|Heat – Trending Malware and Threat Actors
|Name
|Heat 1
|Heat 7
|Vol 1
|Vol 7
|Equation Group
|6
|6
|LokiBot Trojan
|6
|11
|APT33
|4
|12
|Dridex Malware
|3
|7
|PlugX Trojan
|2
|2
|Gootkit
|2
|2
|FIN6
|2
|2
|APT34
|3
|10
|Bloodhound Malware
|2
|2
|Ramnit
|2
|3
|Data Breaches
|Protenus releases its analysis of 2019 health data breaches
|Office of Inadequate Security – Feb 18 2020 19:14
|Protenus’s 2020 BreachBarometer is now available for free downloading. From their highlights: Our analysis is based on…
|Cities are fleeing payment platform Click2Gov after data-breach resurgence
|Seclists.org – Data Loss – Feb 18 2020 15:40
|Posted by Destry Winant on Feb 18 https://statescoop.com/ux-user-experience-click2gov-data-breach-cities/ Over 2017 and 2018, dozens of small and midsize cities across the United States had to tell their residents that their personal data had pote…
|‘FairBridge Inn & Suites’ Unprotected Database Exposed 150,000 Customers
|TechNadu – Feb 18 2020 12:18
|‘FairBridge Inn & Suites’ is the latest hotel chain to blunder by not setting up a password for their database. The franchise hasn’t provided any details about how long the database was left online, and which locations this impacted. The booking…
|Plastic Surgery Database Exposed: Researchers
|Data Breach Today – Feb 18 2020 21:53
|General Data Protection Regulation (GDPR) , Governance , IT Risk Management French Technology Firm's Database Was Unprotected, Report Says Apurva Venkat (@VenkatApurva) • February 18, 2020 NextMotion, a French video and digital photography equipment…
|Hacker Groups
|Twitter Accounts of The Olympics and FC Barcelona Hijacked by OurMine Hacking Group
|MalwareTips.com – Feb 18 2020 21:23
|The International Olympic Committee and FC Barcelona are the latest victims of a spree of Twitter account hijacks orchestrated by the notorious OurMine gang. But rather than abuse their access to the high profile accounts (@Olympics has six million…
|Five Years After The Equation Group HDD Hacks, Firmware Security Still Sucks
|SecurityPhresh – Feb 18 2020 11:12
|Device manufacturers are not forcing driver signatures at all times.
|US Federal Authorities Dissect Malicious Activities of Six Malware Associated with Lazarus Group
|Cyware – Feb 18 2020 07:24
|| Lazarus has been linked to multiple high profile attacks that have caused infrastructure disruptions and financial losses. Some of the notable attacks include the 2014 attack on a major entertainment company and the 2016 Bangladeshi heist that netted…
|Five years after the Equation Group HDD hacks, firmware security still sucks
|ZDNet Security – Feb 18 2020 11:00
|Device manufacturers are not forcing driver signatures at all times.
|Malware
|Threat Spotlight: Nuke Ransomware
|Cylance Blog – Feb 18 2020 22:12
|Nuke ransomware encrypts files with an AES 256-bit encryption key and changes the file name to random characters with a .nuclear55 extension. Our Threat Research team analyzed a Nuke sample – this blog details our investigation.
|Lokibot now using fake Epic Games installer to fool victims
|SC Magazine US – Feb 18 2020 21:28
|The data harvesting malware Lokibot has again been upgraded by its creators, this time to impersonate a popular online game launcher in order to trick victims into mistakenly downloading the malware. Trend Micro researchers say Lokibot now presents…
|DoppelPaymer: New, Trendy and Dangerous
|Security Bloggers Network – Feb 18 2020 07:00
|…
|‘Adwind RAT’ malware campaign hits Turkish businesses
|IT Security Guru – Feb 18 2020 10:34
|At least 80 companies based in Turkey have been dealing with an ongoing threat that is constantly evolving to become more persistent and dangerous. This massive phishing campaign was given the name “The Turkish Rat” by Sophos and Talos researchers,…
|Vulnerabilities
|Serious Vulnerabilities Expose SonicWall SMA Appliances to Remote Attacks
|Security Week – Feb 18 2020 14:42
|Several serious vulnerabilities have been found by a researcher in Secure Mobile Access (SMA) and Secure Remote Access (SRA) appliances made by SonicWall. The vendor has released software updates that patch the flaws. Researchers last year discovered…
|Hackers exploit critical vulnerability found in ~100,000 WordPress sites
|ArsTechnica – Feb 18 2020 20:36
|Pixy Hackers are actively exploiting a critical WordPress plugin vulnerability that allows them to completely wipe all website databases and, in some cases, seize complete control of affected sites. The flaw is in the ThemeGrill Demo Importer installed…
|Zero-Day Vulnerability in ThemeREX Addons Plugin Exploited in the Wild
|Wordfence – RSS – Feb 18 2020 17:58
|Description: Remote Code Execution Affected Plugin: ThemeREX Addons Affected Versions: Versions greater than 1.6.50 CVSS Score: 9.8 (Critical) CVSS Vector:…
|A third of all vulnerabilities in 2019 had a CVSS v2 score of 7.0 and above
|Help Net Security – News – Feb 19 2020 06:00
|Risk Based Security’s VulnDB team aggregated 22,316 newly-disclosed vulnerabilities during 2019, finding that 37.26% had available exploit code or a Proof of Concept and that 33.43% of all vulnerabilities in 2019 had a CVSS v2 score of 7.0 and…
|Ongoing Campaigns
|Banking Trojans and Ransomware — A Treacherous Matrimony Bound to Get Worse
|Security Intelligence – Feb 18 2020 13:10
|The financial malware arena became a mainstream issue a little over a decade ago with the rise of malware like the Zeus Trojan, which at the time was the first commercial banking Trojan available to the cybercrime world. We have come a long…
|Dharma Ransomware Attacks Italy in New Spam Campaign
|BleepingComputer.com – Feb 18 2020 23:43
|Threat actors are distributing the Dharma Ransomware in a new spam campaign targeting Windows users in Italy. […]
|Operation DRBControl: Uncovering a Cyberespionage Campaign Targeting Gambling Companies in Southeast Asia
|Trend Micro – Feb 18 2020 13:27
|Download Uncovering DRBControl: Inside the Cyberespionage Campaign Targeting Gambling Operations In 2019, Talent-Jump Technologies, Inc. reached out to Trend Micro about a backdoor they discovered during an incident response operation. We provided…
