Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Nov 20, 2020

Cybercriminals are getting creative with Google services. In latest research, experts have uncovered that attackers are taking advantage of Google Forms, FireBase, Google Docs, and Google Sites to sneak past defensive tools and steal sensitive information.

A new attack method that turns smart home equipment against users has been uncovered by researchers. Termed as LidarPhone, the attack relies on the built-in LiDAR laser-based navigational component in the vacuum cleaner to snoop on users’ conversations and their private data.

Apart from these, there is also a major update on QBot’s malicious activity. The trojan has dropped ProLock ransomware and opted for Egregor ransomware as part of its latest attack campaigns.

Top Breaches Reported in the Last 24 Hours

Vulnerable Go SMS Pro exposes data

Go SMS Pro has exposed audio, video, and photo messages of millions of its users due to a flaw in its app. The issue exists in the functionality that allows users to send private media to other people even if they do not have the GO SMS Pro application installed on their devices. The app has over 100 million downloads to date.

Banks targeted

Researchers learned that both U.S. and European banks were experiencing a spike in e-commerce fraud linked to China-based sites. These domains were used to steal payment card data from unwitting shoppers and then, sell the data across various dark web marketplaces.

Oregon County affected

Oregon’s Jackson County is dealing with an outage on its website that occurred due to a ransomware attack on Managed.com. The attack occurred early this week.

Top Malware Reported in the Last 24 Hours

QBot adds a new partner

The QBot trojan has dropped the ProLock ransomware and partnered with Egregor ransomware as part of its latest attack campaigns. These campaigns are carried out through phishing emails containing malicious Excel documents pretending to be DocSign documents.

**Mount Locker ransomware **

Mount Locker ransomware has shifted its focus to users filing tax returns through TurboTax. The stolen data and encrypted files in this case are then used in a double extortion scheme where victims are warned that their files will be published on a data leak site if a ransom is not paid.

Top Vulnerabilities Reported in the Last 24 Hours

VMware patches six flaws

VMware has patched a total of six vulnerabilities in its SD-WAN Orchestrator product. These flaws can allow attackers to steer traffic or shut down the enterprise network. The flaws are related to SQL injection bugs, remote code execution, and default passwords.

LidarPhone attack

Researchers demonstrated a new attack method called LidarPhone that converts vacuum cleaners to microphones. The attack works by leveraging the built-in LiDAR laser-based navigational component in the vacuum cleaner.

Top Scams Reported in the Last 24 Hours

New ways of phishing

Researchers have found that cybercriminals are using free Google services such as Google Forms, Google Sites, Firebase, and Google mobile platform for app development to launch a variety of phishing attacks. These services enable attackers to evade detection by security software while carrying out their malicious intentions. It is advised that employees and users should use MFA and learn to spot phishing emails to stay safe.

Related Threat Briefings