Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Jun 1, 2020

The COVID-19 outbreak has also heightened the risk of more sophisticated cybersecurity incidents. It has been found that the people of Kentucky have fallen victim to a data leak that occurred due to a faulty Pandemic Unemployment Assistance (PUA) program. Prior to Kentucky, the states of Arkansas, Illinois, Colorado, Ohio, and Florida had all separately disclosed the accidental exposure of personal information due to the vulnerable PUA program.

That’s not all. A phishing campaign that used COVID-19 as a lure was also found by security experts. The attackers had sent phishing emails under the pretext of the Family and Medical Leave Act to trick users in downloading two versatile cybercriminal tools: Himera and Absent-Loader.

Top Breaches Reported in the Last 24 Hours

Database of DH leaked

A hacker going by the name of KingNull has leaked online a database belonging to Daniel’s Hosting (DH). The leaked data includes 3,671 email addresses, 7205 account passwords, and 8580 private keys for .onion domains. The database was hacked in a security breach that occurred on March 10, 2020.

NFN attacked

The administration of the Nipissing First Nation (NFN) stopped a massive ransomware attack by shutting down all servers and discontinuing remote access. The attack took place on May 8 and had affected nearly all departments of the administration. However, most of the services remained unaffected due to the quick action by the administrators.

Amtrak resets passwords

The National Railroad Passenger Corporation (Amtrak) disclosed a data breach that led to the compromise of personal information of some Guest Rewards members. The incident was discovered on April 16, 2020, after Amtrak detected unauthorized access to certain Guest Rewards accounts.

Kentucky becomes a victim

Kentucky has become the latest victim of a data leak that occurred due to a vulnerable Pandemic Unemployment Assistance (PUA) program. Although it is not known how many claimants were compromised, Kentucky officials say the risk is low and there have been no reports of identity theft or financial crimes resulting from the incident.

Joomla discloses a data breach

Joomla suffered a security breach after a member of the Joomla Resources Directory (JRD) team had left a full backup of the JRD site on an Amazon S3 bucket. The bucket contained details of roughly 2700 users who had registered and created profiles on the JRD website. The data was available in plain text format.

Top Malware Reported in the Last 24 Hours

Octopus Scanner malware

GitHub has uncovered a new malware that spreads via infected Apache NetBeans repositories. Named as Octopus Scanner, the malware can run on Windows, Linux, and macOS systems and deploy a Remote Administration Tool (RAT) via the GitHub supply chain attack. So far, GitHub has found 26 repositories on its platform that were infected with Octopus Scanner. The malware’s primary goal is to infect a developer’s computer and spread through their Netbeans projects.

Phishing campaign

Researchers have found a new phishing campaign that uses COVID-19 lures to spread Himera and Absent-Loader. The phishing emails are sent under the pretext of the Family and Medical Leave Act to trick users. These emails include a malicious word document designed to disperse the two malicious payloads.

Top Vulnerabilities Reported in the Last 24 Hours

Critical Sign-in bug

A critical Sign-in flaw in Apple could allow an attacker to potentially take over an account with just an email ID. This affects third-party apps that used Sign-in with Apple ID without implementing necessary security measures. The flaw was discovered and patched in April. Meanwhile, Apple has claimed that there was no evidence of accounts being compromised as a result of the flaw.

Related Threat Briefings