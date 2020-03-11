Daily Alert – 11 March 2020
|Heat – Trending Malware and Threat Actors
|Name
|Heat 1
|Heat 7
|Vol 1
|Vol 7
|Paradise Ransomware
|8
|8
|njRAT Malware
|6
|6
|Dridex Malware
|4
|8
|Locky Ransomware
|3
|3
|PwndLocker
|3
|8
|WannaCry Ransomware
|4
|7
|GameOver ZeuS
|2
|2
|Conficker
|2
|2
|GhostCat-3PC Malware
|3
|11
|Magecart Group
|2
|2
|Data Breaches
|Flaw in popular VPN service may have exposed customer data
|We Live Security – Mar 10 2020 16:17
|NordVPN praised its bug bounty program and said that a fix had been shipped within two days The post Flaw in popular VPN service may…
|All bets off as children’s data is leaked
|IT Pro UK – Mar 10 2020 12:15
|Department of Education data leak to betting firms may be start of wider scandal
|AMD Downplays CPU Threat Opening Chips To Data Leak Attacks
|News ≈ Packet Storm – Mar 10 2020 12:56
|Melbourne TAFE Data Breach Exposes 55k Student, Staff Files
|SecurityPhresh – Mar 11 2020 01:39
|Sensitive financial, health data accessed.
|Hacker Groups
|Microsoft warns of Human-Operated Ransomware as a growing threat to businesses
|Security Affairs – Mar 10 2020 10:13
|Microsoft is warning of human-operated ransomware, this kind of attack against businesses is becoming popular in the cybercrime ecosystem. Human-operated ransomware is a technique usually employed in nation-state attacks that is becoming very…
|Microsoft disrupted US-Based Infrastructure of the Necurs botnet
|Security Affairs – Mar 10 2020 21:10
|Microsoft announced that it took over the US-based infrastructure used by the infamous Necurs spam botnet that infected millions of computers. Microsoft announced to have taken over the US-based infrastructure used by the …
|Rocket Loader skimmer impersonates CloudFlare library in clever scheme
|Malwarebytes Unpacked – Mar 10 2020 15:46
|Fraudsters are known for using social engineering tricks to dupe their victims, often times by impersonating authority figures to instill trust. In a recent …
|Malware
|Paradise Ransomware Distributed via Uncommon Spam Attachment
|MalwareTips.com – Mar 10 2020 23:19
|Attackers have started to send Excel Web Query attachments in phishing campaigns to download and install the Paradise Ransomware on unsuspecting victims. Paradise Ransomware is fairly old with activity…
|Variant of Paradise Ransomware Targets Office IQY Files
|Threatpost.com – Mar 10 2020 13:00
|Threat actors can easily infiltrate networks because attacks evade detection by typical security protections.
|2020-03-10 – German malspam with password-protected zip files pushes Ursnif
|Malware-Traffic-Analysis.net – Blog Entries – Mar 10 2020 23:12
|Years-long malware operation hides njRAT in cracked hacking tools
|SC Magazine US – Mar 10 2020 22:44
|Malicious actors have been secretly embedding the njRAT remote access trojan in free hacking tools as well as cracks of those tools, in a bid to compromise anyone who downloads this software from various websites and forums. Essentially, this…
|Vulnerabilities
|Microsoft Patch Tuesday, March 2020 Edition
|Krebs on Security – Mar 10 2020 23:44
|Microsoft Corp. today released updates to plug more than 100 security holes in its various Windows operating systems and associated software. If you (ab)use Windows, please take a moment to read this post, backup…
|Microsoft’s March 2020 Patch Tuesday Addresses 115 CVEs, Including 58 Elevation of Privilege Flaws
|Tenable Blog – Mar 10 2020 19:05
|Microsoft's March 2020 Patch Tuesday addresses an extraordinary 115 CVEs, including 58 elevation of privilege flaws. Microsoft addresses 115 CVEs in the …
|Intel SGX is vulnerable to an unfixable flaw that can steal crypto keys and more
|ArsTechnica – Mar 10 2020 22:40
|…
|CVE-2020-0796: Wormable Remote Code Execution Vulnerability in Microsoft Server Message Block SMBv3 (ADV200005)
|Tenable Blog – Mar 11 2020 03:46
|Critical unpatched “wormable” remote code execution (RCE) vulnerability in Microsoft Server Message Block 3.1.1 (SMBv3), dubbed EternalDarkness, disclosed by Microsoft. Background On March 10, Microsoft…
|Ongoing Campaigns
|Paradise Ransomware Variant Hides in Office IQY Files
|ste williams – Mar 10 2020 20:55
|The uncommon Internet Query file format lets attacks slip past defenses to effectively break into target networks. Researchers have detected an attack campaign that leverages Internet Query files (IQY) to bypass enterprise defense systems and deliver…
|Hackers Hack Hacking Tools to Hack Hackers
|Security Week – Mar 10 2020 16:07
|Researchers Uncover Campaign Where Attackers Are Trojanizing Multiple Hacking Tools Used by Other Attackers Criminals targeting other criminals is nothing new, but researchers have now uncovered a years-long campaign that trojanizes hacking tools in…
|Ryuk Ransomware Takes Out Durham, North Carolina
|Infosecurity – Latest News – Mar 10 2020 09:34
|Ryuk Ransomware Takes Out Durham, North Carolina The North Carolina city of Durham has become the latest US municipality struck by ransomware after reports suggested the Ryuk variant forced key services offline. In an update on Sunday, the…
