30 May 2021

This alert was created automatically by our award-winning intelligence product Silobreaker Online. Story selection is determined by an algorithm and based on a set of queries initially set by a Silobreaker user. Contact us here for more information.

Heat – Trending Malware and Threat Actors
Name Heat 1 Heat 7 Vol 1 Vol 7
APT29 7 33
Facefish Rootkit 2 17
Read The Manual Bot 1 1
BANLOAD Trojan 1 1
Quoter Ransomware 1 1
NativeZone 1 13
AgentTesla Keylogger 1 3
QakBot 1 4
UNC2452 2 60
EMOTET Trojan 1 12
Data Breaches
This is interesting… could this all have really been from a password reuse on Constant Contact from a breached site?

Cracking breached password hashes and trying associated passwords from other breached sites are attacks that scale and work exceedingly well…dinodaizovi – Twitter – May 29 2021 19:01This is interesting… could this all have really been from a password reuse on Constant Contact from a breached site?

Cracking breached password hashes and trying associated passwords from other breached sites are attacks that scale and work…

Ransomware forced Bose systems offline, exposed personal data of 6 former employees

hxxps://www[.]cyberscoop[.]com/bose-ransomware-hack-letter/ hxxps://twitter[.]com/CyberScoopNews/status/1398761582885232641/photo/1CyberScoopNews – Twitter – May 29 2021 22:02Ransomware forced Bose systems offline, exposed personal data of 6 former employees

hxxps://www[.]cyberscoop[.]com/bose-ransomware-hack-letter/ hxxps://twitter[.]com/CyberScoopNews/status/1398761582885232641/photo/1

Data leakage incidents are making daily headlines. Should you worry?

Start with the basics. Check our our guide to understand what a #DataBreach is, how to prevent it from happening and what protections to implement ➡ hxxps://okt[.]to/9FuMbS hxxps://twitter[.]com/Imperva/status/1398754785071935495/photo/1Imperva – Twitter – May 29 2021 21:35Data leakage incidents are making daily headlines. Should you worry?

Start with the basics. Check our our guide to understand what a #DataBreach is, how to prevent it from happening and what protections to implement ➡ hxxps://okt[.]to/9FuMbS…

