31 January 2021
This alert was created automatically by our award-winning intelligence product Silobreaker Online. Story selection is determined by an algorithm and based on a set of queries initially set by a Silobreaker user. Contact us here for more information.
Heat – Trending Malware and Threat Actors
| Name | Heat 1 | Heat 7 | Vol 1 | Vol 7 |
|---|---|---|---|---|
| FonixCrypter |  |
 |
14 | 20 |
| Fonix Ransomware | |
|
8 | 15 |
| Trickbot Malware |  |
|
10 | 56 |
| Poison Ivy Trojan | |
 |
2 | 2 |
| XINOF Ransomware | |
|
2 | 2 |
| Minebridge Malware | |
|
2 | 2 |
| NotPetya Ransomware | |
|
2 | 4 |
| WannaCry Ransomware | |
 |
2 | 7 |
| Shiny Hunters | |
|
2 | 14 |
| Wacapew | |
|
1 | 1 |
Data Breaches
RT @haveibeenpwned: New sensitive breach: MeetMindful had 1.4M addresses breached a year ago. Extensive personal information was exposed including physical attributes, sexualities, substance use and bcrypt password hashes. 86% were already in @haveibeenpwned. Read more: hxxps://www[.]zdnet[.]com/article/hacker-leaks-data-of-2-28-million-dating-site-users/troyhunt – Twitter – Jan 31 2021 03:06RT @haveibeenpwned: New sensitive breach: MeetMindful had 1.4M addresses breached a year ago. Extensive personal information was exposed including physical attributes, sexualities, substance use and bcrypt password hashes. 86% were already in…
See if your credentials have been compromised with this new data leak tool hxxps://flip[.]it/1qYiPFSecurityblog – Twitter – Jan 30 2021 23:49See if your credentials have been compromised with this new data leak tool hxxps://flip[.]it/1qYiPF
A phishing campaign’s collateral damage: Stolen passwords were publicly searchable hxxps://www[.]cyberscoop[.]com/phishing-passwords-exposed-check-point/CyberScoopNews – Twitter – Jan 31 2021 01:46A phishing campaign's collateral damage: Stolen passwords were publicly searchable hxxps://www[.]cyberscoop[.]com/phishing-passwords-exposed-check-point/
5 data categories to learn for faster cybersecurity responses By knowing the different types of data, it can help your company protect itself from breaches and better recover from a cyberattack. hxxps://binged[.]it/3tjZShQ hxxps://twitter[.]com/InfoSecHotSpot/status/1355425030923030529/photo/1InfoSecHotSpot – Twitter – Jan 30 2021 07:585 data categories to learn for faster cybersecurity responses By knowing the different types of data, it can help your company protect itself from breaches and better recover from a cyberattack. hxxps://binged[.]it/3tjZShQ…
Hacker Groups
The Anonymous Indonesia News Daily is out! hxxps://paper[.]li/anon_indonesia/1435572762?edition_id=79d6bd70-6372-11eb-b2a3-002590a5ba2danon_indonesia – Twitter – Jan 31 2021 03:14The Anonymous Indonesia News Daily is out! hxxps://paper[.]li/anon_indonesia/1435572762?edition_id=79d6bd70-6372-11eb-b2a3-002590a5ba2d
RT @blueteamsec1: Higaisa or Winnti? APT41 backdoors, old and new hxxp://dlvr[.]it/RrggL4 #cyber #threathunting #infosec hxxps://twitter[.]com/blueteamsec1/status/1355571864878280705/photo/1Securityblog – Twitter – Jan 30 2021 18:25RT @blueteamsec1: Higaisa or Winnti? APT41 backdoors, old and new hxxp://dlvr[.]it/RrggL4 #cyber #threathunting #infosec hxxps://twitter[.]com/blueteamsec1/status/1355571864878280705/photo/1
Rocke Group’s Pro Ocean Crypto-jacking Malware now Comes with Worm Feature hxxps://www[.]ehackingnews[.]com/2021/01/rocke-groups-pro-ocean-crypto-jacking.html?utm_source=dlvr.it&utm_medium=twitter hxxps://twitter[.]com/EHackerNews/status/1355498384023408643/photo/1EHackerNews – Twitter – Jan 30 2021 12:49Rocke Group’s Pro Ocean Crypto-jacking Malware now Comes with Worm Feature hxxps://www[.]ehackingnews[.]com/2021/01/rocke-groups-pro-ocean-crypto-jacking.html?utm_source=dlvr.it&utm_medium=twitter…
Lebanese Cedar APT hacker group—linked to Hezbollah Cyber Unit—broke into telecom, hosting providers, communication, IT, and applications companies worldwide.
Read more: hxxps://thehackernews[.]com/2021/01/hezbollah-hacker-group-targeted.html
stmanfr – Twitter – Jan 30 2021 21:37Lebanese Cedar APT hacker group—linked to Hezbollah Cyber Unit—broke into telecom, hosting providers, communication, IT, and applications companies worldwide.Read more: hxxps://thehackernews[.]com/2021/01/hezbollah-hacker-group-targeted.html
Malware
Fonix ransomware shuts down and releases master decryption keyMalwareTips.com – Jan 30 2021 09:46The Fonix Ransomware operators have shut down their operation and released the master decryption allowing victims to recover their files for free. Fonix Ransomware, also known as Xinof and……
Windows finger command abused to download MineBridge backdoorHackRead – Jan 30 2021 18:19By Habiba Rashid A new phishing campaign has been identified which uses the Windows Finger command to download a malware variant called MineBridge. This is a post from HackRead[.]com Read the original post: …
Is TrickBot Indestructible?Cyware – Jan 30 2021 19:24Since the past takedown attempt in November 2020, TrickBot malware has not only re-emerged, its operators have been launching newer versions from time to time. They have recently released a more persistent version of the malware. New vs old The last…
RT @campuscodi: NEW: The FonixCrypter ransomware gang has shut down their operation today and released a free decryptor and their master decryption key
hxxps://www[.]zdnet[.]com/article/fonixcrypter-ransomware-gang-releases-master-decryption-key/ hxxps://twitter[.]com/campuscodi/status/1355322952502415361/photo/1
jabolins – Twitter – Jan 30 2021 13:50RT @campuscodi: NEW: The FonixCrypter ransomware gang has shut down their operation today and released a free decryptor and their master decryption keyhxxps://www[.]zdnet[.]com/article/fonixcrypter-ransomware-gang-releases-master-decryption-key/…
Vulnerabilities
4 fatal flaws in deterministic password managers hxxps://tonyarcieri[.]com/4-fatal-flaws-in-deterministic-password-managersSecurityblog – Twitter – Jan 30 2021 21:414 fatal flaws in deterministic password managers hxxps://tonyarcieri[.]com/4-fatal-flaws-in-deterministic-password-managers
From CVE-2021-25125 to CVE-2021-25138, HPE Baseboard Management Controller(BMC) multiple local vulnerabilities. hxxps://cvepremium[.]circl[.]lu/cve/CVE-2021-25138
hxxps://support[.]hpe[.]com/hpesc/public/docDisplay?docLocale=en_US&docId=emr_na-hpesbhf04073en_uscircl_lu – Twitter – Jan 30 2021 09:11From CVE-2021-25125 to CVE-2021-25138, HPE Baseboard Management Controller(BMC) multiple local vulnerabilities….
hxxps://support[.]hpe[.]com/hpesc/public/docDisplay?docLocale=en_US&docId=emr_na-hpesbhf04073en_uscircl_lu – Twitter – Jan 30 2021 09:11From CVE-2021-25125 to CVE-2021-25138, HPE Baseboard Management Controller(BMC) multiple local vulnerabilities….
sudo: Ineffective NO_ROOT_MAILER and Baron SameditOpen Source Security – Jan 30 2021 08:28Posted by Roman Fiedler on Jan 30 Hello list, While reproducing the exploitation of "Baron Samedit" another minor issue in Sudo was discovered. It affects Sudo 1.9.4 and newer and renders the "NO_ROOT_MAILER" hardening option us…
Cyber Command, NSA warn to patch decade-old vulnerability in sudo hxxps://www[.]cyberscoop[.]com/sudo-flaw-cyber-command-nsa-buffer-overflow/CyberScoopNews – Twitter – Jan 30 2021 20:43Cyber Command, NSA warn to patch decade-old vulnerability in sudo hxxps://www[.]cyberscoop[.]com/sudo-flaw-cyber-command-nsa-buffer-overflow/
Ongoing Campaigns
Trickbot- A Banking Trojan Returns With Latest Phishing Campaigns and AttacksE Hacking News – Jan 30 2021 14:13Trickbot, a banking malware has resurged again with new phishing campaigns and attacks after the collaboration of cybersecurity and technology companies disrupted the Trickbot malware in October last year. Trickbot malware evolved into a highly…
Trickbot is back again – with fresh phishing and malware attacks hxxps://www[.]zdnet[.]com/article/trickbot-is-back-again-with-fresh-phishing-and-malware-attacks/?ftag=COS-05-10aaa0g&taid=6015a5b202313500018f239d&utm_campaign=trueAnthem%3A+Trending+Content&utm_medium=trueAnthem&utm_source=twitterZDNet – Twitter – Jan 30 2021 18:30Trickbot is back again – with fresh phishing and malware attacks…
Trickbot is back again – with fresh phishing and malware attacks hxxps://www[.]zdnet[.]com/article/trickbot-is-back-again-with-fresh-phishing-and-malware-attacks/?ftag=COS-05-10aaa0g&taid=6015e17259acd30001ef27cd&utm_campaign=trueAnthem%3A+Trending+Content&utm_medium=trueAnthem&utm_source=twitterZDNet – Twitter – Jan 30 2021 22:45Trickbot is back again – with fresh phishing and malware attacks…
Trickbot is back again – with fresh phishing and malware attacks hxxps://www[.]zdnet[.]com/article/trickbot-is-back-again-with-fresh-phishing-and-malware-attacks/?ftag=COS-05-10aaa0g&taid=60152e247f7681000102e26b&utm_campaign=trueAnthem%3A+Trending+Content&utm_medium=trueAnthem&utm_source=twitterZDNet – Twitter – Jan 30 2021 10:00Trickbot is back again – with fresh phishing and malware attacks…
Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.
