19 November 2020

This alert was created automatically by our award-winning intelligence product Silobreaker Online. Story selection is determined by an algorithm and based on a set of queries initially set by a Silobreaker user. Contact us here for more information.

FinServ Cyber
Adult site users targeted with ZLoader malware via fake Java updateBleepingComputer.com – Nov 17 2020 08:28A malware campaign ongoing since the beginning of the year has recently changed tactics, switching from exploit kits to social engineering to target adult content consumers. […]
Back from vacation: Analyzing Emotet’s activity in 2020VRT Blog – Nov 18 2020 16:00By Nick Biasini, Edmund Brumaghin, and Jaeson Schultz. Emotet is one of the most heavily distributed malware families today. Cisco Talos observes large quantities of Emotet emails being sent to individuals and organizations around the world on an…
Bank_Security – A Threat Actor is selling a Remote Code Execution affecting a Payment system working in AU 🇦🇺, NZ 🇳🇱, HK 🇭🇰, PH 🇵🇭… Bank_Security – Twitter – Nov 16 2020 08:29A Threat Actor is selling a Remote Code Execution affecting a Payment system working in AU 🇦🇺, NZ 🇳🇱, HK 🇭🇰, PH 🇵🇭 etc.

Supported payment methods:
– POS terminal
– Unionpay
– WeChat
– Alipay

The actor provided DB Configs and "ls" results…

Bank_Security – A Threat Actor is selling a Remote Code Execution affecting a Payment system working in AU 🇦🇺, NZ 🇳🇿, HK 🇭🇰, PH 🇵🇭… Bank_Security – Twitter – Nov 16 2020 09:07A Threat Actor is selling a Remote Code Execution affecting a Payment system working in AU 🇦🇺, NZ 🇳🇿, HK 🇭🇰, PH 🇵🇭 etc.

Supported payment methods:
– POS terminal
– Unionpay
– WeChat
– Alipay

The actor provided DB Configs and "ls" results…

BleepinComputer – Adult site users targeted with ZLoader malware via fake Java update – @Ionut_Ilascu
BleepinComputer – Twitter – Nov 17 2020 08:30Adult site users targeted with ZLoader malware via fake Java update – @Ionut_Ilascu
hXXps://www[.]bleepingcomputer[.]com/news/security/adult-site-users-targeted-with-zloader-malware-via-fake-java-update/
Cerberus the android banking trojan is activeMalware Analysis & Reports – Nov 18 2020 06:31div class="md"> I'm researching the trojan and have found some interesting research from various sources. Cyberint: …
EduardKovacs – The North Korea-linked Lazarus group has been targeting users in South Korea via a supply chain attack that involve… EduardKovacs – Twitter – Nov 16 2020 18:12The North Korea-linked Lazarus group has been targeting users in South Korea via a supply chain attack that involves software required by government and banking websites….
Evolution of Emotet: From Banking Trojan to Malware DistributorTHN : The Hacker News – Nov 19 2020 11:17Emotet is one of the most dangerous and widespread malware threats active today. Ever since its discovery in 2014—when Emotet was a standard credential stealer and banking Trojan, the malware has evolved into a modular, polymorphic platform for…
FIN7 recruiter Andrii Kolpakov pleads guilty to role in global hacking schemeCyberscoop – News – Nov 17 2020 15:39One of the ringleaders of FIN7, a global hacking crew accused of stealing more than $1 billion by posing as a cybersecurity vendor, has admitted his role in the scheme. Andrii Kolpakov pleaded guilty on Monday to conspiracy to commit wire…
Factories have become a major target for malware attacksE Hacking News – Nov 19 2020 10:03In the third quarter, the industry was attacked by various hacker groups – including RTM and TinyScouts, as well as ransomware operators. For example, according to Positive Technologies, the operators of the Maze ransomware program conducted a…
GossiTheDog – £76m is going to National Cyber Force to blow up Emotet or whatever, though, so silver linings and all that.GossiTheDog – Twitter – Nov 19 2020 11:41£76m is going to National Cyber Force to blow up Emotet or whatever, though, so silver linings and all that.
Holiday Season At Risk From Chaes MalwareIBM X-Force Exchange – Advisory Tag – RSS – Nov 18 2020 20:32Summary Cybereason Nocturnus Team has published a paper identifying an active campaign utilizing a multi-stage malware package called Chaes that is targeting a large e-commerce platform's customers. Threat Type Malware, Campaign, Info-stealer Overview A…
Metacurity – Adult site users targeted with ZLoader malware via fake Java update Metacurity – Twitter – Nov 17 2020 16:16Adult site users targeted with ZLoader malware via fake Java update hXXps://www[.]bleepingcomputer[.]com/news/security/adult-site-users-targeted-with-zloader-malware-via-fake-java-update/#.X7P3Shb39LA.twitter
New skimmer attack uses WebSockets and a fake credit card form to steal dataCyberSecurity Help – Blog – Nov 16 2020 10:07The use of WebSockets is notable because typically skimmer attacks exfiltrate data using XHR requests or HTML tags.
Twitter hires famed hacker to overhaul platform securityNew York Post – Nov 17 2020 18:13Twitter is hiring one of the world’s best-known hackers to secure its platform from security breaches. The social network this week named Peiter Zatko, better known by his hacker handle Mudge, as head of security. Zatko will have a broad mandate to…
URLs Associated with TrickBotIBM X-Force Exchange – Advisory Tag – RSS – Nov 17 2020 16:04Summary A report from Rewterz identifies some URLs which are associated with the TrickBot banking Trojan. Threat Type Malware Overview While TrickBot is itself a modular banking Trojan, it is often used as a dropper for other malware and ransomware such…
abuse_ch – Congratulations to @inmotionhosting for hosting the oldest active Emotet distribution site 👎

