Daily Alert – 14 March 2020
|Heat – Trending Malware and Threat Actors
|Name
|Heat 1
|Heat 7
|Vol 1
|Vol 7
|Mailto Ransomware
|4
|5
|Cookiethief
|4
|15
|Ztorg Trojan
|2
|4
|Youzicheng
|2
|5
|Bood Backdoor
|2
|5
|Triada Trojan
|2
|4
|WannaCry Ransomware
|4
|22
|QakBot
|2
|2
|AZORult Stealer
|3
|14
|SandCat
|1
|1
|Data Breaches
|Radio.com users affected in data breach
|WeLiveSecurity RSS – Mar 13 2020 14:18
|An unknown number of people had their personal data exposed as hackers accessed database backup files The post Radio.com users affected…
|Millions of Facebook users have data exposed online
|Seclists.org – Data Loss – Mar 13 2020 17:43
|Posted by Destry Winant on Mar 13…
|Princess Cruises Confirms Data Breach
|Dark Reading: – Mar 13 2020 16:15
|The cruise liner, forced to shut down operations due to coronavirus, says the incident may have compromised passengers' personal data.
|Durham city, county preparation prevented data breach when hack happened
|Seclists.org – Data Loss – Mar 13 2020 17:53
|Posted by Destry Winant on Mar 13…
|Hacker Groups
|Russia-Linked Turla APT uses new malware in watering hole attacks
|Security Affairs – Mar 13 2020 09:17
|The Russia-linked APT group Turla employed two new pieces of malware in attacks launched over a period of roughly two months in the fall of 2019. The Russia-linked APT group …
|Ancient Tortoise BEC Scammers Launch Coronavirus-Themed Attack
|BleepingComputer.com – Mar 13 2020 20:00
|A business email compromise (BEC) cybercrime group has started using coronavirus-themed scam emails that advantage of the COVID-19 global outbreak to convince potential victims to send payments to attacker-controlled accounts. […]
|Volusion Magecart Breach Could Net Fraudsters $130m+
|Infosecurity – Latest News – Mar 13 2020 11:45
|Volusion Magecart Breach Could Net Fraudsters $130m+ Fraudsters have already made $1.6m from cards stolen via a Magecart supply chain attack on popular e-commerce platform Volusion, and the figure could rise more than 100-fold over the coming…
|State-sponsored hackers are launching Coronavirus-themed attacks
|Security Affairs – Mar 13 2020 14:05
|State-sponsored hackers are now using coronavirus lures to infect their targets In the last weeks, security experts reported many Coronavirus-themed attacks carried out by cybercrime gangs, now experts warn of similar attacks from nation–state…
|Malware
|2020-03-13 – Quick post: Qakbot infection
|Malware-Traffic-Analysis.net – Blog Entries – Mar 13 2020 22:03
|New CoronaVirus Ransomware Acts as Cover for Kpot Infostealer
|MalwareTips.com – Mar 13 2020 14:20
|A new ransomware called CoronaVirus has been distributed through a fake web site pretending to promote the system optimization software and utilities from WiseCleaner. With the increasing fears and anxiety of the Coronavirus (COVID-19) outbreak, an…
|Cookiethief, the Android malware that hijacks Facebook accounts
|Security Affairs – Mar 13 2020 16:49
|Experts discovered an Android Trojan, dubbed Cookiethief, that is able to gain root access on infected devices and hijack Facebook accounts. Security experts from Kaspersky recently discovered Android Trojan that was designed to gain root access on…
|Amid coronavirus scare, Netwalker ransomware targets public health agency in Illinois
|Office of Inadequate Security – Mar 13 2020 14:54
|Benjamin Freed reports: A public-health agency in central Illinois has had to retreat to social media to update residents…
|Vulnerabilities
|Microsoft Patches Wormable SMBv3 Flaw
|Bank Info Security – Mar 13 2020 13:23
|Security Update Adds to 150 Fixes Already Issued This Month Mathew J. Schwartz (euroinfosec) • March 13, 2020 Ready, set, patch: Microsoft on Thursday released a fix for a remote code execution vulnerability in recent versions of Windows 10 and Windows…
|SMBv3 Ghost CVE-2020-0796 POC
|blackhat library – Mar 13 2020 16:34
|…
|Flaws in the Popup Builder WordPress plugin expose 100K+ websites to hack
|Security Affairs – Mar 13 2020 11:42
|Flaws in the Popup Builder WordPress plugin could allow unauthenticated attackers to inject malicious JavaScript code into popups of 100K+ websites. The Popup…
|VMware fixes a critical bug in Workstation, Fusion that allows code execution on host From guest
|Security Affairs – Mar 13 2020 20:00
|VMware has fixed three serious flaws in its products, including a critical issue in Workstation and Fusion that allow code execution on the host from guest. VMware has addressed three serious vulnerabilities in its products, including a critical…
|Ongoing Campaigns
|China-linked APT Hackers Launch Coronavirus-Themed Attacks
|Security Week – Mar 13 2020 14:34
|COVID-19 (Coronavirus) themed malware attacks are now common. The subject matter automatically contains at least two of the primary social engineering triggers, fear and urgency, making it an obvious lure for use by criminals. Even a long-standing…
|DDoS Attack Trends Reveal Stronger Shift to IoT, Mobile
|ste williams – Mar 14 2020 03:06
|Attackers are capitalizing on the rise of misconfigured Internet-connected devices running the WS-Discovery protocol, and mobile carriers are hosting distributed denial-of-service weapons. Distributed denial-of-service (DDoS) attacks remain a popular…
