31 December 2020

This alert was created automatically by our award-winning intelligence product Silobreaker Online. Story selection is determined by an algorithm and based on a set of queries initially set by a Silobreaker user. Contact us here for more information.

Heat – Trending Malware and Threat Actors
Name Heat 1 Heat 7 Vol 1 Vol 7
EMOTET Trojan 17 48
APT41 3 3
Trickbot Malware 14 40
Kraken Loader 2 2
Raccoon Malware 2 2
TA2101 2 2
AgentTesla Keylogger 2 2
Unit 74455 1 1
Cloud Atlas APT 1 1
Silent Night 1 1
Data Breaches
T-Mobile data breach exposed phone numbers, call recordsBleepingComputer.com – Dec 30 2020 17:04T-Mobile has announced a data breach exposing customers' proprietary network information (CPNI), including phone numbers and call records. […]
Microsoft Edge Allows Users to Scan for Exposed PasswordsSoftpedia – Dec 31 2020 05:10Now that Microsoft Edge is finally a mature browser, Microsoft can focus on delivering big updates to users out there, and one of the company’s key priorities is keeping our data safe. Microsoft Edge comes with a built-in Password Monitor whose…
Dinosn – T-Mobile data breach exposed phone numbers, call records https://t.co/4XOosZQ9QQDinosn – Twitter – Dec 31 2020 05:28T-Mobile data breach exposed phone numbers, call records https://www.bleepingcomputer.com/news/security/t-mobile-data-breach-exposed-phone-numbers-call-records/
BleepinComputer – T-Mobile data breach exposed phone numbers, call records – @LawrenceAbrams
https://t.co/qskSMJGQHG
BleepinComputer – Twitter – Dec 30 2020 17:04T-Mobile data breach exposed phone numbers, call records – @LawrenceAbrams
https://www.bleepingcomputer.com/news/security/t-mobile-data-breach-exposed-phone-numbers-call-records/
Hacker Groups
Chat Digest – 🇮🇷 Bax 026 Of Iran 🇮🇷 2020/12/30 11:32 – 11:32 UTC“🇮🇷 Bax 026 Of Iran 🇮🇷” – Telegram – Dec 30 2020 11:32[11:32] : Changed channel photo
Kerala Cyber Warriors hack state Police Academy website; write, ‘Dismiss criminals in khaki’DNAIndia – Dec 30 2020 14:46The protest is regarding an incident where a couple set themselves on fire in Neyyattinkara during the confiscation process.
YourAnonNews – Anonymous Press Release regarding RedHack https://t.co/WL6amq7X7HYourAnonNews – Twitter – Dec 30 2020 19:47Anonymous Press Release regarding RedHack https://twitter.com/YourAnonNews/status/1344369512821497863/photo/1
crymora – When you call out one errand boy of RedHack another one will follow. The verbal diarrhea, the accusations are just… https://t.co/3LElq72Gzecrymora – Twitter – Dec 30 2020 14:05When you call out one errand boy of RedHack another one will follow. The verbal diarrhea, the accusations are just staggering. The press release later will show that this is the new norm in that community….
Malware
InfoSecHotSpot – The Sunburst hack was massive and devastating – 5 observations from a cybersecurity expert Hackers stole informatio… https://t.co/bha8GiKV7HInfoSecHotSpot – Twitter – Dec 30 2020 23:58The Sunburst hack was massive and devastating – 5 observations from a cybersecurity expert Hackers stole information from computer systems in the U.S. government, economy and critical infrastructure and have likely left malware on them that can be…
Emotet Returns with Updated Modules and New CampaignHOTforSecurity – Dec 31 2020 04:31
cyb3rops – Yes, I wrote YARA rules for Emotet.
However, I wouldn’t recommend using YARA for Emotet detection.

