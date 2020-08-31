Cyber Alert – 31 August 2020
This alert was created automatically by our award-winning intelligence product Silobreaker Online. Story selection is determined by an algorithm and based on a set of queries initially set by a Silobreaker user. Contact productinfo[at]silobreaker[dot]com for more information.
|Heat – Trending Malware and Threat Actors
|Name
|Heat 1
|Heat 7
|Vol 1
|Vol 7
|Lethic Trojan
|2
|2
|BlackPass
|2
|6
|Bluenoroff
|2
|8
|APT35
|2
|18
|QakBot
|4
|43
|Hakbit Ransomware
|1
|1
|BazarBackdoor
|1
|1
|Blind Eagle APT
|1
|1
|APT-C-23
|1
|1
|ARS VBS Loader
|1
|1
|Hacker Groups
|gh0std4ncer – RT @buffaloBuffal0: Nicely written and good effort all around, but honestly the analysis isn’t very sound here.
First and foremost: the Bla…
|gh0std4ncer – Twitter – Aug 30 2020 13:00
|RT @buffaloBuffal0: Nicely written and good effort all around, but honestly the analysis isn't very sound here.
First and foremost: the BlackPass actors aren't currently selling RDPs. They did in the beginning, but stopped offering them over a year…
|teamcymru – Group with numerous faces: chronicle of UltraRank’s deceptive JS-sniffer campaigns #infosec https://t.co/OcNqlfIkql https://t.co/PtWXiqMZaX
|teamcymru – Twitter – Aug 30 2020 23:27
|Group with numerous faces: chronicle of UltraRank’s deceptive JS-sniffer campaigns #infosec https://bit.ly/32wtj3r https://twitter.com/teamcymru/status/1300213469111873548/photo/1
|anon_indonesia – The Anonymous Indonesia News Daily is out! https://t.co/uzIyYfcJNU #jakpost
|anon_indonesia – Twitter – Aug 31 2020 03:14
|The Anonymous Indonesia News Daily is out! https://paper.li/anon_indonesia/1435572762?edition_id=2063f8a0-eb38-11ea-a341-002590a5ba2d #jakpost
|cyb3rops – RT @campuscodi: New RiskIQ report reveals that the REvil gang is sharing server infrastructure (it’s ransom payment portal) with BlackPass,…
|cyb3rops – Twitter – Aug 30 2020 07:02
|RT @campuscodi: New RiskIQ report reveals that the REvil gang is sharing server infrastructure (it's ransom payment portal) with BlackPass, an RDP shop
RiskIQ also floats the idea that REvil might be behind BlackPass… but not sure it's a strong…
|Malware
|Domain Wide Ransomware (NetWalker) in 1 Hour
|Reddit – Netsec – Aug 31 2020 00:32
|submitted by /u/TheDFIRReport [link] [comments]
|DataBreachToday – Ransomware: DarkSide debuts and script-kiddies tap Dharma as crypto-locking malware gets wielded by even more types… https://t.co/cRK7MevskH
|DataBreachToday – Twitter – Aug 30 2020 17:33
|Ransomware: DarkSide debuts and script-kiddies tap Dharma as crypto-locking malware gets wielded by even more types of extortionists
https://bit.ly/32nRmRY
|The Maze Cartel Grows Bigger, SunCrypt Joins the Family
|Cyware – Aug 30 2020 18:24
|The infamous Maze ransomware has been one of the most active malware in recent times. Besides targeting a large number of organizations, it has been actively working to expand its syndicate by forming new partnerships. What’s going on? A new…
|Already in the midst of a crisis, a Houston hospital was attacked by ransomware
|Office of Inadequate Security – Aug 30 2020 17:29
|It’s been a rough year for the U.S. in terms of COVID-19. And some areas have been hit worse than others. On August 1,…
|Vulnerabilities
|CVEnew – CVE-2020-14352 A flaw was found in librepo in versions before 1.12.1. A directory traversal vulnerability was found… https://t.co/k25lZcsXex
|CVEnew – Twitter – Aug 30 2020 15:45
|CVE-2020-14352 A flaw was found in librepo in versions before 1.12.1. A directory traversal vulnerability was found where it failed to sanitize paths in remote repository metadata. An attacker controlling a remote repository may be able to copy files…
|Securityblog – RT @PeytonGray__: found several new vulnerabilities RCE in Pulse Connect Secure (CVE-2020-8218) https://t.co/tELE8uaP1S
|Securityblog – Twitter – Aug 30 2020 07:45
|RT @PeytonGray__: found several new vulnerabilities RCE in Pulse Connect Secure (CVE-2020-8218) https://twitter.com/PeytonGray__/status/1299501041378099201/photo/1
|Securityblog – RT @starlabs_sg: Whew! Finally cleared the backlogs for Oracle
CVE-2020-2674: https://t.co/HYgbypiNo4
CVE-2020-2682: https://t.co/PGvxcIaB5…
|Securityblog – Twitter – Aug 30 2020 13:08
|RT @starlabs_sg: Whew! Finally cleared the backlogs for Oracle
CVE-2020-2674: https://starlabs.sg/advisories/20-2674/
CVE-2020-2682: https://starlabs.sg/advisories/20-2682/
CVE-2020-2575: https://starlabs.sg/advisories/20-2575/
CVE-2020-2748:…
|daveaitel – RT @starlabs_sg: Whew! Finally cleared the backlogs for Oracle
CVE-2020-2674: https://t.co/HYgbypiNo4
CVE-2020-2682: https://t.co/PGvxcIaB5…
|daveaitel – Twitter – Aug 30 2020 23:31
|RT @starlabs_sg: Whew! Finally cleared the backlogs for Oracle
CVE-2020-2674: https://starlabs.sg/advisories/20-2674/
CVE-2020-2682: https://starlabs.sg/advisories/20-2682/
CVE-2020-2575: https://starlabs.sg/advisories/20-2575/
CVE-2020-2748:…
|Ongoing Campaigns
|ZDNet – Group of unskilled Iranian hackers behind recent attacks with Dharma ransomware https://t.co/YntT34a0XU
|ZDNet – Twitter – Aug 30 2020 17:00
|Group of unskilled Iranian hackers behind recent attacks with Dharma ransomware…
|ZDNet – Group of unskilled Iranian hackers behind recent attacks with Dharma ransomware https://t.co/ZOx4Btab8L
|ZDNet – Twitter – Aug 30 2020 12:45
|Group of unskilled Iranian hackers behind recent attacks with Dharma ransomware…
Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.