Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Nov 7, 2019

Threat actors have found a new phishing tool in the form of web analytics to measure metrics of their phishing campaigns. They are misusing third-party analytic products developed by Google, Bing, and Yandex to collect technical data such as OS type, geo-location, browser type, etc. With this new tactic, cybercriminals aim to optimize their phishing efforts.

Talking about malware, researchers have uncovered a new variant of Emotet that includes a variety of obfuscation techniques that are already used by TrickBot. The past 24 hours also saw the return of NanoCore RAT which is distributed via a specially crafted ZIP file.

Google has also come up with a series of security updates for vulnerabilities found across multiple components of Android. A total of 40 vulnerabilities that could lead to code execution, escalation of privileges, information disclosure have been fixed as a part of November 2019 Android Security Bulletin.

Top Breaches Reported in the Last 24 Hours

Alfa bank data breach

The data of Alfa-Bank credit cardholders, as well as Alfa Insurance customers, was put up for sale on the Darknet. The incident has affected 3,500 Alfa-Bank customers and about 3,000 Alfa Insurance customers. The compromised information included full names, phone numbers, passport data, registration addresses, and insurance details of individuals.

Veritas Genetics suffers a breach

DNA-testing firm Veritas Genetics has experienced a security breach that included customer information. The incident occurred after a hacker gained unauthorized access to the firm’s web portal. The company said that the portal didn’t contain genetic data, DNA-test results, or health records.

Top Malware Reported in the Last 24 Hours

Predator The Thief malware

A phishing campaign has been found targeting employees in the insurance and retail industries with malware named Predator The Thief. This information-stealing malware is sent via a phishing email that impersonates the UK Ministry of Justice. The email asks victims to comply with the subpoena notice in 14 days by clicking on an attached URL.

NanoCore RAT

Researchers have uncovered that attackers are using a specially crafted ZIP file to bypass secure email gateways to distribute the NanoCore RAT. The file is distributed via a spam email pretending to be shipping information from an Export Operation Specialist of USCO Logistics.

Emotet upgraded

Emotet has returned with upgraded functions in a new wave of attacks. Researchers have found that the trojan now includes a number of obfuscation techniques that are already used by Trickbot. The authors have also included a new list of words to generate process names and keep track of installed modules.

Web analytics as phishing tools

Cybercriminals are leveraging key technical makers used in Google Analytics to measure the effectiveness of phishing campaigns. Apart from Google Analytics, threat actors are also misusing analytic products developed by Bing and Yandex to collect necessary details such as browser identification, geo-location, and operating system. Researchers note that this can allow threat actors to gain better visibility of phishing websites and use them further for more targeted attacks.

Top Vulnerabilities Reported in the Last 24 Hours

Google addresses 40 flaws

Google has addressed nearly 40 vulnerabilities in the first part of November 2019 Android Security Bulletin. Out of these, 17 flaws exist in the Framework, Library, Media framework, and System. The affected components include Bootloader, Broadcom Firmware, Bluetooth, Crypto, EcoSystem, Audio, WLAN host, Boot, Services, Kernel, and Display.

NVIDIA releases updates

NVIDIA has released security updates to fix 12 high and medium severity vulnerabilities in the Windows GPU display driver and the NVIDIA GeForce Experience (GFE) software. The flaws addressed could lead to code execution, escalation of privileges, information disclosure, and denial of service on vulnerable Windows computers.

Related Threat Briefings