Cyware Daily Threat Intelligence

Daily Threat Briefing • Jun 18, 2020
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Jun 18, 2020
The cyber risk landscape is rapidly evolving as threat actor groups continue to launch sophisticated cyberespionage campaigns with a myriad of malicious intentions. In the last 24 hours, researchers discovered a new phishing campaign that targeted Microsoft Office 365 users. The attack involved several evasion techniques including the use of Adobe Campaign server located on Samsung’s domain.
A new variant of the Shlayer macOS malware was also found leveraging poisoned Google search results to lure victims. The malware variant was distributed as a fake Adobe Flash Player installer. In addition to this, new details about the notorious Turla group have emerged in the past 24 hours. It has been found the group had exploited vulnerabilities in VirtualBox driver to spread an advanced malware dubbed AcidBox.
Top Breaches Reported in the Last 24 Hours
Cognizant confirms data breach
Cognizant revealed that Maze ransomware attackers have pilfered a limited amount of data from its systems. The attack had occurred between April 9 and 11, 2020. The compromised data includes social security numbers, tax identification numbers, financial account information, and driver’s license numbers.
Top Malware Reported in the Last 24 Hours
Phishing campaign
A phishing campaign, launched in April 2020, had targeted Microsoft Office 365 users in European, Asian, and Middle East countries. The attackers were found delivering ‘missed voice message’ emails to redirect recipients to a phishing page masquerading as the Office 365 page. The redirection mechanism was carried out via an Adobe Campaign server located on Samsung’s domain.
New version of Shlayer malware
A new variant of Shlayer Mac malware has been spotted in the wild. It is delivered as a DMG disk image, masquerading as an Adobe Flash Player installer. The new version uses poisoned Google search results to lure victims and stealthily infect their system. Researchers believe that other search engines, such as Bing, Yahoo, and DuckDuckGo, are also susceptible to the tactic.
AcidBox malware uncovered
Researchers found that the Turla threat actor group had abused vulnerabilities in VirtualBox driver to spread an advanced malware dubbed AcidBox. The malware was used twice against Russian organizations in 2017.
Top Vulnerabilities Reported in the Last 24 Hours
Cisco fixes flaws
Cisco has fixed two severe flaws affecting its Webex Meetings for Windows and macOS. The flaws are tracked as CVE-2020-3263 and CVE-2020-3342. They can be abused to allow unprivileged attackers to run malicious programs and code on vulnerable machines.
Netgear router flaw
A zero-day vulnerability found in Netgear routers can allow hackers to bypass the authentication process and steal victims’ data from their laptops. The flaw arises from the way routers handle incoming data. It impacts the version of Netgear firmware dating back to 2007.
Flawed remote USB protocol
An unpatched vulnerability, identified as CVE-2020-9332, has been residing in a USB protocol developed by FabulaTech that is used in its “USB for Remote Desktop” software. The flaw can be used by attackers to elevate privileges on a target machine by adding fake devices. The protocol is used by a large number of high-profile organizations, such as Google, Microsoft, Texas Instruments, BMW, MasterCard, Intel, and Xerox.