Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Sep 29, 2020

Though Windows 7 is a matter of the past for Microsoft, threat actors have found a new way to leverage this legacy software. They are using the operating system’s name in a widespread phishing attack that tricks the employees into sharing their Outlook emails and passwords. It is being carried out via phishing emails that ask recipients to upgrade their OS to Windows 10 via a malicious link embedded within.

A shocking incident highlighting the consequence of a failed ransom negotiation has come to light in the last 24 hours. This is related to the Clark County School District in Las Vegas, which was attacked on August 27. It has been reported that the threat actors published documents online containing personal information of some students after officials refused to pay a ransom.

Top Breaches Reported in the Last 24 Hours

Maritime industry impacted

French shipping giant CMA CGM has shut down some networks in Asia to contain a ransomware attack. The attackers have encrypted some of the company’s files and demanded a ransom for the decryption key.

Flightradar24 hacked

Popular flight tracking service, Flightradar24, fixed an issue in its website that became a reason for a cyberattack. As a result, users of the website were temporarily unable to track details on the site.

UHS attacked

Ryuk ransomware has claimed its attack on United Health Services (UHS). The attack, which occurred on Monday, affected IT networks at UHS facilities across the U.S. Meanwhile, the medical firm has disclosed that no patient or employee data has been compromised in the incident.

Clark County School District affected

The Clark County School District in Las Vegas was attacked on August 27, allowing attackers to infect and steal certain files associated with the school. According to new reports, the hackers have published documents containing personal information of some students online after officials refused to pay a ransom.

Top Vulnerabilities Reported in the Last 24 Hours

Twitter fixes an issue

Twitter has fixed an issue on its platform that could have exposed developers’ API keys and tokens. The issue stemmed from a caching flaw in developer.twitter.com. Twitter has addressed the bug by changing the caching instructions.

Zerologon attack on rise

There has been an uptick in Zerologon attacks, according to a new report from Cisco Talos. The attack arises due to a flaw, tracked as CVE-2020-1472, in Netlogon Remote protocol. This flaw can allow attackers to impersonate any computer, including the domain controller itself, and gain access to domain admin credentials.

Top Scams Reported in the Last 24 Hours

Leveraging Windows 7

An ongoing phishing attack is leveraging a legacy software, Windows 7, to trick business employees into sharing their Outlook emails and passwords. The phishing emails are sent on the pretext that the recipients must upgrade their Windows 7 to Windows 10. These emails include a schedule link that redirects the recipients to the phishing page. To make it look more attractive, the emails also include additional details on what users can expect from the upgrade process. The other details include “COVID-19 employee symptom tracker,” “access your pay slips and P60s”, and “access the new staff directory.”

Related Threat Briefings