alohasoftware .net is… abuse_ch – Twitter – Nov 18 2020 11:54Congratulations to @inmotionhosting for hosting the oldest active Emotet distribution site 👎

alohasoftware .net is spreading Emotet since 2018-04-24 😱 An abuse report has been sent to InMotion more than a year ago but apparently just got ignored…

cyb3rops – Egregor Ransomware prints its ransom note on POS systems in Argentina and Chilecyb3rops – Twitter – Nov 17 2020 08:53Egregor Ransomware prints its ransom note on POS systems in Argentina and Chile
malware_traffic – 2020-11-18 – #IcedID changed the naming pattern for the background.png file saved to the AppData\Local\Temp directo… malware_traffic – Twitter – Nov 19 2020 05:422020-11-18 – #IcedID changed the naming pattern for the background[.]png file saved to the AppData\Local\Temp directory (used a .png instead of .tmp extension), and the IcedID DLL name switched from .dll to .dat as the file extension (1/2)…
threatpost – The Lazarus group is using a new supply-chain #cyberattack against visitors to websites operated by the South Korea… threatpost – Twitter – Nov 16 2020 18:28The Lazarus group is using a new supply-chain #cyberattack against visitors to websites operated by the South Korean #government and financial firms.
hXXps://threatpost[.]com/hacked-software-south-korea-supply-chain-attack/161257/
FinServ Data Breaches
Report: Facebook Credit Card Scam Exposed Via Huge Data LeakMalwareTips.com – Nov 17 2020 06:13Led by Noam Rotem and Ran Locar, vpnMentor’s research team recently uncovered a potentially massive phishing and credit card fraud operation targeting Facebook users. We discovered the… Click to expand……
What to Do After Getting a Data Breach NotificationNew York Times – Nov 18 2020 00:00It often happens like this: An email arrives in your inbox with the subject line “Please reset your password,” or “We’re committed to your security,” or “Notice of a data breach.” Inside is an apology, followed by a promise that the company “takes…
Fraud & Money Laundering
Charges laid over international money-laundering operationWA Today – Nov 18 2020 01:50Two men have been charged as part of ongoing investigations into an international money-laundering operation which resulted in more than $2.3 million dollars of investor money being lost.
Crown Resorts admits money laundering was ‘likely’ happening in VIP gaming operationABC Online – Nov 18 2020 01:53Crown Resorts has for the first time admitted money laundering was likely occurring through accounts set up to handle VIP gaming in its Australian casinos. The NSW Independent Liquor and Gaming Authority (ILGA) inquiry into Crown began in January and…
Crown admits money laundering likely occurred in shell accountsAustralian Financial Review – Nov 18 2020 02:19Crown has admitted to a NSW inquiry that "it was more probable than not" that criminals had laundered money through two of its shell bank accounts, in an 11th-hour reversal of previous statements it made to the investigation. Robert Craig, SC,…
Explosion in digital commerce pushed fraud incentive levels sky-highHelp Net Security – News – Nov 17 2020 04:30A rise in consumer digital traffic has corresponded with a rise in fraud attacks, Arkose Labs reveals. As the year progresses and more people than ever are online, historically ‘normal’ online behavioral patterns are no longer applicable and…
Giving money laundering a whole new meaningTheAge.com – Nov 17 2020 11:00Cashless Apple Pay and Samsung Pay are gaining ground as payment methods of choice, as users embrace digital-wallet phone transactions in record numbers.
Not-So-Sweet Home: Mortgage Wire Fraud Scams ExplodeAvanan – Blog – Nov 18 2020 18:50
Phishing Is A Gateway To Modern Fraud In Today’s Distributed Workplace — Can AI Stop It?Forbes.com – Nov 18 2020 12:16Patrick Harr is CEO of  SlashNext , the authority in phishing protection across all devices. Remote working is part of the new normal, and it’s not going away any time soon. Even before the pandemic, the workforce was becoming increasingly mobile and…
Review: Group-IB Fraud Hunting PlatformHelp Net Security – News – Nov 18 2020 13:00Today’s Internet is a hectic place. A lot of different web technologies and services are “glued together” and help users shop online, watch the newest movies, or stream the newest hits while jogging. But these (paid) services are also constantly…
Tucson banker gets prison for fraud: Must pay back $1.25MThe Washington Times stories: News – Nov 16 2020 19:55TUCSON, Ariz. (AP) – A Tucson banker has been sentenced to nearly two years in prison for defrauding an 82-year-old customer. Federal prosecutors said 38-year-old Jacob Roach was given a 40-month prison term and ordered to pay $1.25 million…
Victoria, WA circle Crown over fresh evidence of money launderingAustralian Financial Review – Nov 19 2020 06:16Victorian regulators have demanded Crown Resorts produce critical documents sparking a concession that "more probably than not" money laundering occurred in shell accounts linked to its Melbourne and Perth casinos as pressure mounts following…

Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal