Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Jun 18, 2021

Threat actors are playing peek-a-boo by abusing Google Docs and Drive functionalities in a new phishing campaign. An email containing a link to Google Docs, which is actually a customized HTML page, has been found redirecting victims to a phishing website that steals their credentials. In another instance of malicious redirects, cybercriminals are now maligning the plugins on compromised websites to redirect visitors and website owners to malicious sites.

In another threat, Google has rolled out security updates for a newly found sixth Chrome zero-day vulnerability that is being exploited in the wild. The high-severity use-after-free vulnerability stems from WebGL, a JavaScript API for rendering interactive 2D and 3D graphics within the browser.

Top Breaches Reported in the Last 24 Hours

Eggfree Cake Box affected

Eggfree Cake Box suffered a data breach that resulted in the compromise of the personal and payment data of users. The firm disclosed that its website was hacked in 2020 to include malicious scripts that stole information. Based on the description, it is believed to be a Magecart attack.

Update on Audi data hack

Data stolen from Audi and Volkswagen have been put on sale on a hacking forum. The data was stolen from an exposed Azure Blob container and included contact information of users.

Update on EA hack

A new update on the recent Electronics Art (EA) hack reveals that hackers purchased a cookie for $10 from Genesis dark marketplace which allowed them to log into an EA Slack account. This tricked EA’s IT support team into granting access to the company’s internal network.

Carnival Corporation breached

Carnival Corporation has confirmed a new data breach that allowed hackers to hack into email accounts and gain access to data of its customers and employees. The breach was first detected on March 19. The data accessed includes names, addresses, phone numbers, passport numbers, and health information of users.

Top Malware Reported in the Last 24 Hours

Malicious redirects

Attackers abused the plugin upload functionality in the wp-admin dashboards of compromised WordPress sites to redirect visitors and website owners to malicious sites. The attack makes use of Punycode to hide the malicious payloads.

Top Vulnerabilities Reported in the Last 24 Hours

Google releases another patch

Google has released a new security update for the newly found sixth zero-day flaw that is being exploited in the wild. Tracked as CVE-2021-30554, the high-severity use-after-free vulnerability exists in WebGL, a JavaScript API for rendering interactive 2D and 3D graphics within the browser. Successful exploitation of the flaw could mean corruption of valid data, leading to a crash, and even execution of unauthorized code or commands.

Top Scams Reported in the Last 24 Hours

Fake giveaway scam

Scammers are misusing the name of international shipping company UPS to dupe consumers in a fake giveaway scam. The scam guarantees recipients a Sony PlayStation 5 gaming console in return for completing the online survey on behalf of UPS. The message reads as if recipients are among the lucky winners. The ultimate goal of the scam is to harvest credit card details from users.

Vishing attack

An email campaign that asks victims to call a bogus phone number to suspend fraudulent subscriptions has managed to hit 25,000 mailboxes. The email bypasses native Microsoft email security controls and email security engines like Exchange Online Protection (EOP) to land in corporate inboxes.

Phishing through Google Docs

Threat actors are exploiting Google Docs and Drive to deliver phishing sites to victims. It all starts with a phishing email that includes a link to a Google Docs page, which is actually a custom-made HTML page. Once the victims click on the link, they are redirected to the phishing website where their credentials are then stolen.

WeTransfer applications imitated

A phishing campaign that imitates the legitimate WeTransfer file transfer application is being used to lure users into sharing their credentials. Mimicking the app enables scammers to bypass email security gateways.

Related Threat Briefings