Applying Sigm… https://t.co/BElaV5xO4acyb3rops – Twitter – Dec 30 2020 08:51Yes, I wrote YARA rules for Emotet.
However, I wouldn't recommend using YARA for Emotet detection.

Applying Sigma rules to process creation events has proven to be much more reliable and stable detecting numerous variants of Emotet over the years….

Securityblog – RT @cyb3rops: Yes, I wrote YARA rules for Emotet.
However, I wouldn’t recommend using YARA for Emotet detection.

Applying Sigma rules to…Securityblog – Twitter – Dec 30 2020 10:10RT @cyb3rops: Yes, I wrote YARA rules for Emotet.
However, I wouldn't recommend using YARA for Emotet detection.

Applying Sigma rules to process creation events has proven to be much more reliable and stable detecting numerous variants of Emotet…

Vulnerabilities
opexxx – CVE-2020-17530: Apache structs vulnerability exploited in the wild – SonicWall https://t.co/bTWtbHW1Fzopexxx – Twitter – Dec 30 2020 09:44CVE-2020-17530: Apache structs vulnerability exploited in the wild – SonicWall https://securitynews.sonicwall.com/xmlpost/cve-2020-17530-apache-structs-vulnerability-exploited-in-the-wild/
CVEnew – CVE-2019-12953 Dropbear 2011.54 through 2018.76 has an inconsistent failure delay that may lead to revealing valid… https://t.co/Vt8nSnYQnPCVEnew – Twitter – Dec 30 2020 20:45CVE-2019-12953 Dropbear 2011.54 through 2018.76 has an inconsistent failure delay that may lead to revealing valid usernames, a different issue than CVE-2018-15599. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12953
CVEnew – CVE-2019-16747 In MatrixSSL before 4.2.2 Open, the DTLS server can encounter an invalid pointer free (leading to me… https://t.co/dWiGdkhXDPCVEnew – Twitter – Dec 30 2020 21:45CVE-2019-16747 In MatrixSSL before 4.2.2 Open, the DTLS server can encounter an invalid pointer free (leading to memory corruption and a daemon crash) via a crafted incoming network message, a different vulnerability than CVE-2019-14431….
bad_packets – Also seeing CVE-2020-10148 mass scanning activity from hosts in 🇻🇳 🇸🇬.

Additionally, @ANSSI_FR is scanning for vul… https://t.co/AOHn0DiqzLbad_packets – Twitter – Dec 30 2020 19:20Also seeing CVE-2020-10148 mass scanning activity from hosts in 🇻🇳 🇸🇬.

Additionally, @ANSSI_FR is scanning for vulnerable SolarWinds Orion hosts – shown below. https://twitter.com/bad_packets/status/1344362769022214144/photo/1

Ongoing Campaigns
The most enticing cyberattacks of 2020Malwarebytes Labs Blog – Dec 30 2020 16:00In 2020, we experienced a major shift. Much of the world pitched in to limit the spread of the coronavirus, with people changing their daily routines to include a mixture of working from home, standing in socially-distanced lines, and awaiting…
DDoS Attacks Spiked, Became More Complex in 2020Dark Reading: – Dec 30 2020 13:20Global pandemic and the easy availability of for-hire services and inexpensive tool sets gave adversaries more opportunities to attack.
Securityblog – RT @blueteamblog: Quick Thread – Golden SAML (I am late to the party, I know) but thought some might find it useful.

Firstly, what is Gold…Securityblog – Twitter – Dec 30 2020 20:35RT @blueteamblog: Quick Thread – Golden SAML (I am late to the party, I know) but thought some might find it useful.

Firstly, what is Golden SAML?

One of the major techniques used by the threat actor as part of the SolarWinds attack, was…

Emotet malware hits Lithuania’s National Public Health CenterBleepingComputer.com – Dec 30 2020 16:02The internal networks of Lithuania's National Center for Public Health (NVSC) and several municipalities have been infected with Emotet malware following a large campaign targeting the country's state institutions. […]

Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal