Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Jun 26, 2020

As several organizations prepare to re-open after a lockdown period, threat actors have come up with a new phishing scam that leverages the theme of compliance with coronavirus regulations in the workplace. The campaign targets Office 365 users and includes a fake link to register for COVID-19 training.

Furthermore, web skimmers came up with a new evasion technique with an intention to steal more credit card details. In this attempt, the attackers are hiding a malicious card stealing script in the EXIF data of a favicon image.

Top Breaches Reported in the Last 24 Hours

Breach at Preen.Me

A security breach at social media marketing firm Preen.Me may have affected the personal data of an estimated 100,000 social media influencers. The same breach has also led to the leak of personal information of more than 250,000 social media users on a deep web forum.

OneClass data leak

An unsecured Elasticsearch database belonging to remote learning platform OneClass had exposed information of nearly one million students in North America. The exposed information included full names, email addresses (some masked), schools and universities attended, phone numbers, school, and university course enrollment details.

Top Malware Reported in the Last 24 Hours

Attack campaign

A new attack campaign from a DarkCrewFriends hacker group has been observed by security researchers. The attack chain involves the exploitation of an unrestricted file upload vulnerability to upload a malicious PHP web shell. The malware’s capabilities include launching DDoS attacks, extracting all the services running on the target computer, and executing multiple IRC commands.

Skimming attack evolves

Web skimmers have evolved the attack technique by hiding the malicious card stealing script in the EXIF data of a favicon image. The malicious script is inserted on hacked websites to steal credit card information of users.

New variant of Cryptomining malware

A new variant of the Golang cryptomining malware is targeting both Windows and Linux machines. This new malware variant attacks web application frameworks, application servers, and non-HTTP services such as Redis and MSSQL. It spreads like a worm, searching and infecting other vulnerable machines.

Top Vulnerabilities Reported in the Last 24 Hours

Microsoft Exchange server flaw

Microsoft has warned Exchange customers to patch their servers following the rise in attacks that exploit an Internet Information Service (IIS) vulnerability. The flaw, identified as CVE-2020-0688, can allow attackers to steal credentials of employees and users from compromised servers.

GeoVision patches flaws

GeoVision has patched three of the four critical vulnerabilities impacting its card and fingerprint scanners. The flaws can be exploited to intercept network traffic and stage man-in-the-middle attacks. In total, 6 models of the devices are affected by the flaws.

Top Scams Reported in the Last 24 Hours

Facebook phishing scam

Scammers are using an old tactic to lure Facebook users into clicking on a malicious video link. The scam, which spread through Facebook Messenger like a chain reaction, uses a compromised account to send automatic messages to other persons in the victim’s friends list. The malicious video link includes catchy lines to trick users.

Phishing scam

A new phishing scam has been found targeting Office 365 users under the pretext of providing Coronavirus training. The subject of the email reads as ‘COVID-19 Training for Employees: A Certificate for Health Workplaces.’ It includes a link, wherein the victims are prompted to register to attend the training.

Related Threat Briefings