UMD-Baltimore updates Accellion breach notification after finding PII and PHI involvedOffice of Inadequate Security – May 29 2021 11:51On April 1, DataBreaches[.]net reported that the University of Maryland, Baltimore was one of the educational entities…
Hacker Groups
The Anonymous Indonesia News Daily is out! hxxps://paper[.]li/anon_indonesia/1435572762?edition_id=74293430-c0f5-11eb-ae66-fa163e6ccaffanon_indonesia – Twitter – May 30 2021 03:16The Anonymous Indonesia News Daily is out! hxxps://paper[.]li/anon_indonesia/1435572762?edition_id=74293430-c0f5-11eb-ae66-fa163e6ccaff
Breaking down NOBELIUM’s latest early-stage toolset – Microsoft SecurityReddit – BlueTeamSec – RSS – May 29 2021 07:56submitted by /u/darronofsky [link]…
RT @MsftSecIntel: Microsoft continues to monitor the active email-based attack from NOBELIUM. In a new blog post, we highlight four tools representing a unique infection chain utilized by NOBELIUM: EnvyScout, BoomBox, NativeZone, and VaporRage. hxxps://msft[.]it/6010VNMOpbartblaze – Twitter – May 29 2021 10:47RT @MsftSecIntel: Microsoft continues to monitor the active email-based attack from NOBELIUM. In a new blog post, we highlight four tools representing a unique infection chain utilized by NOBELIUM: EnvyScout, BoomBox, NativeZone, and VaporRage….
Malware
Qakbot marches oncurtw – Twitter – May 29 2021 16:28Qakbot marches on
The smallest ransom amount we seen someone paid to REvil ransomware gang this year was ~$500 worth XMR.malwrhunterteam – Twitter – May 29 2021 17:27The smallest ransom amount we seen someone paid to REvil ransomware gang this year was ~$500 worth XMR.
RT @malwrhunterteam: “Prometheus – group of REvil”
After going for at least a bit more than a month already it seems, still not a single mention about this ransomware group…
🤔
cc @VK_Intel @demonslay335 hxxps://twitter[.]com/malwrhunterteam/status/1387159591264346113/photo/1
JAMESWT_MHT – Twitter – May 29 2021 10:36RT @malwrhunterteam: "Prometheus – group of REvil"
After going for at least a bit more than a month already it seems, still not a single mention about this ransomware group…
🤔
cc @VK_Intel @demonslay335…
Threat spotlight: Conti, the ransomware used in the HSE healthcare attack – Malwarebytes Labs | Malwarebytes Labs hxxps://blog[.]malwarebytes[.]com/threat-spotlight/2021/05/threat-spotlight-conti-the-ransomware-used-in-the-hse-healthcare-attack/Securityblog – Twitter – May 29 2021 17:38Threat spotlight: Conti, the ransomware used in the HSE healthcare attack – Malwarebytes Labs | Malwarebytes Labs hxxps://blog[.]malwarebytes[.]com/threat-spotlight/2021/05/threat-spotlight-conti-the-ransomware-used-in-the-hse-healthcare-attack/
Vulnerabilities
CVE-2021-33564 An argument injection vulnerability in the Dragonfly gem before 1.4.0 for Ruby allows remote attackers to read and write to arbitrary files via a crafted URL when the verify_url option is disabled. This may lead to code execution. The pro… hxxps://cve[.]mitre[.]org/cgi-bin/cvename.cgi?name=CVE-2021-33564CVEnew – Twitter – May 29 2021 14:45CVE-2021-33564 An argument injection vulnerability in the Dragonfly gem before 1.4.0 for Ruby allows remote attackers to read and write to arbitrary files via a crafted URL when the verify_url option is disabled. This may lead to code execution. The…
Siemens Patches Major PLC Flaw that Bypasses Its … hxxps://www[.]darkreading[.]com/physical-security/siemens-patches-major-plc-flaw-that-bypasses-its-sandbox-protection/d/d-id/1341161Securityblog – Twitter – May 29 2021 17:35Siemens Patches Major PLC Flaw that Bypasses Its … hxxps://www[.]darkreading[.]com/physical-security/siemens-patches-major-plc-flaw-that-bypasses-its-sandbox-protection/d/d-id/1341161
CVE-2021-31703 Frontier ichris through 5.18 allows users to upload malicious executable files that might later be downloaded and run by any client user. hxxps://cve[.]mitre[.]org/cgi-bin/cvename.cgi?name=CVE-2021-31703CVEnew – Twitter – May 29 2021 14:45CVE-2021-31703 Frontier ichris through 5.18 allows users to upload malicious executable files that might later be downloaded and run by any client user. hxxps://cve[.]mitre[.]org/cgi-bin/cvename.cgi?name=CVE-2021-31703
CVE-2021-30461 A remote code execution issue was discovered in the web UI of VoIPmonitor before 24.61. When the recheck option is used, the user-supplied SPOOLDIR value (which might contain PHP code) is injected into config/configuration[.]php. hxxps://cve[.]mitre[.]org/cgi-bin/cvename.cgi?name=CVE-2021-30461CVEnew – Twitter – May 29 2021 13:45CVE-2021-30461 A remote code execution issue was discovered in the web UI of VoIPmonitor before 24.61. When the recheck option is used, the user-supplied SPOOLDIR value (which might contain PHP code) is injected into config/configuration[.]php….
Ongoing Campaigns
Mexican Lottery Blocks Access to Foreign IPs Following Avaddon Ransomware AttackTechNadu – May 29 2021 09:03Avaddon hit the Mexican state lottery agency and is already leaking sensitive documents on the site. The government responded by blocking access to all foreign IP addresses, hoping to defend against subsequent DDoS attacks. As it seems to be the case,…
GitHub – YiZeng623/frequency-backdoor: We find most existing triggers of backdoor attacks in deep learning contain severe artifacts in the frequency domain. This Repo. explores how we can use these artifacts to develop stronger backdoor defenses and attack hxxps://github[.]com/YiZeng623/frequency-backdoorSecurityblog – Twitter – May 29 2021 17:43GitHub – YiZeng623/frequency-backdoor: We find most existing triggers of backdoor attacks in deep learning contain severe artifacts in the frequency domain. This Repo. explores how we can use these artifacts to develop stronger backdoor defenses and…
Beware: Walmart phishing attack says your package was not deliveredBleepingComputer.com – May 29 2021 18:41A Walmart phishing campaign is underway that attempts to steal your personal information and verifies your email for further phishing attacks. […]

Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.

Silobreaker Daily Cyber Alert

Sign up for the latest news on data breaches, hacker groups, malware and vulnerabilities.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal