user. Contact us here for more information.

Heat – Trending Malware and Threat Actors
Name Heat 1 Heat 7 Vol 1 Vol 7
RotaJakiro 19 25
SombRAT 9 9
APT27 10 11
Nebulae Backdoor 9 21
APT30 8 11
RainyDay Backdoor 8 11
Babuk Locker 15 65
FluBot Android Banking Trojan 10 39
DarkSide Ransomware 8 16
AgeLocker Ransomware 6 6
Data Breaches
‘Paleohacks’ Has Exposed the PII of 70,000 of Its CustomersTechNadu – Apr 29 2021 13:18‘Paleohacks’ has had a lengthy data leak via an unprotected Amazon AWS S3 bucket. The firm doesn’t care and hasn’t fixed the problem even after three months since its report. The exposed data includes names, email and IP addresses, locations, profile…
Student researcher discovered Experian API flaw that exposed credit scores of “most Americans”IT Security Guru – Apr 29 2021 08:04He fears the same weakness may affect other lending websites that work with the credit bureau Credit bureau Experian  just fixed a weakness with a partner website that let anyone look up the credit score of tens of millions of Americans just by…
RT @privacygoods: Experian API Exposed Credit Scores of Most Americans hxxps://www[.]reddit[.]com/r/InfoSecNews/comments/n10yft/experian_api_exposed_credit_scores_of_most/kfalconspb – Twitter – Apr 29 2021 10:26RT @privacygoods: Experian API Exposed Credit Scores of Most Americans hxxps://www[.]reddit[.]com/r/InfoSecNews/comments/n10yft/experian_api_exposed_credit_scores_of_most/
“…the rapid growth of cloud-based data storage has exposed weaknesses in processes that leave data available to anyone” – @pjnorris via @ITPro

#databreach #infosec #cybersecurity
hxxps://www[.]itpro[.]co[.]uk/policy-legislation/data-protection/359350/millions-of-reverb-users-data-exposed-on-an-unsecured
TripwireInc – Twitter – Apr 29 2021 12:00"…the rapid growth of cloud-based data storage has exposed weaknesses in processes that leave data available to anyone" – @pjnorris via @ITPro

