Threat Reports

Cyber Alert – 30 June 2020

This alert was created automatically by our award-winning intelligence product Silobreaker Online. Story selection is determined by an algorithm and based on a set of queries initially set by a Silobreaker user. Contact productinfo[at]silobreaker[dot]com for more information.

Heat – Trending Malware and Threat Actors
Name Heat 1 Heat 7 Vol 1 Vol 7
WastedLocker 15 66
Magecart Group 13 27
Mailto Ransomware 11 16
Infraud Organization 4 8
GoldenSpy 5 33
Evil Corp 5 40
Ransom X 3 5
NEPHILIM Ransomware 3 4
Fxmsp 4 35
CryptoCore Group 3 20
Data Breaches
Voice recordings from domestic violence alerting app exposed on the internet
Security Bloggers NetworkJun 29 2020 13:29
One the face of it, it…
Data belonging to 1M students exposed by online study service OneClass
SiliconANGLEJun 30 2020 03:06
Data belonging to more than one million students in the U.S. and Canada who are users of online study service OneClass have been found exposed online in the latest case of cloud database misconfiguration. Discovered by security researchers at…
InfoSecHotSpot – Email Error Leads to Exposed PHI of 11,500 Patients https://t.co/GpC3liCeTG
InfoSecHotSpot – TwitterJun 29 2020 23:28
Email Error Leads to Exposed PHI of 11,500 Patients https://bit.ly/2NG6ymK
HackRead – @taxiroute Hi, sorry for the delay. It can be connected since Natura didn’t seem interested in securing another dat… https://t.co/gIirMTZCSZ
HackRead – TwitterJun 29 2020 11:50
@taxiroute Hi, sorry for the delay. It can be connected since Natura didn't seem interested in securing another database that was exposed at that time.
Hacker Groups
Fxmsp Hackers Behind AV Source Code Heist: Still Operating?
Bank Info SecurityJun 29 2020 17:43
Remote-Access Vendor Promised to Make Buyers 'Invisible God of Networks' Mathew J. Schwartz (euroinfosec) • June 29, 2020 Note: Map doesn't include five international firms, or eight firms for which Fxmsp listed no location. (Source: Group-IB) Is the…
TalosSecurity – The PROMETHIUM threat actor is still going strong despite being exposed multiple times, and now has a new version o… https://t.co/gABMahRKYA
TalosSecurity – TwitterJun 29 2020 18:46
The PROMETHIUM threat actor is still going strong despite being exposed multiple times, and now has a new version of the StrongPity malware out http://cs.co/6019GPHNN https://twitter.com/TalosSecurity/status/1277674921821380613/photo/1
Infraud Organisation ringleader pleas guilty before U.S. court
Teiss – RSSJun 29 2020 19:17
33-year-old Russian national Sergey Medvedev had pleaded guilty before the U.S. District Court of Nevada for running Infraud Organisation, an Internet-based cybercriminal enterprise that was set up in 2010 and cost businesses and individuals more…
Hacking Timeline: Fxmsp’s Rise and Apparent Fall
InfoRiskToday.co.ukJun 29 2020 18:08
Group Refined Network Intrusions and Malware to Build a Better Botnet, Experts Say Mathew J. Schwartz (euroinfosec) • June 29, 2020 Twitter Facebook LinkedIn Get Permission Fxmsp appeared to enjoy steady business until April 2019, when it posted…
Malware
Tens of U.S. Businesses Targeted With WastedLocker Ransomware
SecurityWeek RSS FeedJun 29 2020 12:34
At least 31 organizations in the United States have been targeted with the recently detailed WastedLocker ransomware, Symantec…
PonyFinal: The new data-stealing ransomware
MediaCenter Panda SecurityJun 29 2020 13:15
Sneaky Glupteba Malware Creates Backdoor In Windows PCs
CERT-EU VulnerabilitiesApplicationsJun 29 2020 18:52
According to the researchers, Glupteba is a distinct malware given its stealth properties. Specifically, this sneaky property resides in the malware dropper which remains under the radar. This malware dropper then downloads and executes payloads that…
thinksnews – Tens of U.S. Businesses Targeted With WastedLocker Ransomware https://t.co/o5Yp8HNhKB
thinksnews – TwitterJun 29 2020 20:17
Tens of U.S. Businesses Targeted With WastedLocker Ransomware http://dlvr.it/RZcWlQ
Vulnerabilities
NA – CVE-2018-6446 – A vulnerability in Brocade Network Advisor…
CERT-EU VulnerabilitiesApplicationsJun 29 2020 22:45
A vulnerability in Brocade Network Advisor Version Before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE…
bad_packets – If CVE-2019-11510 and CVE-2019-19781 have taught us anything, you should patch CVE-2020-2021 (https://t.co/8gqTHH7RVy) ASAP.
bad_packets – TwitterJun 29 2020 16:55
If CVE-2019-11510 and CVE-2019-19781 have taught us anything, you should patch CVE-2020-2021 (https://security.paloaltonetworks.com/CVE-2020-2021) ASAP.
securityaffairs – #PaloAltoNetworks fixes a critical flaw in #firewall PAN-OS
https://t.co/AxaUiF8AoA
#securityaffairs #hacking
securityaffairs – TwitterJun 30 2020 05:36
#PaloAltoNetworks fixes a critical flaw in #firewall PAN-OS

Palo Alto Networks fixes a critical flaw in firewall PAN-OS


#securityaffairs #hacking

Palo Alto Networks fixes a critical flaw in firewall PAN-OS
Security AffairsJun 30 2020 05:34
Palo Alto Networks addressed a critical flaw in the PAN-OS of its next-generation firewalls that could allow attackers to bypass authentication. Palo Alto Networks addressed a critical vulnerability, tracked as …
Ongoing Campaigns
Nefilim Gang Leveraged Citrix Gateway Exploit
CywareJun 29 2020 06:55
Several threat actors have been targeting organizations that are not using multifactor authentication as an extra layer of security, or those that have an unpatched remote access system. Recently, Nefilim Gang was seen targeting victims by targeting…
Docker Servers Infected With DDoS Malware – XORDDoS, Kaiji Variants
CywareJun 29 2020 06:55
Threat actors are constantly upgrading their malware with new capabilities to gain an edge over existing security software. Something similar was seen with a recently identified DDoS malware campaign. What happened In June, Trend Micro researchers…
Magecart Hackers Target U.S. Cities Using Click2Gov
Security WeekJun 29 2020 17:17
Magecart web skimmers were found on the websites of eight cities in the United States and one thing they have in common is that they all use the Click2Gov platform, Trend Micro reports. Designed for community engagement, reporting of issues, and…
Eight cities using Click2Gov targeted in Magecart skimming attacks
SC Magazine USJun 29 2020 23:35
Since April 10, eight cities in three states using the Click2Gov web-based platform to collect payments for services have been hit with Magecart card-skimming attacks that still appear active. Credit card information including card number, expiration…

Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.

More News

  • COVID-19 Alert – 08 July 2020

    Silobreaker's Daily COVID-19 Alert for 08 July 2020
  • Cyber Alert – 08 July 2020

    Cyber Alert: Exposed dating service databases leak sensitive info on romance-seekers...
  • COVID-19 Alert – 07 July 2020

    Silobreaker's Daily COVID-19 Alert for 07 July 2020
View all News

Request a demo

Get in touch