Daily Alert – 06 March 2020
|Heat – Trending Malware and Threat Actors
|Name
|Heat 1
|Heat 7
|Vol 1
|Vol 7
|Bisonal Malware
|6
|6
|Ryuk Ransomware
|9
|22
|Guildma Malware
|4
|4
|GhostCat-3PC Malware
|4
|19
|Karma Panda
|3
|3
|Mokes Trojan
|3
|3
|Lunar Spider
|2
|2
|SCULLY SPIDER
|2
|2
|Htbot Malware
|2
|2
|Wizard Spider
|2
|2
|Data Breaches
|T-Mobile Data Breach Exposes Customer Personal, Financial Info
|BleepingComputer.com – Mar 05 2020 15:09
|T-Mobile has announced a data breach caused by an email vendor being hacked that exposed the personal and financial information for some of its customers. […]
|Virgin Media Data Breach Exposes Info of 900,000 Customers
|BleepingComputer.com – Mar 05 2020 21:35
|Virgin Media announced today that the personal information of roughly 900,000 of its customers was accessed without permission on at least one occasion because of a misconfigured and unsecured marketing database. […]
|54% of healthcare vendors have experienced a data breach of protected health information
|Help Net Security – News – Mar 06 2020 05:00
|More than half of all healthcare vendors have experienced a data breach that exposed protected health information (PHI), and it’s a costly problem that points to broken third-party risk assessment processes, according to data released by the…
|Lessons Learned from 2019’s Biggest Data Breaches
|Seclists.org – Data Loss – Mar 05 2020 17:19
|Posted by Destry Winant on Mar 05 https://securityboulevard.com/2020/03/lessons-learned-from-2019s-biggest-data-breaches/ With more than 5,000 data breaches and over 7 billion records exposed, 2019 was the worst year on record for breach…
|Hacker Groups
|Most of the attacks on Telecom Sector in 2019 were carried out by China-linked hackers
|Security Affairs – Mar 05 2020 08:23
|China-linked cyber espionage groups increasingly targeted organizations in the telecommunications industry in 2019. According to the CrowdStrike 2020 Global Threat Report, the telecommunications and government sectors were the most targeted by the…
|Breaking TA505’s Crypter with an SMT Solver – Using a satisfiability modulo theories (SMT)[8] solver to break the latest variant of the crypter being used on Get2
|Reverse Engineering – Mar 05 2020 13:31
|submitted by /u/Cyberthere [link]…
|Bisonal: 10 years of play
|Cisco Blog Security – Mar 05 2020 11:09
|Bisonal is a remote access trojan (RAT) that’s part of the Tonto Team arsenal. The peculiarity of the RAT is that it’s been in use for more than 10 years — this is…
|Collateral damage from APTs
|We use words to save the world | Kaspersky Lab Official Blog – Mar 05 2020 13:14
|Folks usually relate to APTs about the same way we relate to espionage in general: It’s certainly a big deal, but it won’t hit us mere mortals, right? Most of us don’t carry any significant industrial or government secrets on our…
|Malware
|Ryuk Revisited – Analysis of Recent Ryuk Attack
|Fortinet Blog | News and Threat Research – Category: Security Research – Mar 05 2020 08:00
|Find out more about the tactics, techniques, and procedures (TTPs) of a recently discovered Ryuk ransomware variant to ensure that you can detect and protect against it.
|Guildma: The Devil drives electric
|WeLiveSecurity RSS – Mar 05 2020 10:30
|The fourth installment of our occasional series demystifying Latin American banking trojans The post Guildma: The Devil drives electric…
|PwndLocker Ransomware Gets Pwned: Decryption Now Available
|MalwareTips.com – Mar 05 2020 17:48
|PwndLocker Ransomware Gets Pwned: Decryption Now Available Emsisoft has discovered a way to decrypt files encrypted by the new PwndLocker Ransomware so that victims can recover their files without paying a ransom. We were the first to report about a…
|What sites is Trickbot targeting?
|CyberCrime & Doing Time – Mar 05 2020 13:56
|Its been a while since we decoded Trickbot configs to see what banks and organizations were being actively targeted. While recently most of the news about Trickbot has been how it drops the Ryuk Ransomware, and that is certainly important, we…
|Vulnerabilities
|Intel chipset vulnerability can be exploited to obtain encrypted data
|SiliconANGLE – Mar 06 2020 01:02
|Most Intel Corp. chipsets released in the past five years have been found to have a vulnerability that can be exploited to obtain encrypted data and compromise data protection. Detailed by researchers at Positive Technologies, the flaw was one of a…
|Cisco addresses high severity RCE flaws in Webex Player
|Security Affairs – Mar 05 2020 08:56
|Cisco has released security updates to fix multiple vulnerabilities in various products, including two remote code execution flaws in Webex Player. The two remote code execution vulnerabilities fixed by Cisco have been tracked…
|Design flaw could compromise Intel platform security features, researchers warn
|CSO Magazine – Mar 05 2020 14:00
|Last May, Intel released firmware patches for vulnerabilities affecting several hardware security features in its chipsets that are used for digital rights management, device attestation, firmware validation, safe storage of cryptographic keys, disk…
|LIFARS Advisory: Zyxel Patched 0-Day vulnerability (CVE-2020-9054)
|LIFARS Blog – Mar 05 2020 07:30
|Multiple Zyxel network-attached storage (NAS) devices were determined to be vulnerable to pre-authentication remote command injection. This could allow attackers to perform remote code execution. NAS products running firmware version 5.21 and…
|Ongoing Campaigns
|Brazil is Still the Main Target of the “Guildma” Banking Trojan
|TechNadu – Mar 05 2020 13:03
|The Guildma banking Trojan is still under active development and extensive deployment in Brazil. The malware can split its functionality over 10 individual modules, and do all kinds of nasty tricks. The activity of Guildma spiked last summer, and it…
