Cyware Daily Threat Intelligence, August 07, 2020

Share Blog post

Card skimming attacks are running rampant as Magecart attackers continue to evolve their attack techniques. It has been found that threat actors are using the homoglyph technique to trick users into visiting fake websites. These sites include skimming code embedded in their favicon images. 

Updates on flaws in Qualcomm chips have also emerged in the last 24 hours. In one research, experts have concluded that a vulnerability similar to KrooK can allow attackers to steal data from Qualcomm chips. On a tangent, the chip manufacturer fixed six other vulnerabilities that affected almost 40% of the smartphones that used its chip. These flaws can lead to taking control of phones and spying on users.

Top Breaches Reported in the Last 24 Hours

Intel’s data leak
Intel is investigating a data leak that resulted in the exposure of over 20GB source code and other proprietary data on file-sharing site MEGA. Many of these files are marked ‘confidential’ or ‘restricted secret’ and consist of different Intel development and debugging tools, roadmap documents, and schematics of various processors.

Top Malware Reported in the Last 24 Hours

New credit card skimming campaign
A new credit card skimming campaign that makes use of homoglyph technique has come to light. Carried out by a Magecart threat actor group, the campaign is intended at stealing both financial and personal details of customers by redirecting them to fraudulent websites. These sites are loaded with skimming codes inside favicon files.

Top Vulnerabilities Reported in the Last 24 Hours

Vulnerability similar to KrooK
ESET researchers have revealed that vulnerability similar to Krook vulnerability affects more chip brands. The newly found flaw is identified as CVE-2020-3702 and impacts chips from Qualcomm, and MediaTek. The flaw can lead to the disclosure of data by transmitting unencrypted data in the place of encrypted data frames.

Flawed Windows Print Spooler
Researchers shared two zero-day vulnerabilities found in Windows Print Spooler. One of the flaws is a local privilege escalation vulnerability (CVE-2020-1337). The other flaw is tracked as CVE-2020-1337, a Denial of Service (DoS) vulnerability, for which Microsoft has released a patch.

Snapdragon bug
Several security vulnerabilities discovered in Qualcomm’s Snapdragon chip could allow attackers to take control of almost 40% of all smartphones. The malicious actors can further spy on victims and install unremovable malware by abusing these flaws - tracked as CVE-2020-11201, CVE-2020-11202, CVE-2020-11206, CVE-2020-11207, CVE-2020-11208, and CVE-2020-11209. Qualcomm has mitigated the issue by patching the flaws.

Attacks against email systems
In a Black Hat 2020 security conference, researchers have outlined 18 different attacks against email sender authentication protocols such as Simple Mail Transfer Protocol (SMTP) and DomainKeys Identified Mail (DKIM). These attacks can allow threat actors to spoof identities and bypass email security solutions.

Firefox fixes an Evil Cursor bug
Firefox has fixed a bug that was being abused in the wild by tech support scammers. The flaw could enable scammers to launch Evil Cursor attacks and prevent users from leaving malicious sites.

Reviving Foreshadow attack
Researchers have discovered that previously disclosed speculative execution attacks are misattributed to ‘prefetching effect,’ resulting in the release of incomplete mitigations by hardware vendors. The actual cause of these attacks is due to the speculative dereferencing of user-space registers in the kernel. As a result, several new side-channel attacks have been identified on modern processors from ARM, IBM, and AMD.

Top Scams Reported in the Last 24 Hours

Phony COVID loan scam
A group of scammers leveraged compromised data broker accounts to make millions of dollars. They executed the scam through phony COVID-19 loans and unemployment claims. Additionally, the scam was also used to collect sensitive data such as Social Security Numbers, dates of birth, phone numbers, and email addresses of users.

Water Nue phishing
A group of fraudsters, dubbed Water Nue, are involved in a series of phishing campaigns targeting Office 365 accounts. The campaigns have targeted over 1000 companies across the world and are active since March 2020. The attack relies on users being redirected to fake Office 365 login pages.

 Tags

homoglyph technique
windows print spooler
foreshadow attack
water nue phishing campaign
krook vulnerability
qualcomm snapdragon

Posted on: August 07, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!