Cyware Daily Threat Intelligence

Daily Threat Briefing • Aug 25, 2020
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Aug 25, 2020
Attackers have added a new twist to their phishing techniques. They have been spotted using HTML/CSS and Unicode tricks to bypass email security tools meant to block malicious emails. With the advent of these new tricks, getting rid of the rising Office 365 phishing scams may become a difficult task for organizations.
Apart from this new threat, researchers also warned about attacks on e-commerce sites due to vulnerabilities in the “Discount Rules for WooCommerce” plugin. The flaws, described as SQL injection, stored cross-site scripting (XSS), and authorization-related issues, affect plugin versions prior to 2.1.0. Therefore, website owners should update the plugin with the latest version.
A cryptocurrency mining incident that arose due to fake Malwarebytes installation files was also uncovered by security experts. The purpose of the campaign was to distribute XMRig malware onto the infected victim’s machine.
Top Breaches Reported in the Last 24 Hours
Canpar Express attacked
The Canadian shipping company, Canpar Express, fell victim to a ransomware attack on August 19, 2020. Following the attack, the company saw minor disruptions in its internal systems and delivery processes. It is currently assessing the matter and believes that no user data has been affected in the attack.
Hoa Sen Group affected
Maze ransomware gang has claimed its latest attack on the steel sheet giant Hoa Sen Group. The incident came to notice after researchers found documents, stolen from the company, on the dark web. It includes personal data related to employees from the organization.
Top Malware Reported in the Last 24 Hours
Pre-installed Triada malware
Low-cost Android smartphones from Transsion are riddled with pre-installed Triada malware that acts as a software backdoor. It has the capability to execute malicious code after receiving commands from the remote control server. In-depth analysis reveals that Triada also downloads a second malware called xHelper.
Fake Malwarebytes files
Researchers found a new attack campaign where threat actors used fake Malwarebytes installation files to deploy XMRig cryptocurrency miner onto infected PCs. One of these files, named MBSetup2.exe, is an unsigned file that contains malicious DLL files - Qt5Help.dll and Qt5WinExtras.dll - with invalid signatures.
Top Vulnerabilities Reported in the Last 24 Hours
Vulnerable WooCommerce Discounts plugin
E-Commerce websites powered by WordPress and the WooCommerce platform are under attack as attackers exploit vulnerabilities in the “Discount Rules for WooCommerce” plugin. The flaws, described as SQL injection, stored cross-site scripting (XSS), and authorization-related issues, affect plugin versions prior to 2.1.0.
Unpatched Safari flaw
A researcher has disclosed the details of an unpatched vulnerability in Apple’s Safari browser. Discovered in April, the flaw is related to the Web Share API and can allow attackers to steal files from a targeted user’s system. It affects devices running iOS 13.4.1 and 13.6, macOS Mojave 10.14.16 with Safari 13.1, and macOS Catalina 10.15.5 with Safari 13.1.1.
Vulnerable Microsoft Azure
Four vulnerabilities affecting Microsoft Azure Sphere were disclosed in July. Two of these flaws could lead to unsigned code execution and the remaining two result in privilege escalation. The issues were resolved soon after the firm was made aware of them.
Top Scams Reported in the Last 24 Hours
Impersonating BTC Era
Cybercriminals have been found impersonating the well-known BTC ERA trading platform to infect users with malware. The attack relies on a phishing email that purports to be from the BTC Era. It prompts recipients to make a minimum deposit of $250 by clicking on a masked URL that results in multiple redirects before taking them to theverifycheck.com webpage. Researchers believed that the crooks utilized the email marketing provider, Constant Contact, to reach multiple recipients at the same time.