Cyware Daily Threat Intelligence

Daily Threat Briefing • Oct 8, 2020
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Oct 8, 2020
The past 24 hours witnessed many faces of phishing emails. In one incident, cybercriminals circulated such emails with an aim to spread BazarLoader backdoor trojan. These emails pretended to contain updates on the health condition of the U.S. President and included a link that redirected victims to a malicious webpage.
Two other phishing email attacks revolved around harvesting sensitive information from users. While one appeared to be on the COVID-19 relief fund from the IRS, another spoofed the FINRA using fake surveys.
Top Breaches Reported in the Last 24 Hours
Wisepay outage
U.K cashless school payments firm Wisepay took down its website after spotting a phishing attack that spoofed its card payment page. It informed the UK ICO about the incident and, at the same time, asked the users to check their online banking for suspicious activity.
SEPTA in the recovery process
A ransomware attack at SEPTA had made its employees unable to access their emails, as well as prevented the sharing of real-time information with riders. Though the type of malware used and the infection process is unknown, the firm is still working on the restoration process. The attack had occurred in August.
Top Malware Reported in the Last 24 Hours
BazarLoader backdoor
Security researchers have spotted a new phishing email attack that spreads the BazarLoader backdoor trojan. The subject lines of the emails read as “Recent materials pertaining to the president’s illness”, “Newest information about the president’s condition”, or “Newest info pertaining to President’s illness”.These emails include a link that redirects victims to a malicious webpage, where the malware gets downloaded in the background.
Malicious apps
Thirteen malicious apps containing aggressive adware have been discovered on Google Play Store. The adware component, present in all these apps, focuses on displaying ads from Google and Facebook. The apps are a mix of common utility apps, ranging from music and video players to file downloaders and social media aggregators.
Waterbear Loader
A massive cyberespionage campaign, dating back to April 2020, has been unearthed by researchers. The campaign was targeted against Taiwanese government agencies using different malware - most of them being Waterbear Loader. The malware used a misdirection technique called Heaven’s Gate to trick security software.
Top Vulnerabilities Reported in the Last 24 Hours
QNAP fixes two flaws
QNAP has addressed two critical security vulnerabilities in the Helpdesk app that could enable potential attackers to take over unpatched QNAP NAS devices. The flaws are tracked as CVE-2020-2506 and CVE-2020-2507. Both of them are related to improper access control vulnerabilities. QNAP has fixed these flaws in the later versions of Helpdesk 3.0.3.
Vulnerable Comcast XR11
A vulnerability in the Comcast XR11 voice remote controls could have allowed attackers to turn the devices into an eavesdropping tool. The flaw could be abused through an RF transceiver. Comcast has fixed the flaw in version 1.1.4.0.
Top Scams Reported in the Last 24 Hours
COVID-19 relief fund scam
In a new phishing scam, cybercriminals are taking advantage of the deadline for applying the COVID-19 relief fund to trick users into sharing their personal information. The emails purport to contain an important document about COVID-19 relief funds from the IRS. In order to access the document, the victims are first asked to click on a link that redirects them to a fake SharePoint form. The spoofed form asks for email credentials, social security numbers, driver license numbers, and tax ID numbers.
FINRA warns about phishing attacks
FINRA has issued a notice to warn numerous brokerage firms against widespread phishing attacks using surveys. The purpose of these attacks is to harvest information from targeted firms. The phishing messages used in the scam include a fake FINRA domain, from where victims can participate in the surveys.