Go to listing page

Cyware Daily Threat Intelligence, April 02, 2021

Cyware Daily Threat Intelligence, April 02, 2021

Share Blog Post

Beware! Phishers are taking advantage of your anxiety and fear to trap you in their phishing campaigns. With the onset of the new tax season, scammers have started impersonating stockbrokers to lure taxpayers into opening fake tax documents. As a result, the victims are fooled into sharing their credentials along with the chance of being infected by malware. 

A fake post-vaccine survey that is used to steal both money and PIIs from users is also underway. The scam promises cash or prizes as a lure to attract more victims. In another incident, phishers are duping customers with a big grant from Mackenzie Bezos Scott foundation with an intent to steal money from them.  

Top Breaches Reported in the Last 24 Hours

Boggi Milano hit
The notorious Ragnarok ransomware has launched its attack on luxury Italian men’s clothing line Boggi Milano enabling threat actors to exfiltrate 40 GB of data. The stolen data include human resources files, payment PDFs, vouchers, tax documents, salary information, and more.

Top Malware Reported in the Last 24 Hours

Newly Android malware
A new piece of Android malware dubbed Android/Trojan.Spy.FakeSysUpdate has the capabilities to steal photos, videos, and GPS location information from affected phones. The malware is being distributed via an app with the same name. It is currently unclear how it is being delivered to Android devices. 

Top Vulnerabilities Reported in the Last 24 Hours

A flaw in Umbraco
Researchers have outlined a privilege escalation issue found in the popular website CMS, Umbraco. The problem resides in an API endpoint and can allow threat actors to view data on websites. The issue has been observed in Umbraco versions 8.9.0 and 8.6.3.

OTP vulnerability
An OTP vulnerability discovered in Airlift Express could lead to account hacks and exploits by cybercriminals. The flaw, which resides in Airlift Express’ E-commerce store, was fixed after it was reported by security experts.

Top Scams Reported in the Last 24 Hours

Taxpayers targeted
Scammers are impersonating stock-trading broker Robinhood in a newly found phishing campaign that is aimed at stealing user credentials and spreading malware. The campaign leverages phishing emails that include fake tax documents. 

Fake survey for vaccine
The U.S. DOJ has warned of phishing attacks that use fake post-vaccine surveys to steal money from people. Threat actors promise potential victims of cash or prizes in return for filling the survey. Instead, these surveys are used to harvest the PII of users to fuel other fraud schemes. 

MaxKenzie Bezos-Scott grant scam
A spear-phishing attack impersonating the Mackenzie Bezos Scott foundation has reached at least 190,000 customers. The email that purports to be from the charity organization informs that the recipient has been selected to receive a grant. In order to receive it, the recipients are asked to make a small processing fee required for the money transfer.

 Tags

airlift express
mackenzie bezos scott foundation
androidtrojanspyfakesysupdate
privilege escalation issue

Posted on: April 02, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.