Cyware Daily Threat Intelligence, April 27, 2020

Share Blog post

Turns out that attackers are making the utmost use of the COVID-19 crisis to fuel their malicious activities. Lately, researchers have uncovered that threat actors are preying on small businesses seeking COVID-19 disaster relief funds, announced by the US government, to spread Remcos RAT. In this attempt, they have spoofed the official website of the US Government Small Business Administration (SBA) to trick the victims. 

Meanwhile, it has also come to notice that scammers are impersonating the World Health Organization’s (WHO) officials to trick users into making fake donations. The scammers behind the campaign ask the recipients to use ‘Bitcoin Network’ in order to transfer the fund.

A major security update for a widely abused zero-day SQL injection vulnerability was also released by Sophos in the last 24 hours. The vulnerability affects the XG enterprise firewall product.

Top Breaches Reported in the Last 24 Hours

Nintendo’s users affected
Nintendo Network ID (NNID) has begun resetting passwords following a cyberattack that affected as many as 160,000 accounts. The attack had allowed unauthorized third-parties to view personal information including names, dates of birth, gender, country, and email addresses.

WhiskyAuctioneer.com attacked
A record-breaking online auction of rare whiskeys has been postponed indefinitely after being targeted in a cyberattack. The website ‘WhiskyAuctioneer.com’ had sustained a malicious attack on April 21. An investigation to understand the extent of the attack is underway as the website is made offline.  

Top Malware Reported in the Last 24 Hours

Cyberattacks on the water sector
The Israeli government has issued an alert to organizations in the water sector following a series of cyberattacks. This had affected supervisory control and data acquisition (SCADA) systems at wastewater treatment plants, pumping stations, and sewage facilities. In the wake of these attacks, organizations have been advised to immediately change the passwords of internet-accessible control systems, reduce internet exposure, and ensure that all control system software is up to date.

SBA portal spoofed
Attackers spoofed the US Government Small Business Administration (SBA.gov) website with an aim to deliver Remcos RAT. The campaign was carried out through phishing emails that included subjects and attachments related to the need for disaster relief loans for small businesses due to the ongoing COVID-19 pandemic.

Top Vulnerabilities Reported in the Last 24 Hours

Microsoft patches account takeover flaw
Microsoft Teams has patched an image-based account takeover vulnerability that could be used to scrape users’ data and ultimately take over an organization’s entire roster of Teams accounts. The issue, that is exploited using a GIF  file, impacts the desktop and web browser versions of Microsoft Teams.   

Sophos patches a zero-day flaw
Sophos has released an emergency security update to patch a zero-day SQL injection vulnerability in its XG enterprise firewall product that was being abused in the wild by attackers. In one of the attacks, the flaw was abused to download a malicious payload on XG Firewall devices and steal sensitive data.

Top Scams Reported in the Last 24 Hours

Scammers impersonate WHO officials
Scammers are impersonating World Health Organization’s (WHO) officials with an aim to steal funds from users in the name of donations to the organization. To do so, scammers are sending emails to individuals asking them to use ‘Bitcoin Network’ and donate to their wallet address. A close look at the Bitcoin wallet address reveals that scammers are using two wallets to run the campaign. One wallet accepts Bitcoin payments while the other counts on  Bitcoin Cash.

 Tags

sql injection vulnerability
nintendo co ltd
world health organization who
microsoft teams
remcos rat
zero day flaw

Posted on: April 27, 2020

Get the Daily Threat Briefing delivered to your email!



More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.



Join Thousands of Other Cyware Followers!