Cyware Daily Threat Intelligence

Daily Threat Briefing • Jun 17, 2020
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Jun 17, 2020
The last 24 hours witnessed a sophisticated spamdexing campaign used to distribute malware and scams. Cyber crooks are leveraging the attack method to push fake data breach notifications for big companies, such as Chegg, EA, and Canva, among others. These notifications redirect users to malicious links.
Furthermore, researchers have found a highly-targeted BEC attack campaign associated with the Lazarus group. Termed as ‘Operation In(ter)ception’, the campaign was carried out by attackers posing as recruiters from Collins Aerospace and General Dynamics (GD). They targeted executives in European organizations in an attempt to steal information and money.
Top Breaches Reported in the Last 24 Hours
Misconfigured S3 bucket
An unsecured Amazon S3 bucket belonging to Ariix Italia was taken offline after it exposed over 36,000 documents, including scans of national IDs, credit cards, and health insurance cards. The buckets also contained personal information such as full names, addresses, tax identification numbers, and signatures of Italian citizens.
MaxLinear hit
Chipmaker, MaxLinear, has suffered an attack by Maze ransomware, leading to the failure of some of its systems. Additionally, hackers have released some proprietary information about the company online.
DraftKings discloses an attack
DraftKings disclosed that SBTech was hit by ransomware on March 27, 2020. This had disrupted the operations of the sports betting and iGaming services. Following the attack, SBTech had informed relevant regulatory authorities and notified affected customers.
Top Malware Reported in the Last 24 Hours
Cryptocurrency mining
As a part of a DLL hijack attack, from May, attackers were found leveraging two legitimate vendor applications - CrystalBit and Apple - to mine cryptocurrencies. The actors abused the APSDaemon vulnerability in these apps to evade detection during the infection process.
Fake data breach notifications
Cybercriminals have been found using specific search keywords to push fake data breach notifications for companies such as Chegg, EA, Canva, Dropbox, Hulu, Ceridian, Shein, PayPal, Target, Hautelook, Mojang, InterContinental Hotels Group, and Houzz. The ultimate goal of the attackers is to distribute malware and launch scams.
Operation In(ter)ception
Researchers have detected a highly-targeted cyber espionage campaign, ‘Operation In(ter)ception,’ linked with the North Korea-based Lazarus threat actor group. As part of the campaign, the attackers impersonated Collins Aerospace and General Dynamics (GD) to target people working in sales, marketing, tech, and admin roles in different European organizations. The attack was carried out by contacting the executive via LinkedIn.
Top Vulnerabilities Reported in the Last 24 Hours
Adobe releases patches
Adobe has released out-of-band security updates to address 18 critical flaws affecting its After Effects, Illustrator, Premiere Pro, Premiere Rush, and Audition products. All of these flaws are rated as ‘Critical’ and can lead to arbitrary code execution following successful exploitation.
VLC’s issue fixed
VideoLan has released VLC Media Player 3.0.11 with fixes for several security issues that could allow attackers to remotely execute commands or crash VLC on a vulnerable computer. The flaw is a buffer overflow vulnerability and tracked as CVE-2020-13428. It can be exploited by tricking a user into opening a specially-crafted file with VLC.
Plex fixes bugs
Plex has patched three vulnerabilities affecting its Media Server for Windows. These flaws could enable attackers to take full control of the systems using the software. The three vulnerabilities are tracked as CVE-2020-5740, CVE-2020-5741, and CVE-2020-5742.