Christmas is knocking at the door and so are threat actors. A new wave of attacks from the notorious UltraRank threat actor group has been detected. The attack campaign, which remains active to date, is being carried out using a JS-sniffer called SnifLite. So far, the card skimming code has been detected on 12 e-commerce sites, out of which eight are still infected.
Apart from this, the comeback of the powerful Emotet trojan was noticed in a series of fresh phishing campaigns. The trojan, which returned after a two-month hiatus, was found to be revamped to better avoid network defenses and spread other malware as secondary payloads.
Talking more about phishing campaigns, researchers reported that users are being targeted with a fake security alert that pretends to be from Chase. The ultimate goal is to steal the banking information of users.
Top Breaches Reported in the Last 24 Hours
Misconfigured AWS S3 bucket
A misconfigured AWS bucket belonging to 21 Buttons has exposed the personal details of hundreds of social media influencers. The bucket comprised 50 million files that contained full names, bank details, national ID numbers, PayPal email addresses, and the value of sales commissions of individuals. Those caught in the data leak included Carlota Weber Mazuecos, Freddy Cousin Brown, Marion Caravano, Irsa Saleem, and Danielle Metz.
Citrix confirms DDoS attacks
Citrix has confirmed that an ongoing DDoS attack is affecting Citrix Application Delivery Controller (ADC) networking appliances with EDT enabled. The attack first came to notice on December 21 after customers reported attacks against Citrix NetScaler Gateway devices.
Top Malware Reported in the Last 24 Hours
UltraRank launches a new campaign
A cybercriminal gang known as UltraRank
In an alert issued by Cofense, it has been found that the Emotet trojan
has returned this week with a fresh spamming and phishing campaign. The malware has been revamped to include more obfuscation techniques and spread other malware like TrickBot as secondary payloads.
Top Vulnerabilities Reported in the Last 24 Hours
QNAP releases security updates
has released security updates to fix multiple high-severity vulnerabilities impacting NAS devices running the QES, QTS, and QuTS hero operating systems. The vulnerabilities are tracked as CVE-2020-2503, CVE-2020-2504, CVE-2020-2505, CVE-2020-6903, CVE-2020-2499, and CVE-2020-25. They are related to command injection, cross-site scripting, and hard-coded password.
Top Scams Reported in the Last 24 Hours
Chase phishing scam
A large-scale phishing scam
is underway that pretends to be a security notice from Chase. The scam is designed to steal the banking information of users. The fake notice alerts recipients that their accounts have been blocked due to the detection of fraudulent activity. To unlock the account, the recipients are prompted to click on the ‘Restore Now’ button in the email.