From Security Weekly WikiJump to navigationJump to search
- New APT Group XDSpy Targets Belarus and Russian-Speakers XDSpy, also known as CLOCKJUMP, targeting select victims in Ukraine, Belarus, Moldova, and Russia.
- Emotet Emails Strike Thousands of DNC Volunteers A new, politically charged "Emotet" spear-phishing campaign, claiming to be from the DNC, is being conducted by TA542 has been spotting distributing emails to hundreds of organizations in the U.S. to steal credentials.
- Flaws in Leading Industrial Remote Access Systems Allow Disruption of Operations Six vulnerabilities (CVE-2020-11641, CVE-2020-11642, CVE-2020-11643, CVE-2020-11644, CVE-2020-11645, and CVE-2020-11646) affecting B&R Automation's SiteManager and GateManager industrial site access systems that could be exploited by attackers to prevent access to industrial production floors, hack corporate networks, alter data, and steal sensitive intellectual property (IP).
- US Govt Warns of Sanction Risks for Facilitating Ransomware Payments OFAC rules apply here. Mitigate punitive actions by not only reporting to and cooperating with law enforcement but also use a documented risk based approach on decisions to pay.
- SLOTHFULMEDIA RAT, a New Weapon in the Arsenal of a Sophisticated Threat Actor a new dropper dubbed "SLOTHFULMEDIA" that has been spotted being used in attacks targeting organizations in India, Kazakhstan, Kyrgyzstan, Malaysia, Russia, and Ukraine.
- Ransomware Vaccine Intercepts Requests to Erase Shadow Copies new ransomware vaccine dubbed "Raccine" that stops certain ransomware families that are leveraging "vssadmin.exe" from hindering data recovery and erasing shadow copies by making a registry key change and killing the parent process for anything running vssadmin.
- Boom! Hacked Page on Mobile Phone Website Is Stealing Customers’ Card Data Another instance of threat actors leveraging web skimmers (aka "sniffers") to target card-not-present (CNP) data. In this instance, the site was reportedly using PHP 5.6.40, a version that hasn’t been supported since January 2019.
- New HEH Botnet Wipes Devices Potentially Bricking Them Botnet dubbed "HEH" that is capable of wiping all data from infected Internet of Things (IoT) devices, routers, servers, and other devices has been spotted spreading via brute-force attacks against Internet-connected systems with SSH ports 23 and 2323 exposed online.
- Years-Long 'SilentFade' Attack Drained Facebook Victims of $4M Facebook has released details about a wide-spread Chinese ad-fraud cyber attack in which hackers have leveraged the "SilentFade" malware to steal some $4 million USD from users' advertising accounts since 2016.