Cyware Daily Threat Intelligence

Daily Threat Briefing • Jul 31, 2020
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Jul 31, 2020
The detection of new attack techniques indicates the pace at which cyber threats are evolving. In the last 24 hours, security experts came across three new attack techniques, one of which has already been spotted in the wild. The three new attack methods are EMV-Bypass Cloning, Timeless Timing attacks, and Hidden Property Abusing.
While the EVM-Bypass Cloning - massively used this year - relies on creating a duplicate copy of an EVM card by collecting information from the original card’s magnetic stripe, the Timeless Timing attacks rely on the abuse of WPA3 and HTTP/2 protocols to leak sensitive data such as encryption keys, private conversations, and browsing habits.
The newly discovered Hidden Property Abusing technique can allow a remote attacker to exploit Node.js applications by manipulating the hidden properties used to track internal program states.
Top Breaches Reported in the Last 24 Hours
Moderna targeted
According to a U.S. security official, China-backed hackers have targeted a biotech company Moderna Inc. in a bid to steal coronavirus-related vaccine research. Meanwhile, China has rejected the claim of hackers targeting Moderna.
IndieFlix data leak
IndieFlix streaming service has leaked thousands of confidential agreements and social security numbers of filmmakers due to an unsecured Amazon S3 bucket. The bucket contained over 90,000 files related to IndieFlix.
Athens ISD to pay ransom
Athens ISD Board of Trustees has agreed to pay $50,000 in ransom to recover from a ransomware attack. The attack had targeted data stored on district servers, backup systems, and hundreds of computers.
Top Malware Reported in the Last 24 Hours
A new njRAT variant
A new variant of njRAT has been found to be active in the wild. The trojan variant uses scripts, such as PowerShell, to implement memory code execution and steal data. It also includes different obfuscation techniques to evade detection.
Top Vulnerabilities Reported in the Last 24 Hours
EMV-Bypass Cloning
EMV-Bypass Cloning technique that was first discovered in 2008, is being used actively by hackers this year. The attack method allows criminals to create cloned payment cards by copying information from the original EVM cards’ magnetic stripes. As a result, they can conduct fraudulent transactions and purchases.
KDE vulnerability
A vulnerability existing in the ARK extraction utility of the KDE desktop environment can allow attackers to overwrite files and execute code on victims’ computers. The flaw can be triggered by tricking the victim into downloading an archive that contains malicious code.
‘Timeless Timing’ attacks
An attack technique that abuses WPA3 and HTTP/2 protocols has been demonstrated by researchers. Termed as Timeless Timing attacks, it can enable malicious actors into leaking sensitive information such as encryption keys, private conversations, and browsing habits.
Hidden Property Abusing technique
Security researchers have demonstrated a new attack technique that targets properties in Node.js. Dubbed as Hidden Property Abusing, the attack method can allow a remote attacker to exploit Node.js applications by manipulating the hidden properties used to track internal program states.
Top Scams Reported in the Last 24 Hours
Another Office 365 phishing
A new Office 365 phishing campaign is underway that abuses Google Ads to bypass secure email gateways. The purpose of the campaign is to redirect employees of targeted organizations to phishing pages and steal their Microsoft credentials. The phishing emails are sent to employees from compromised accounts. Potential victims are informed of recent policy changes and are asked to accept the changes to be able to continue using services.