Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Mar 24, 2021

Phishers are finding success in using compromised accounts to send malicious emails. As if this is not enough, they are now leveraging legitimate services to stay under the radar. These two conditions have proved favorable for a phishing campaign dubbed ‘Compact’ that has been active since 2020. Having got hold of more than 400,000 Office 365 Outlook Web Access credentials, the phishers are in the process of expanding the campaign by using Amazon Simple Email Service (SES) and the Appspot cloud computing platform.

The new Purple Fox’s worm-like capabilities are turning out to be a danger for Windows machines. The malware is being spread through indiscriminate port scanning and exploitation of exposed SMB services with weak passwords and hashes. Adding more troubles for online users, two dozen malicious Chrome browser extensions and 40 associated malicious domains have been discovered distributing adware with an aim to steal credentials.

Top Breaches Reported in the Last 24 Hours

Forex Broker

Over 20TB of sensitive data belonging to Forex Broker was leaked online due to an unprotected Elasticsearch database. The database contained over 16 billion records of customers’ personally identifiable information.

**Attack on Flagstar Bank **

Michigan-based Flagstar Bank reportedly fell victim to a ransomware attack in January this year. Following the attack, the ransomware operators not only encrypted the database but also, siphoned banking data that includes social security numbers. In another incident, Stratus Technologies disclosed a ransomware attack that forced the company to take the systems offline.

Hobby Lobby exposes data

Arts and crafts retailer Hobby Lobby has suffered a cloud-bucket misconfiguration, exposing ** **

138GB of sensitive information of around 300,000 customers. The exposed details include customers’ names, partial payment card details, phone numbers, and email addresses.

6.5 million Israel citizens affected

A threat actor calling itself ‘The Israeli Autumn’ took credit for leaking registration and personal details of millions of Israeli citizens. The details include full names, phone numbers, ID card numbers, home addresses, gender, age, and political preferences.

Honeywell’s IT systems disrupted

Industrial giant Honeywell revealed that some of its IT systems were disrupted as a result of malware attacks. Although an investigation into the incident is ongoing, Honeywell stated it has found no evidence of data being exfiltrated from systems.

University of Colorado’s data leak

The Clop ransomware group has posted online sensitive data belonging to students of the University of Colorado and patient data of University of Miami patient data. The universities are victims of a breach that affected Accellion FTA servers.

Top Malware Reported in the Last 24 Hours

Malicious Chrome extensions

Researchers have discovered two dozen malicious Chrome browser extensions and 40 associated malicious domains that are being used to distribute adware on victim systems. The adware is designed to steal credentials or quietly redirect victims to malicious sites.

Purple Fox malware evolves

An upgraded variant of Purple Fox malware with worm capabilities has been found to be deployed in an ongoing attack campaign. The malware is being spread through indiscriminate port scanning and exploitation of exposed SMB services with weak passwords and hashes. The malware targets Microsoft Windows machines and repurposes compromised systems to host malicious payloads.

Top Scams Reported in the Last 24 Hours

Compact phishing campaign

A phishing operation dubbed ‘Compact’ that has been active since early 2020 has now expanded to abuse new legitimate services—Amazon Simple Email Service (SES) and the Appspot cloud computing platform—to bypass secure email gateways. By the end of December, scammers managed to pilfer more than 400,000 Office 365 Outlook Web Access credentials. The phishing emails are sent on the pretext of notifications from video conferencing services, various security solutions, and productivity tools. The campaign also leverages compromised accounts for SendGrid and MailGun email delivery services to evade detection.

Related Threat Briefings