Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Jul 21, 2020

Another day, another series of phishing attack campaigns. After hijacking high-profile Twitter accounts, scammers have now impersonated the Bill & Melinda Foundation to conduct a bitcoin scam. It is executed through phishing emails that prompt recipients to make small investments in return for high returns.

In a different incident, threat actors were found pitching a subscription renewal for Microsoft Office as a bait to steal targeted users’ credentials. In this case, the phishing emails were designed to appear as legitimate notices from Microsoft.

Top Breaches Reported in the Last 24 Hours

Sensitive health information published

Over 400 webpages containing sensitive health information of several West Australians have been published on a public forum related to the management of the COVID-19 crisis in the state. These pages include details of people in quarantine, phone numbers, addresses, and the method of their case management.

Lorien Health Services affected

Lorien Health Services in Maryland announced a ransomware attack incident that occurred in June. The attack was carried out by Netwalker operators, who leaked the information after the nursing home refused to pay the ransom. The leaked data included residents’ names, social security numbers, dates of birth, addresses, and health diagnoses.

VPN providers leak data

Seven VPN providers have leaked 1.2 terabytes of private data, which belongs to nearly 20 million users, due to a misconfigured server. The exposed data includes the users’ email and home addresses, clear text passwords, and IP addresses. The seven affected VPN providers are UFO VPN, FAST VPN, FREE VPN, SUPER VPN, Flash VPN, Secure VPN, and Rabbit VPN.

Family Tree Maker software data leak

An unsecured Elasticsearch server belonging to the Family Tree Maker software has exposed 25GB of its user data. Among the data leaked to the public-facing internet are email addresses, geolocation data, IP addresses, system user IDs, support messages, and technical details.

Blackbaud pays ransom

Cloud software provider Blackbaud has admitted to paying a ransom following an attack in May 2020. According to the firm, the attackers did not access credit card data, bank account information, or social security numbers. Even so, the company decided to pay the cybercriminals to delete the data that was exfiltrated during the incident.

DeepSource resets passwords

DeepSource has reset logins following a potential spear-phishing attack by Sawfish operators. The attackers intended to steal employees’ credentials using a phishing page that mimicked GitHub’s login page.

Top Vulnerabilities Reported in the Last 24 Hours

PoC for critical RCE flaw released

Security experts have released the Proof-of-Concept for a recently discovered ‘wormable’ remote code execution flaw that affects the Windows DNS Server service. Identified as CVE-2020-1147, the flaw is triggered when the software fails to check the source markup of XML file input. The issue was patched by Microsoft in July 2020 Patch Tuesday.

Adobe releases updates

Adobe has released security updates to address twelve critical vulnerabilities in its Photoshop, Prelude, and Bridge. The flaws could allow attackers to execute arbitrary code on Windows devices.

Top Scams Reported in the Last 24 Hours

Bill & Melinda Foundation impersonated

Scammers have impersonated Bill & Melinda Gates Foundation in a new bitcoin scam that is carried through phishing emails. The email is sent from the domain, gatesfoundatlon[.]com, that resembles the institution’s legitimate site. It promises the recipients of high returns in bitcoins for a small investment.

**Microsoft Office phishing **

Researchers have come across two phishing attacks that use a subscription renewal as the pitch to trap unsuspecting users. Both the attacks impersonate actual notices from Microsoft and are aimed at stealing sensitive information from Microsoft Office 365 users.

Related Threat Briefings