30 November 2020

This alert was created automatically by our award-winning intelligence product Silobreaker Online. Story selection is determined by an algorithm and based on a set of queries initially set by a Silobreaker user. Contact us here for more information.

Heat – Trending Malware and Threat Actors
Name Heat 1 Heat 7 Vol 1 Vol 7
DoppelPaymer Ransomware 4 14
Bandook RAT 1 1
CursedGrabber 1 2
Stantinko Malware 1 4
Dark Caracal APT 1 7
VandaTheGod 2 11
WAPDropper 1 21
Conti Ransomware 1 5
APT10 1 4
Ragnar Locker 1 12
Data Breaches
ForbesTech – Warning: Banned Baidu apps exposed ‘sensitive’ data on up to 1.4 billion Android phones https://t.co/nsxc8MEGQF by @iblametomForbesTech – Twitter – Nov 29 2020 08:59Warning: Banned Baidu apps exposed 'sensitive' data on up to 1.4 billion Android phones http://on.forbes.com/6015HygSc by @iblametom
Bank_Security – Large Colombian Bank 🇨🇴 publicly exposed thousands of Credit Card numbers and Card holders details by mistake.

Tha… https://t.co/2jiJi2XRSHBank_Security – Twitter – Nov 29 2020 13:54Large Colombian Bank 🇨🇴 publicly exposed thousands of Credit Card numbers and Card holders details by mistake.

Thanks to @MayhemDayOne, the Bank solved the issue shutting down the page during last days….

Securityblog – RT @Bank_Security: Large Colombian Bank 🇨🇴 publicly exposed thousands of Credit Card numbers and Card holders details by mistake.

Thanks t…Securityblog – Twitter – Nov 29 2020 17:00RT @Bank_Security: Large Colombian Bank 🇨🇴 publicly exposed thousands of Credit Card numbers and Card holders details by mistake.

Thanks to @MayhemDayOne, the Bank solved the issue shutting down the page during last days….

securityaffairs – RT @Bank_Security: Large Colombian Bank 🇨🇴 publicly exposed thousands of Credit Card numbers and Card holders details by mistake.

Thanks t…securityaffairs – Twitter – Nov 29 2020 14:08RT @Bank_Security: Large Colombian Bank 🇨🇴 publicly exposed thousands of Credit Card numbers and Card holders details by mistake.

Thanks to @MayhemDayOne, the Bank solved the issue shutting down the page during last days….

Hacker Groups
Operators behind Dark Caracal are still alive and operationalTerabitWeb Blog – RSS – Nov 29 2020 10:40Original Post from Security Affairs Author: Pierluigi Paganini The Dark Caracal APT group has carried…
Lotsy Evolution. Group-IB warns of new scam using branded surveysGroup-IB – Nov 30 2020 03:16Group-IB, a global threat hunting and intelligence company headquartered in Singapore, has discovered a new wave of multi-stage Lotsy scams involving the use of more than 90 famous brands such as KitchenAid, KFC, IKEA, Golden Village, and many…
Why DeFi Flash Loan Attacks Will Keep Happening: Chainlink CEOCryptoPanic – Nov 29 2020 18:35Sergey Nazarov told Decrypt that hackers will continue to target DeFi protocols unless they reconsider the way they get data.
anon_indonesia – The Anonymous Indonesia News Daily is out! https://t.co/ajXIul2JaZanon_indonesia – Twitter – Nov 30 2020 03:14The Anonymous Indonesia News Daily is out! https://paper.li/anon_indonesia/1435572762?edition_id=32572590-32ba-11eb-96dc-002590a5ba2d
Malware
Pennsylvania county pays 500K ransom to DoppelPaymer ransomwareBleepingComputer.com – Nov 29 2020 19:21Delaware County, Pennsylvania has paid a $500,000 ransom after their systems were hit by the DoppelPaymer ransomware last weekend. […]
DopplePaymer ransomware targets Big Brother producer Endemol ShineSiliconANGLE – Nov 30 2020 02:02Endemol Shine, the global production company behind television shows such as Big Brother, MasterChef and The Voice among others has been struck by a DopplePaymer ransomware attack with sensitive information stolen. The attack was confirmed Nov. 26 by…
Pandemic thinking: What if there were a vaccine for OT ransomware?Help Net Security – News – Nov 30 2020 05:00The year 2020 has been defined globally by the COVID-19 pandemic. One of few silver linings for this difficult set of circumstances is innovation – redesigning normal processes so that life can carry on with some degree of regularity and…
Dinosn – Pennsylvania county pays 500K ransom to DoppelPaymer ransomware https://t.co/G64NFUAiSrDinosn – Twitter – Nov 30 2020 06:03Pennsylvania county pays 500K ransom to DoppelPaymer ransomware https://www.bleepingcomputer.com/news/security/pennsylvania-county-pays-500k-ransom-to-doppelpaymer-ransomware/
Vulnerabilities
How I found a Tor vulnerability in Brave Browser, reported it, watched it get patched, got a CVE (CVE-2020-8276) and a small bountyMalwareTips.com – Nov 29 2020 15:15Recently, I discovered a small but potentially devastating vulnerability in the new Tor feature of the Brave browser. As of November 2nd 2020, Brave monthly users 28 have massively… Click to expand……
A critical flaw in industrial automation systems opens to remote hackSecurity Affairs – Nov 29 2020 15:41Experts found a critical flaw in Real-Time Automation’s (RTA) 499ES EtherNet/IP stack that could allow hacking industrial control systems. Tracked as CVE-2020-25159, the flaw is rated 9.8 out of 10 in severity by the…
A Bluetooth revamp touted to fix Australia’s COVIDSafe app connectivity flawsZDNet Security – Nov 29 2020 23:39The federal government is claiming 'excellent' performance across all devices.
cybersecboardrm – VMware sounds alarm over zero-day flaws in multiple products #CloudComputing #ux https://t.co/up2TV8JTtgcybersecboardrm – Twitter – Nov 30 2020 03:47VMware sounds alarm over zero-day flaws in multiple products #CloudComputing #ux https://www.cloudpro.co.uk/it-infrastructure/security/8849/vmware-sounds-alarm-over-zero-day-flaws-in-multiple-products
Ongoing Campaigns
Crooks stole 800,000€ from ATMs in Italy with Black Box attackSecurity Affairs – Nov 29 2020 22:54A cyber criminal organization has stolen money from at least 35 Italian ATMs with a black box attack technique. A criminal organization has stolen money from at least 35 ATMs and Post Office cash dispensers operated by Italian banks with a new …
Testing for Directory or Path Traversal VulnerabilitiesInfoSec Bug Bounty Write-ups – RSS – Nov 29 2020 11:06In this article, we’ll be discussing, how to perform Directory Traversal or Path Traversal attacks, aka “dot-dot-slash”, “directory climbing” and “backtracking”. What is Path Traversal Vulnerability?In Simple…
MITM WiFi attacks using Open NetworksInfoSec Bug Bounty Write-ups – RSS – Nov 29 2020 14:33
Security Affairs newsletter Round 291Security Affairs – Nov 29 2020 14:05A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box….

Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.

Silobreaker Daily Cyber Alert

Sign up for the latest news on data breaches, hacker groups, malware and vulnerabilities.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal