Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Apr 27, 2020

Turns out that attackers are making the utmost use of the COVID-19 crisis to fuel their malicious activities. Lately, researchers have uncovered that threat actors are preying on small businesses seeking COVID-19 disaster relief funds, announced by the US government, to spread Remcos RAT. In this attempt, they have spoofed the official website of the US Government Small Business Administration (SBA) to trick the victims.

Meanwhile, it has also come to notice that scammers are impersonating the World Health Organization’s (WHO) officials to trick users into making fake donations. The scammers behind the campaign ask the recipients to use ‘Bitcoin Network’ in order to transfer the fund.

A major security update for a widely abused zero-day SQL injection vulnerability was also released by Sophos in the last 24 hours. The vulnerability affects the XG enterprise firewall product.

Top Breaches Reported in the Last 24 Hours

Nintendo’s users affected

Nintendo Network ID (NNID) has begun resetting passwords following a cyberattack that affected as many as 160,000 accounts. The attack had allowed unauthorized third-parties to view personal information including names, dates of birth, gender, country, and email addresses.

WhiskyAuctioneer.com attacked

A record-breaking online auction of rare whiskeys has been postponed indefinitely after being targeted in a cyberattack. The website ‘WhiskyAuctioneer.com’ had sustained a malicious attack on April 21. An investigation to understand the extent of the attack is underway as the website is made offline.

Top Malware Reported in the Last 24 Hours

Cyberattacks on the water sector

The Israeli government has issued an alert to organizations in the water sector following a series of cyberattacks. This had affected supervisory control and data acquisition (SCADA) systems at wastewater treatment plants, pumping stations, and sewage facilities. In the wake of these attacks, organizations have been advised to immediately change the passwords of internet-accessible control systems, reduce internet exposure, and ensure that all control system software is up to date.

SBA portal spoofed

Attackers spoofed the US Government Small Business Administration (SBA.gov) website with an aim to deliver Remcos RAT. The campaign was carried out through phishing emails that included subjects and attachments related to the need for disaster relief loans for small businesses due to the ongoing COVID-19 pandemic.

Top Vulnerabilities Reported in the Last 24 Hours

Microsoft patches account takeover flaw

Microsoft Teams has patched an image-based account takeover vulnerability that could be used to scrape users’ data and ultimately take over an organization’s entire roster of Teams accounts. The issue, that is exploited using a GIF file, impacts the desktop and web browser versions of Microsoft Teams.

Sophos patches a zero-day flaw

Sophos has released an emergency security update to patch a zero-day SQL injection vulnerability in its XG enterprise firewall product that was being abused in the wild by attackers. In one of the attacks, the flaw was abused to download a malicious payload on XG Firewall devices and steal sensitive data.

Top Scams Reported in the Last 24 Hours

Scammers impersonate WHO officials

Scammers are impersonating World Health Organization’s (WHO) officials with an aim to steal funds from users in the name of donations to the organization. To do so, scammers are sending emails to individuals asking them to use ‘Bitcoin Network’ and donate to their wallet address. A close look at the Bitcoin wallet address reveals that scammers are using two wallets to run the campaign. One wallet accepts Bitcoin payments while the other counts on Bitcoin Cash.

Related Threat Briefings