Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Jun 4, 2020

VPNs are a vital part of the security infrastructure but they can be vulnerable or hackable and can be weaponized against you. Security experts have uncovered a new phishing campaign that attempts to trick Microsoft Office 365 users with fake VPN configuration update requests. The purpose of the campaign is to steal login credentials from users. In a different incident, three fake iOS VPN apps - Beetle VPN, Buckler VPN, and Hat VPN Pro - duped users with high subscription charges without providing the services they claimed.

Cyberespionage campaigns wherein attackers used different obfuscation techniques to target organizations also came to notice in the last 24 hours. While the Ursnif trojan used Excel 4.0 macro to spread laterally across networks, the Metamorfo banking trojan leveraged the DLL hijacking technique to conceal its presence on targeted systems.

Top Breaches Reported in the Last 24 Hours

WordPress sites targeted

Security experts have found a large-scale attack campaign that targeted 1.3 million WordPress sites between May 29 and May 31. The attackers intended to harvest database credentials from these sites by downloading their configuration files.

Netwalker ransomware wreaks havoc

The operators of Netwalker ransomware have claimed to have successfully attacked the University of California San Francisco (UCSF). Following the attack, they have stolen confidential data and encrypted their computers.

SFERS breached

The San Francisco Employees’ Retirement System (SFERS) suffered a data breach that affected the information of approximately 74,000 members. The vendor learned about the incident on March 21, 2020, and had immediately shut down the targeted server to prevent any unauthorized access to its data.

Top Malware Reported in the Last 24 Hours

New Ursnif campaign

Security researchers have discovered a new Ursnif campaign that leverages Excel 4.0 macro to evade detection and propagate across systems. The campaign, which was first observed in January, asks the victims to enable editing and content in written text.

Metamorfo banking trojan

A new Metamorfo campaign that uses legitimate software components to compromise computers has been uncovered by researchers. It uses a DLL hijacking technique to conceal its presence on the system. Furthermore, it also tries to download malicious files from the C2 server including an updated version of itself.

Newly USBCulprit malware

The Cycldek APT group has added a new malware, dubbed USBCulprit, as part of its arsenal. The malware has been deployed against targets in Vietnam, Thailand, and Laos. The primary characteristic of malware is to steal data from the targeted networks. The malware propagates via air-gapped systems.

ZLoader malware campaign

Cybercriminals took advantage of the massive uptick in unemployment across the U.S. to target users with ZLoader malware in a phishing campaign. The malware was distributed via malicious files masquerading as resumes and CVs. The subject lines of these emails read as “applying for a job” or “regarding job.”

Top Vulnerabilities Reported in the Last 24 Hours

Two critical flaws in Zoom patched

Two critical flaws in the Zoom software that could have allowed attackers to hack into the systems of group chat participants remotely have been fixed. Both flaws in question are path traversal vulnerabilities.

Flaws in Firefox 77 patched

Mozilla has issued security updates for eight security flaws found in Firefox 77. Five of them are considered to be high-risk vulnerabilities. Of these five, three are remote code execution vulnerabilities.

Details of flaws in SAP disclosed

Researchers have disclosed the details of six vulnerabilities found in SAP Adaptive Server Enterprise (ASE). These security flaws could allow unprivileged attackers to gain complete control of the database and even the underlying operating system.

Faulty routers

Cisco has disclosed four security flaws affecting router equipment that uses its IOS XE and IOS software. The four flaws are CVE-2020-3227, CVE-2020-3205, CVE-2020-3198, and CVE-2020-3258. The affected routers are Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Routers (CGR1000).

Top Scams Reported in the Last 24 Hours

Fake VPN apps

Three fake iOS VPN apps - Beetle VPN, Buckler VPN, and Hat VPN Pro - that do not provide the services they claim are tricking users with false subscription charges. These apps have been downloaded over 420,000, 271,000, and 96,000 times respectively. With many people turning to VPN apps to protect their data while working remotely, it is important to scrutinize such apps before installing them.

Microsoft Office 365 users targeted

Microsoft Office 365 customers are being targeted by phishing emails impersonating VPN configuration update requests sent by their organizations. So far, the emails have landed in the inboxes of up to 15,000 targets. With this campaign, the scammers intent to steal login credentials from users.

Related Threat Briefings