Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Jul 31, 2020

The detection of new attack techniques indicates the pace at which cyber threats are evolving. In the last 24 hours, security experts came across three new attack techniques, one of which has already been spotted in the wild. The three new attack methods are EMV-Bypass Cloning, Timeless Timing attacks, and Hidden Property Abusing.

While the EVM-Bypass Cloning - massively used this year - relies on creating a duplicate copy of an EVM card by collecting information from the original card’s magnetic stripe, the Timeless Timing attacks rely on the abuse of WPA3 and HTTP/2 protocols to leak sensitive data such as encryption keys, private conversations, and browsing habits.

The newly discovered Hidden Property Abusing technique can allow a remote attacker to exploit Node.js applications by manipulating the hidden properties used to track internal program states.

Top Breaches Reported in the Last 24 Hours

Moderna targeted

According to a U.S. security official, China-backed hackers have targeted a biotech company Moderna Inc. in a bid to steal coronavirus-related vaccine research. Meanwhile, China has rejected the claim of hackers targeting Moderna.

IndieFlix data leak

IndieFlix streaming service has leaked thousands of confidential agreements and social security numbers of filmmakers due to an unsecured Amazon S3 bucket. The bucket contained over 90,000 files related to IndieFlix.

Athens ISD to pay ransom

Athens ISD Board of Trustees has agreed to pay $50,000 in ransom to recover from a ransomware attack. The attack had targeted data stored on district servers, backup systems, and hundreds of computers.

Top Malware Reported in the Last 24 Hours

A new njRAT variant

A new variant of njRAT has been found to be active in the wild. The trojan variant uses scripts, such as PowerShell, to implement memory code execution and steal data. It also includes different obfuscation techniques to evade detection.

Top Vulnerabilities Reported in the Last 24 Hours

EMV-Bypass Cloning

EMV-Bypass Cloning technique that was first discovered in 2008, is being used actively by hackers this year. The attack method allows criminals to create cloned payment cards by copying information from the original EVM cards’ magnetic stripes. As a result, they can conduct fraudulent transactions and purchases.

KDE vulnerability

A vulnerability existing in the ARK extraction utility of the KDE desktop environment can allow attackers to overwrite files and execute code on victims’ computers. The flaw can be triggered by tricking the victim into downloading an archive that contains malicious code.

‘Timeless Timing’ attacks

An attack technique that abuses WPA3 and HTTP/2 protocols has been demonstrated by researchers. Termed as Timeless Timing attacks, it can enable malicious actors into leaking sensitive information such as encryption keys, private conversations, and browsing habits.

Hidden Property Abusing technique

Security researchers have demonstrated a new attack technique that targets properties in Node.js. Dubbed as Hidden Property Abusing, the attack method can allow a remote attacker to exploit Node.js applications by manipulating the hidden properties used to track internal program states.

Top Scams Reported in the Last 24 Hours

Another Office 365 phishing

A new Office 365 phishing campaign is underway that abuses Google Ads to bypass secure email gateways. The purpose of the campaign is to redirect employees of targeted organizations to phishing pages and steal their Microsoft credentials. The phishing emails are sent to employees from compromised accounts. Potential victims are informed of recent policy changes and are asked to accept the changes to be able to continue using services.

Related Threat Briefings