#databreach #infosec…

Hacker Groups
LuckyMouse Hackers Target Banks, Companies and Governments in 2020THN : The Hacker News – Apr 29 2021 14:46An adversary known for its watering hole attacks against government entities has been linked to a slew of newly detected intrusions targeting various organizations in Central Asia and the Middle East. The malicious activity, collectively named…
Water Pamola Attacked Online Shops Via Malicious OrdersReddit – BlueTeamSec – RSS – Apr 29 2021 14:02submitted by /u/digicat [link]…
The Far-Right and QAnon Aren’t Going Anywhere During Biden’s Term: StudyVICE – Apr 29 2021 17:00The extremists who grew and festered during Donald Trump’s time in power aren’t going anywhere, a new report says, and some, like QAnon, may become even more dangerous. The report, from the International Centre for the Study of Radicalisation and…
RT @LindseyOD123: The Water Pamola attack initially targeted online shops in Japan, Australia and European countries using spam emails with malicious attachments – but @TrendMicro researchers say attackers have swapped up their initial infection vector. @TrendMicroRSRCH
hxxps://duo[.]com/decipher/attackers-swap-up-tactics-in-delivering-malware-to-online-shops
DennisF – Twitter – Apr 29 2021 19:21RT @LindseyOD123: The Water Pamola attack initially targeted online shops in Japan, Australia and European countries using spam emails with malicious attachments – but @TrendMicro researchers say attackers have swapped up their initial infection…
Malware
Malware Analysis: Ragnarok RansomwareReverse Engineering – Apr 29 2021 15:44submitted by /u/Void_Sec [link]…
Ransomware gang Babuk claims DC’s Metropolitan Police was last caper – then goes darkSC Magazine US – Apr 29 2021 20:44Babuk – the allegedly Russian-speaking ransomware gang targeting D.C.’s Metropolitan Police Department – posted on the dark web a message that it was shutting down, only to reverse course and pull the message from the site. (Alex Smith/CC0 1.0) Babuk –…
Stealthy RotaJakiro backdoor malware targeting Linux for 3 yearsHackRead – Apr 29 2021 16:52New RotaJakiro Stealthy Linux Malware With System Backdoor Capabilities Went Unnoticed for 3 Years. Qihoo 360’s Network Security Research Lab, aka 360 NetLab, the research team has discovered a new Linux malware with outstanding backdoor capabilities…
Malware: Europe is catching FluBot spyware, despite police busting suspected malware operators
hxxps://bit[.]ly/3vz3ehj by @DougOlenick hxxps://twitter[.]com/DataBreachToday/status/1387763851425292289/photo/1
DataBreachToday – Twitter – Apr 29 2021 13:41Malware: Europe is catching FluBot spyware, despite police busting suspected malware operators
hxxps://bit[.]ly/3vz3ehj by @DougOlenick hxxps://twitter[.]com/DataBreachToday/status/1387763851425292289/photo/1
Vulnerabilities
Re: ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216)Open Source Security – Apr 29 2021 10:53Posted by Ariadne Conill on Apr 29 Hello, These directories only have patches for CVE-2021-25214 and CVE-2021-25215. A patch for CVE-2021-25216 appears to be missing. In some supported branches of Alpine, we erroneously followed a development…
Experian API Flaw Raises QuestionsBankInfoSecurity – Apr 29 2021 22:11Cybersecurity Experts Call for Systemic Improvements Some security experts are questioning whether Experian is doing enough to ensure security after a researcher discovered that an API the credit reporting firm uses to allow lenders to check the…
CVE-2021-31437 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or o… hxxps://cve[.]mitre[.]org/cgi-bin/cvename.cgi?name=CVE-2021-31437CVEnew – Twitter – Apr 29 2021 17:45CVE-2021-31437 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must visit a malicious page…
CVE-2021-31434 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or o… hxxps://cve[.]mitre[.]org/cgi-bin/cvename.cgi?name=CVE-2021-31434CVEnew – Twitter – Apr 29 2021 17:45CVE-2021-31434 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must visit a malicious page…
Ongoing Campaigns
Russian Hackers Actively Targeting the U.S. and Other OrganizationsCyware – Apr 29 2021 20:28The FBI, DHS, and CISA have now warned about ongoing attacks coordinated by the Russian Foreign Intelligence Service (SVR) or APT29 against U.S. and foreign organizations. Moreover, the SVR had a connection with the recent SolarWinds Orion supply…
Chinese Hackers Attacking Military Organizations With New BackdoorTHN : The Hacker News – Apr 29 2021 10:19Cybersecurity researchers on Wednesday exposed a new cyberespionage campaign targeting military organizations in Southeast Asia. Attributing the attacks to a threat actor dubbed "Naikon APT," cybersecurity firm Bitdefender laid out the ever-changing…
Researchers uncover new cyberattack activities, collectively named “EmissarySoldier,” attributed to LuckyMouse, the APT #hacking group that’s well-known for its watering hole attacks against government entities.

Read details: hxxps://thehackernews[.]com/2021/04/luckymouse-hackers-target-banks.html?utm_source=social_share

#infosec #cybersecuritysecurity_wang – Twitter – Apr 29 2021 17:05Researchers uncover new cyberattack activities, collectively named "EmissarySoldier," attributed to LuckyMouse, the APT #hacking group that’s well-known for its watering hole attacks against government entities.

Read details:…

Researchers uncover new cyberattack activities, collectively named “EmissarySoldier,” attributed to LuckyMouse, the APT #hacking group that’s well-known for its watering hole attacks against government entities.

Read details: hxxps://thehackernews[.]com/2021/04/luckymouse-hackers-target-banks.html

#infosec #cybersecurityTheHackersNews – Twitter – Apr 29 2021 14:55Researchers uncover new cyberattack activities, collectively named "EmissarySoldier," attributed to LuckyMouse, the APT #hacking group that’s well-known for its watering hole attacks against government entities.

Read details:…

Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.

Silobreaker's Daily Cyber Alert

Sign up for the latest news on data breaches, hacker groups, malware and vulnerabilities.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal