Cyware Daily Threat Intelligence, August 11, 2020

Share Blog post

An interesting case of a large-scale Tor relay hijack has come to notice in the last 24 hours. Since January 2020, a mysterious group has been adding servers to the Tor network with the purpose to perform SSL stripping attacks on Tor users accessing cryptocurrency-related sites. By May, the group was running 380 malicious Tor relays to execute its activities.

Apart from this, the threat landscape saw enhancements in the Avaddon ransomware and Agent Tesla trojan. While the former added a new data leak site, which currently includes 3.5 MB of documents stolen from a construction company, the later includes a new module capable of stealing credentials from applications.   

Top Breaches Reported in the Last 24 Hours

Garmin pays ransom
Garmin has reportedly paid a ransom to recover a decryption key for files encrypted by the WastedLocker ransomware. The attack had occurred on July 23, affecting Garmin’s fitness-tracker services, customer-support outlets, and commercial aviation offerings. The encrypted files were appended with .garminwasted extension.

Data leak site for Avaddon launched
Avaddon ransomware operators are the latest gang to launch a data leak site. The site, currently, hosts 3.5 MB of documents stolen from a construction company.

MSU breached
The Michigan State University (MSU) has disclosed a breach that affected credit card and personal information of roughly 2,600 users. The attackers injected malicious scripts into the university’s online store to harvest customers’ data.

Hacking campaign
A large-scale hacking campaign aimed at government and university websites is underway. The hacked websites are being used to host articles on hacking social network accounts that lead to malware and scams. One of the hacked websites belongs to UNESCO.

Tor networks hijacked
A mysterious threat group has been found adding servers to the Tor network to perform SSL stripping attacks against users accessing cryptocurrency-related sites through the Tor browser. The group managed 380 malicious Tor exit relays at its peak.

Top Malware Reported in the Last 24 Hours

Agent Tesla upgraded
Agent Tesla remote access trojan now comes with additional modules to steal credentials from applications, including popular web browsers, VPN software, and FTP clients. The malware is currently popular with Business Email Compromise (BEC) scam.

Top Vulnerabilities Reported in the Last 24 Hours

Google Chrome browser bug
A zero-day Content Security Policy (CSP) vulnerability found in Chrome, Opera, and Edge browsers can allow attackers to steal data and execute malicious code. To exploit the vulnerability, an attacker first needs to gain access to the web server. The bug, which scored 6.5 on the CVSS scale, has been fixed in Chrome version 84.

vBulletin fixes RCE bug
vBulletin has fixed a zero-day preauthentication remote code vulnerability in its forum software. The flaw affects versions 5.0 through 5.4 and is tracked as CVE-2019-16759. It can allow attackers to execute any PHP command on the remote server without logging into the forum.

Vulnerable Samsung
Four vulnerabilities affecting Samsung’s ‘Find My Mobile’ feature could have been abused to perform various types of malicious activities. The flaws affected Samsung Galaxy S7, S8, and S9+ before the vendor released a patch.

Top Scams Reported in the Last 24 Hours

Office 365 users targeted
Scammers are targeting Office 365 customers in a new phishing campaign that makes use of compromised accounts. The email masquerades as an encrypted message notification related to a OneDrive for Business file. If recipients click on the link, it redirects them to a phishing site that asks for their usernames and passwords.

Fake cPanel advisory
In a recent phishing campaign, scammers sent out a fake cPanel advisory to warn recipients about fabricated security vulnerabilities. To make it look authentic, the attackers incorporated the cPanel logo in the emails. The purpose of the scam was to pilfer account credentials of users.

 Tags

agent tesla rat
michigan state university msu
fake cpanel
office 365 login credentials
google chrome browser
avaddon ransomware

Posted on: August 11, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!