Cyware Daily Threat Intelligence

Daily Threat Briefing • Sep 29, 2020
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Sep 29, 2020
Though Windows 7 is a matter of the past for Microsoft, threat actors have found a new way to leverage this legacy software. They are using the operating system’s name in a widespread phishing attack that tricks the employees into sharing their Outlook emails and passwords. It is being carried out via phishing emails that ask recipients to upgrade their OS to Windows 10 via a malicious link embedded within.
A shocking incident highlighting the consequence of a failed ransom negotiation has come to light in the last 24 hours. This is related to the Clark County School District in Las Vegas, which was attacked on August 27. It has been reported that the threat actors published documents online containing personal information of some students after officials refused to pay a ransom.
Top Breaches Reported in the Last 24 Hours
Maritime industry impacted
French shipping giant CMA CGM has shut down some networks in Asia to contain a ransomware attack. The attackers have encrypted some of the company’s files and demanded a ransom for the decryption key.
Flightradar24 hacked
Popular flight tracking service, Flightradar24, fixed an issue in its website that became a reason for a cyberattack. As a result, users of the website were temporarily unable to track details on the site.
UHS attacked
Ryuk ransomware has claimed its attack on United Health Services (UHS). The attack, which occurred on Monday, affected IT networks at UHS facilities across the U.S. Meanwhile, the medical firm has disclosed that no patient or employee data has been compromised in the incident.
Clark County School District affected
The Clark County School District in Las Vegas was attacked on August 27, allowing attackers to infect and steal certain files associated with the school. According to new reports, the hackers have published documents containing personal information of some students online after officials refused to pay a ransom.
Top Vulnerabilities Reported in the Last 24 Hours
Twitter fixes an issue
Twitter has fixed an issue on its platform that could have exposed developers’ API keys and tokens. The issue stemmed from a caching flaw in developer.twitter.com. Twitter has addressed the bug by changing the caching instructions.
Zerologon attack on rise
There has been an uptick in Zerologon attacks, according to a new report from Cisco Talos. The attack arises due to a flaw, tracked as CVE-2020-1472, in Netlogon Remote protocol. This flaw can allow attackers to impersonate any computer, including the domain controller itself, and gain access to domain admin credentials.
Top Scams Reported in the Last 24 Hours
Leveraging Windows 7
An ongoing phishing attack is leveraging a legacy software, Windows 7, to trick business employees into sharing their Outlook emails and passwords. The phishing emails are sent on the pretext that the recipients must upgrade their Windows 7 to Windows 10. These emails include a schedule link that redirects the recipients to the phishing page. To make it look more attractive, the emails also include additional details on what users can expect from the upgrade process. The other details include “COVID-19 employee symptom tracker,” “access your pay slips and P60s”, and “access the new staff directory.”