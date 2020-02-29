Daily Alert – 29 February 2020
|Heat – Trending Malware and Threat Actors
|Name
|Heat 1
|Heat 7
|Vol 1
|Vol 7
|GhostCat-3PC Malware
|8
|8
|Carbanak
|4
|5
|Ostap Downloader
|3
|3
|Sodinokibi Ransomware
|4
|7
|Nemty Ransomware
|3
|7
|Trickbot Malware
|6
|11
|Magecart Group
|3
|8
|Buran Ransomware
|2
|2
|Domen Toolkit
|2
|2
|Gudwin Backdoor
|2
|2
|Data Breaches
|The Week in Ransomware – February 28th 2020 – Data Leaks Everywhere
|BleepingComputer.com – Feb 28 2020 23:47
|Over the past two weeks, we continue to see small towns, fire departments, hospitals, and companies being attacked by ransomware. […]
|NC: Data breach exposed some Lincoln County Schools workers’ private information
|Office of Inadequate Security – Feb 29 2020 00:40
|WSOC-TV reports: Some Lincoln County Schools workers’ private information has been exposed in a data breach. The company…
|100 data breaches made during UK’s handling of the EU Settlement Scheme
|IT Pro UK – Feb 28 2020 14:46
|Home Office in breach of GDPR with reports of misplaced ID documents
|More Than 140GB of Data Exposed by Israeli Marketing Company
|Security Bloggers Network – Feb 28 2020 13:35
|An Israeli marketing company exposed more than 140GB of data by mishandling the credentials for an Elasticsearch database. A San Diego-based DevOps engineer who uses the Twitter handle 0m3n detected the disclosure after they grew tired of…
|Hacker Groups
|TA505 hacking crew spent much of 2019 trying to breach South Korea’s financial sector
|Cyberscoop – News – Feb 28 2020 22:02
|A gang of hackers with a long history of financially motivated attacks increased its targeting of businesses in South Korea last year, using a combination of malicious attachments and ransomware to haunt victims, according to new findings. R…
|Expert Comments On Online Printing Platform Suffering MageCart Breach
|Information Security Buzz – Feb 28 2020 12:01
|For the past 30 months, an online printing platform with a cover store for well-known magazines has been constantly infected with malicious scripts that steal customer payment card data. At least 18 skimmers or sniffers – scripts that copy…
|FIN7 Targets New Windows 10 Functionality
|Security Bloggers Network – Feb 28 2020 18:00
|Over the past few weeks, Morphisec Labs researchers identified a couple dozen documents that execute the GRIFFON javascript delivery backdoor. Following our investigation, we identified a high similarity to FIN7's attack methodology. The…
|CyberCrime – W/E – 2/28/20
|Tech-Wreck InfoSec Blog – Feb 28 2020 12:26
|Malware
|How Much Money Did WannaCry Make? WannaCry was the fastest spreading ransomware ever created.
|Reverse Engineering – Feb 28 2020 07:05
|submitted by /u/Samiullah878778 [link]…
|Beware secret lovers spreading Nemty ransomware
|Security Bloggers Network – Feb 28 2020 14:15
|Digital attackers are sending around love-themed malicious emails in an attempt to infect recipients with the Nemty ransomware. If you’ve been kicking around in the world of IT security for more years than you’d like to admit, then…
|Domen toolkit gets back to work with new malvertising campaign
|Malwarebytes Labs Blog – Feb 28 2020 17:54
|Last year, we …
|Ghostcat bug impacts all Apache Tomcat versions released in the last 13 years
|ZDNet Security – Feb 28 2020 14:34
|Ghostcat vulnerability can allow hackers to read configuration files or plant backdoors on Tomcat servers.
|Vulnerabilities
|Cisco addresses vulnerabilities in FXOS, UCS Manager and NX-OS Software
|Security Affairs – Feb 28 2020 10:33
|Cisco released security patches for 11 vulnerabilities in its products, including the Cisco UCS Manager, FXOS, and the NX-OS software. The most severe vulnerabilities, rated as high severity, affect FXOS and NX-OS that could be exploited by an…
|Apache Tomcat Affected by Serious ‘Ghostcat’ Vulnerability
|Security Week – Feb 28 2020 20:07
|A serious vulnerability affecting Apache Tomcat can be exploited to read files from a server and in some cases even to achieve remote code execution. Dubbed and tracked as CVE-2020-1938, the flaw was discovered by researchers at Chinese cybersecurity…
|Intel Patched Over 230 Vulnerabilities in Its Products in 2019
|Security Week – Feb 28 2020 13:07
|Intel patched over 230 vulnerabilities in its products last year, but less than a dozen impacted its processors, according to the company’s 2019 Product Security Report. Intel said it learned of 236 vulnerabilities in 2019, including 144 discovered…
|Exploitation, Phishing Top Worries for Mobile Users
|Dark Reading: – Feb 28 2020 16:35
|Reports find that mobile malware appears on the decline, but the exploitation of vulnerabilities along with phishing has led to a rise in compromises, experts say.
|Ongoing Campaigns
|New Cloud Snooper Attack Could Bypasses Firewall Security Measures
|LIFARS Blog – Feb 28 2020 14:00
|By investigating malware infections of cloud infrastructure servers hosted in the Amazon Web Services (AWS) cloud, researchers found a sophisticated attack dubbed Cloud Snooper. The…
|Trickbot Delivery Method Gets a New Upgrade Focusing on Windows 10
|Security Bloggers Network – Feb 28 2020 18:00
|…
