Cyware Daily Threat Intelligence, August 31, 2020

Share Blog post

The popularity of social media platforms among billions of users makes it a favorite phishing channel for cybercriminals. One such phishing campaign that disguises as the Instagram Help Center has come to light in the last 24 hours. Executed by a Turkish-speaking cybercriminal group, the campaign, so far, has targeted hundreds of celebrities, startup business owners, and other entities. The ultimate purpose of the campaign is to steal email credentials from victims.

Meanwhile, Cisco has published an advisory about attack attempts on its IOS XR software. For this, the attackers are exploiting a vulnerability in the software that can lead to a denial of service condition.

New details about Emotet’s latest spam campaign have also emerged lately. The operators of the botnet have shifted from Coronavirus-themed lures and are now using the ‘Red Dawn’ template to infect users.

Top Breaches Reported in the Last 24 Hours

Selma Unified attacked
Selma Unified School District has suffered a ransomware attack. Currently, it is unclear what has been damaged in the attack but the officials claim that no data was stolen in the incident.

NZX hit again
The New Zealand Stock Exchange was hit for the fifth time on Monday, crashing its website. However, the firm maintained its trading after switching to a contingency plan. Authorities believe the attacks were conducted by state-sponsored attackers.

Utah Pathology Services affected
Personal information of approximately 112,000 patients was affected in a data breach at Utah Pathology Services. The exposed data included dates of birth, gender, mailing addresses, email addresses, phone numbers, and diagnostic information of patients.

Top Malware Reported in the Last 24 Hours

Malicious JavaScript library
The npm security team removed a malicious JavaScript library ‘fallguys’, which was designed to steal sensitive files from a victims’ browser and Discord application, from the npm repository. The package was available on the repository for two weeks and was downloaded nearly 300 times. Every project that integrated the malicious library, was infected with the malicious fallguys code.

Emotet’s new template
The Emotet botnet has begun using a new template named ‘Red Dawn’ to infect users in a massive spam campaign. The Red Dawn template displays the message ‘This document is protected’ and urges recipients to click on ‘Enable Editing’ and ‘Enable Content’ to access the content.

Top Vulnerabilities Reported in the Last 24 Hours

Cisco warns about attacks
Cisco has warned that attackers are actively attempting to exploit a vulnerability in its IOS XR software used in carrier-grade routers. The flaw, tracked as CVE-2020-3566, resides in the Distance Vector Multicast Routing Protocol (DVMRP) feature of the software. The exploitation of the flaw can lead to a denial of service condition.

Top Scams Reported in the Last 24 Hours

Instagram phishing scam
Turkish-speaking cybercriminals have been found targeting Instagram users with an aim to steal their email credentials. The scam involves attackers sending legitimate messages to victims under the name of the Instagram Help Center and claiming that a copyright violation complaint has been filed against their accounts. The message includes a link that masquerades as a form for sending an appeal but is actually a phishing link. So far, the campaign has targeted hundreds of celebrities, startup business owners, and other entities.

 Tags

emotet
fallguys package
coronavirus themed lures
discord application
instagram users

Posted on: August 31, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!