Daily Alert – 04 March 2020
Silobreaker’s Daily Cyber Alert is created and distributed automatically by using our award-winning intelligence product Silobreaker Online.
|Heat – Trending Malware and Threat Actors
|Name
|Heat 1
|Heat 7
|Vol 1
|Vol 7
|Lazarus Group
|7
|16
|DoppelPaymer Ransomware
|7
|26
|NotPetya Ransomware
|4
|8
|Kimsuky
|2
|2
|APT36
|2
|2
|ForeLord
|2
|7
|MuddyWater Group
|2
|9
|Gamaredon Group
|2
|2
|WannaCry Ransomware
|3
|8
|APT34
|2
|5
|Data Breaches
|MO: Detectives investigate data breach at Jefferson County School District
|Office of Inadequate Security – Mar 03 2020 12:01
|KMOV reports: The Jefferson County Sheriff’s Office is trying to determine the full extent of a data breach at the…
|Walgreens Mobile Data Leak – Commentary From Experts
|Information Security Buzz – Mar 03 2020 10:09
|Walgreens disclosed a data leak in its mobile app, specifically in the messaging service, that consequently revealed users’ personal information such as first and last names, prescription names and numbers and shipping addresses. Given that the…
|SpaceX Contractor Hit by Data Breach
|Infosecurity – Latest News – Mar 03 2020 09:41
|SpaceX Contractor Hit by Data Breach An aerospace and industrial manufacturer has become the latest firm to have sensitive internal documents published online by ransomware attackers. Visser Precision, which makes parts for Tesla and SpaceX…
|Nemty ransomware operators launch their data leak site
|Security Affairs – Mar 03 2020 15:38
|The operators behind the Nemty ransomware set up a data leak site to publish the data of the victims who refuse to pay ransoms. Nemty ransomware first…
|Hacker Groups
|Extracting Embedded Payloads From APT29 Malware
|Reverse Engineering – Mar 03 2020 23:10
|submitted by /u/Ryancor [link]…
|Molerats Delivers Spark Backdoor to Government and Telecommunications Organizations
|Unit 42 – Palo Alto Networks Blog – Mar 03 2020 14:00
|Unit 42 discovered the threat group Molerats is targeting eight organizations in six different countries via spear-phishing to deliver a backdoor payload called "Spark." The post …
|Chinese nationals indicted for laundering cryptocurrency for Lazarus Group
|SiliconANGLE – Mar 04 2020 02:40
|Two Chinese nationals who are alleged to have laundered around $100 million in cryptocurrency on behalf of the infamous North Korean hackers Lazarus Group have been indicted by the U.S. Department of Justice. Tian Yinyin and Li Jiadong are accused of…
|Cobalt Ulster Strikes Again With New ForeLord Malware
|Threatpost.com – Mar 03 2020 21:50
|Threatpost talks to Alex Tilley, senior security researcher with Dell SecureWorks' Counter Threat Unit Research Team, about a recently discovered campaign linked to an Iranian APT.
|Malware
|2020-03-03 – IcedID (Bokbot) infection
|Malware-Traffic-Analysis.net – Blog Entries – Mar 03 2020 23:58
|PwndLocker Ransomware Targeting Municipalities, Enterprise Networks
|Security Bloggers Network – Mar 03 2020 12:02
|Security researchers discovered a new ransomware family called “PwndLocker” targeting municipalities and enterprise networks. Bleeping Computer learned that PwndLocker has been active since late 2019 and has targeted a variety of U.S….
|Nemty ransomware operators launch their data leak site
|Security Affairs – Mar 03 2020 15:38
|The operators behind the Nemty ransomware set up a data leak site to publish the data of the victims who refuse to pay ransoms. Nemty ransomware first…
|2020-03-03 – German malspam pushes Ursnif
|Malware-Traffic-Analysis.net – Blog Entries – Mar 03 2020 23:57
|Vulnerabilities
|Patches Released for WordPress Plugin Vulnerabilities Exploited in Attacks
|Security Week – Mar 03 2020 12:07
|Patches released over the past several days for multiple WordPress plugins address vulnerabilities that have been actively exploited as part of the same website takeover campaign The first of the updated plugins is Flexible Checkout Fields For…
|Experts warn of mass scans for Apache Tomcat Ghostcat flaw
|Security Affairs – Mar 03 2020 07:58
|Experts warn of ongoing scans for Apache Tomcat servers affected by the Ghostcat flaw that could allow attackers to take over servers. Security experts are warning of ongoing scans for Apache Tomcat servers affected by the recently disclosed …
|Critical MediaTek Rootkit Was Left Unpatched for Over a Year
|TechNadu – Mar 03 2020 09:03
|More than a dozen MediaTek 64-bit processors are vulnerable to a critical vulnerability. The flaw was known for over a year, and MediaTek had released a fix for it in May 2019. Google has finally identified the problem in the latest March 2020 Android…
|Weekly Threat Briefing: APT Activity, Chrome 0-Day, MuddyWater, and More
|ThreatStream Blog – Mar 03 2020 15:00
|The various threat intelligence stories in this iteration of the Weekly Threat Briefing discuss the following topics: 0-Day, Data breach, NetSupport Manager RAT, Roaming Mantis, Sea Turtle, and Trickbot. The IOCs related…
|Ongoing Campaigns
|Is There Such a Thing as VPN DDoS Protection? Here’s Everything You Need to Know
|TechNadu – Mar 04 2020 06:18
|DDoS attacks are no longer something you just read or hear about. They’re now something you’re likely to experience. Which begs the question – is VPN DDoS protection a real thing? Since VPNs can do so much to protect your online data , they should be…
|State of the Phish: IBM X-Force Reveals Current Phishing Attack Trends
|Security Intelligence – Mar 03 2020 11:00
|Phishing has long been an …
|State of the Phish: IBM X-Force Reveals Current Phishing Attack Trends
|Security Intelligence – Mar 03 2020 11:04
|Phishing has long been an infection vector of choice for threat actors , and for good reason — it is relatively easy, inexpensive and consistently successful. In 2018 and 2019, attackers used phishing as an entry point for one-third of all attacks…
|Telecom Sector Increasingly Targeted by Chinese Hackers: CrowdStrike
|Security Week – Mar 03 2020 14:07
|Threat actors linked to China increasingly targeted the telecommunications sector in 2019, according to endpoint security firm CrowdStrike. CrowdStrike on Tuesday published its 2020 Global Threat Report, which provides data on both state-sponsored and…
Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.