Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Aug 31, 2020

The popularity of social media platforms among billions of users makes it a favorite phishing channel for cybercriminals. One such phishing campaign that disguises as the Instagram Help Center has come to light in the last 24 hours. Executed by a Turkish-speaking cybercriminal group, the campaign, so far, has targeted hundreds of celebrities, startup business owners, and other entities. The ultimate purpose of the campaign is to steal email credentials from victims.

Meanwhile, Cisco has published an advisory about attack attempts on its IOS XR software. For this, the attackers are exploiting a vulnerability in the software that can lead to a denial of service condition.

New details about Emotet’s latest spam campaign have also emerged lately. The operators of the botnet have shifted from Coronavirus-themed lures and are now using the ‘Red Dawn’ template to infect users.

Top Breaches Reported in the Last 24 Hours

Selma Unified attacked

Selma Unified School District has suffered a ransomware attack. Currently, it is unclear what has been damaged in the attack but the officials claim that no data was stolen in the incident.

NZX hit again

The New Zealand Stock Exchange was hit for the fifth time on Monday, crashing its website. However, the firm maintained its trading after switching to a contingency plan. Authorities believe the attacks were conducted by state-sponsored attackers.

Utah Pathology Services affected

Personal information of approximately 112,000 patients was affected in a data breach at Utah Pathology Services. The exposed data included dates of birth, gender, mailing addresses, email addresses, phone numbers, and diagnostic information of patients.

Top Malware Reported in the Last 24 Hours

Malicious JavaScript library

The npm security team removed a malicious JavaScript library ‘fallguys’, which was designed to steal sensitive files from a victims’ browser and Discord application, from the npm repository. The package was available on the repository for two weeks and was downloaded nearly 300 times. Every project that integrated the malicious library, was infected with the malicious fallguys code.

Emotet’s new template

The Emotet botnet has begun using a new template named ‘Red Dawn’ to infect users in a massive spam campaign. The Red Dawn template displays the message ‘This document is protected’ and urges recipients to click on ‘Enable Editing’ and ‘Enable Content’ to access the content.

Top Vulnerabilities Reported in the Last 24 Hours

Cisco warns about attacks

Cisco has warned that attackers are actively attempting to exploit a vulnerability in its IOS XR software used in carrier-grade routers. The flaw, tracked as CVE-2020-3566, resides in the Distance Vector Multicast Routing Protocol (DVMRP) feature of the software. The exploitation of the flaw can lead to a denial of service condition.

Top Scams Reported in the Last 24 Hours

Instagram phishing scam

Turkish-speaking cybercriminals have been found targeting Instagram users with an aim to steal their email credentials. The scam involves attackers sending legitimate messages to victims under the name of the Instagram Help Center and claiming that a copyright violation complaint has been filed against their accounts. The message includes a link that masquerades as a form for sending an appeal but is actually a phishing link. So far, the campaign has targeted hundreds of celebrities, startup business owners, and other entities.

Related Threat Briefings