Go to listing page

Cyware Daily Threat Intelligence, August 08, 2019

Cyware Daily Threat Intelligence, August 08, 2019

Share Blog Post

Stealing individuals’ personal data and login credentials through IDN homograph attack is one of the more advanced attack techniques in the cyber threat landscape. Lately, malicious actors leveraged the attack method to target the customers of Bank of Valletta. They impersonated the the bank website with a purpose to steal login credentials.

A new wave of phishing attacks that masquerades as an email from DocuSign has also been observed in the past 24 hours. Threat actors are using the logo of the electronic signature platform to bypass the email gateway and trick users into giving away their Office 365, Gmail, and iCloud login credentials. 

A total of 35 vulnerabilities have been discovered in five leading printer manufacturers. They are HP, Ricoh, Xerox, Lexmark, Kyocera, and Brother. The vulnerabilities can be exploited to launch DoS attacks, deploy a backdoor and cause printers to crash.

Top Breaches Reported in the Last 24 Hours

State Farm breached
Insurance company State Farm notified customers that it has suffered a credential stuffing attack which affected usernames and passwords of some customer accounts. Upon discovery, the firm reset passwords for all impacted customer accounts in order to avoid further access attempts by the attackers.

NBA website breached
Attackers have hacked the website for the National Baseball Hall of Fame and injected a malicious Magecart script to steal customers’ payment card details. The incident impacted those customers who made purchases through the website between November 15, 2018, and May 14, 2019. 

Top Malware Reported in the Last 24 Hours

MoqHao phishing campaign
Threat actors have been found infecting Korean and Japanese users with XLoader and Roaming Mantis trojans in a newly discovered MoqHao phishing campaign. The malware is delivered through two fake Japanese security apps and four Korean police applications. The purpose of the campaign is to perform spy activities such as tracking device location and eavesdropping on call conversations.

IDN homograph attack
Security researchers have uncovered a new instance of an IDN homograph attack that targets customers of Bank of Valletta, Malta. The attackers have impersonated the website of the bank with an intention to steal their login credentials. Interestingly, the phishing domain bears a valid digital certificate issued by Let’s Encrypt.

DocuSign impersonated 
Threat actors are leveraging the popular electronic signature platform DocuSign to trick users into handing out their credentials. The campaign is carried out through phishing emails which include a malicious hyperlink to a phishing page that provides a user with six options to login into their accounts. However, once the users click on one of the options, they are redirected to Office365, Gmail or iCloud login page.

Top Vulnerabilities Reported in the Last 24 Hours 

35 flaws in printers
Researchers have uncovered a total of 35 vulnerabilities in printers of six printer manufacturers - HP, Ricoh, Xerox, Lexmark, Kyocera, and Brother. These vulnerabilities can be exploited to launch DoS attacks, to install backdoors or cause the printers to crash. The disclosed vulnerabilities have either now been patched or are in the process of being patched by the manufacturers.

RDP bug affected Hyper-V 
A security vulnerability in Microsoft’s Remote Desktop Protocol (RDP) was found to affect its Hyper-V software. The flaw can allow a hacker to take control of the computers of privileged users. The flaw has been assigned CVE-2019-0887. A patch for the vulnerability was released by Microsoft in its July 2019 security updates.

Vulnerable leaked Boeing code
Security experts demonstrated that there are several memory corruption vulnerabilities in the Crew Information Service/Maintenance System (CIS/MS) module of Boeing 787 Dreamliner. The flaws can allow threat actors to send malicious commands to other sensitive components that control the plane’s safety systems. The flaws can also enable the attackers to remotely control the plane’s engine, brake, and sensors.

Vulnerabilities in WhatsApp
WhatsApp has been found to contain several vulnerabilities that could allow attackers to intercept and manipulate users’ messages. These flaws can be exploited through social engineering techniques and have been open to exploit for around a year.

 Tags

whatsapp inc
moqhao phishing
nba website
state farm
idn homograph attack

Posted on: August 08, 2019


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite