Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Jan 26, 2021

Microsoft Office 365, a favorite attack channel, is reaping fortunes for phishers again. An ongoing phishing campaign that delivers fake Office 365 password expiration reports is targeting C-Suite executives with an aim to pilfer their credentials. The targets include CEOs, CFOs, and employees in the finance department across different sectors.

Apart from high-level executives, security researchers are also on the radar of cybercriminals. A report reveals that North Korea-based threat actors have been secretly planting backdoor on the computer systems of several security experts to steal confidential data of companies.

Top Breaches Reported in the Last 24 Hours

Cook county leaks data

Over 320,000 court records belonging to Cook county had leaked due to a misconfigured database. The records included full names, home addresses, email addresses, case numbers, and private notes. The exposed database was secured after being exposed for two days.

Palfinger targeted

Palfinger, a global leader in crane and lifting manufacturing, has been targetted by a cyberattack that impacted its IT infrastructure. Currently, the company is yet to ascertain the scope of the attack.

Misconfigured Elasticsearch

A misconfigured Elasticsearch server had exposed nearly 23 million records belonging to over 60,000 gamers from feature games such as Hearts, Crazy Eights, Euchre, Rummy, Dominoes, Backgammon, Ludo, and Yatzy. The leaked data included usernames, email addresses, IP addresses, hashed passwords, Facebook, Twitter, and Google IDs.

Security researchers targeted

North Korea-based hacker group has been found targeting security researchers that are working on vulnerability research at different companies and organizations. The approach involves creating a blog on publicly disclosed vulnerabilities and contacting the security researchers directly through fake Twitter, LinkedIn, Telegram accounts.

Top Vulnerabilities Reported in the Last 24 Hours

CrowdStrike releases PoC for a flaw

CrowdStrike has issued PoC for a vulnerability tracked as CVE-2020-1678. The flaw can allow an attacker to relay NTLM authentication sessions and then execute code remotely. Using a printer spooler MSRPC interface.

Flawed TikTok

A security flaw in TikTok that could have allowed attackers to steal users’ private personal information has been fixed by ByteDance. To exploit the bug, the attackers would have to create a list of devices, a list of session tokens, and more.

Top Scams Reported in the Last 24 Hours

Phishers target C-Suite executives

An ongoing phishing campaign is targeting C-Suite executives across finance, government, manufacturing, real estate, and technology sectors with an intent to steal their credentials. The campaign has so far claimed victims in Japan, the U.S, U.K., Canada, Australia, and several European countries. Additionally, the phishers have managed to compromise 40 legitimate email addresses of CEOs, directors, company founders, and owners, as well as those of other enterprise employees.

COVID-19 vaccine phishing attack

Another active phishing campaign that pretends to be from the UK’s National Health Service (NHS) is found targeting U.K. citizens. The emails are sent with subject lines ‘IMPORTANT - Public Health Message| Decide whether if you want to be vaccinated’, to create a sense of emergency among recipients.

Related Threat Briefings