Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing May 21, 2020

Another day, another series of phishing attack campaigns. Security experts have uncovered that threat actors are using cloud services, such as Google Firebase and LogMeIn, to bypass email security. The purpose of these attacks is to pilfer the credentials of users. Another phishing campaign that impersonated the U.S. Supreme Court was also carried out to target high-profile Microsoft Office 365 users.

In different news, Microsoft issued a security advisory to mitigate NXNSAttack vulnerability. It affects DNS servers and can be abused to launch large-scale DDoS attacks. Google has also released Chrome 83 with fixes for 37 vulnerabilities.

Top Breaches Reported in the Last 24 Hours

Toll’s stolen data on sale

Confidential data stolen from the Australia-based Toll Group has made its way onto the dark web. The stolen information contained data related to some of its past and present employees, commercial agreements, and other operational information.

40 million records on sale

A hacker has put up for sale the details of 40 million users registered on the Wishbone app. The data is being sold at a price of 0.85 bitcoin and contains usernames, emails, phone numbers, and physical addresses of users.

Mitsubishi breach under investigation

Japan’s defense ministry is investigating a possible data leak incident that occurred earlier this year at Mitsubishi Electric Corp. The ministry suspects that hackers stole a prototype of a high-speed gliding missile known as HGV. The other stolen information includes sensitive documents sent by several defense equipment makers.

Source code of Ghost kit leaked

The source code of the Ghost DNS exploit kit was uploaded by crooks to a file-sharing platform without any password. This enabled security experts from Avast to take a closer look at the malware. Upon analyzing the code structure, the experts claimed that the tool uses DNS hijacking and keylogging to obtain sensitive information from victims’ machines.

Medical Care data leaked

The operators of Snake ransomware have leaked the personally identifiable information of patients stolen from the Fresenius Medical Care unit, online. It contains patient details from Fresenius Medical Care center in Serbia, which provides dialysis services for people with chronic kidney failure.

Israeli websites defaced

More than 2,000 Israeli websites have been defaced by exploiting a vulnerability in a plugin. Efforts are currently underway to restore all affected sites.

Top Malware Reported in the Last 24 Hours

Phishing attacks

A series of phishing attack campaigns that leverage the reputation of Google Firebase has been found duping victims into handing over their login details. The attack starts with spam emails that encourage recipients to click on a Firebase link included in the email. This redirects the victims to one of the phishing login pages of Outlook, Office 365, or other banking apps.

Another phishing attack

Cybercriminals are sending phishing emails that spoof the U.S. Supreme Court with an aim to collect the login credentials of Office 365 users. The ongoing campaign has so far targeted C-Suite level officers.

Steam phishing campaign

A phishing campaign is underway that targets online gamers by using Steam skins as a lure. The main goal of the threat actors is to steal credentials of ‘Counter-Strike: Global Offensive’ players.

LogMeIn phishing

Phishing emails pretending to be from LogMeIn are alerting recipients to patch a zero-day vulnerability affecting the company’s products. These emails include a link that redirects victims to a phishing page.

Top Vulnerabilities Reported in the Last 24 Hours

VMware addresses a bug

VMware has addressed a remote code execution vulnerability found in its Cloud Director product. The vulnerability, tracked as CVE-2020-3956, can be exploited through the HTML5- and Flex-based UIs, the API Explorer interface, and API access.

Chrome 83 released

Google has released Chrome 83 with fixes for 38 vulnerabilities. Of these, five are high severity flaws, seventeen are medium-severity issues, and five low-risk bugs.

Drupal patches flaws

The latest version of Drupal has been released with patches for cross-site scripting and open redirect vulnerabilities. Both the vulnerabilities are rated as ‘Critical.’

Mitigation for NXNSAttack

Microsoft has released a security advisory to mitigate the NXNSAttack vulnerability that affects DNS servers. The vulnerability could be abused to amplify a single DNS request into a DDoS attack against authoritative DNS servers. The flaw is tracked as CVE-2020-8616.

Related Threat Briefings