Cyware Daily Threat Intelligence, February 21, 2020

Share Blog post

Business Email Compromise (BEC) threat landscape has gone a long way as threat actors devise new ways to pilfer money from organizations. Now, researchers have identified a new threat actor group called Exaggerated Lion that uses new and unique tactics to target U.S. companies in BEC attacks. The group’s latest techniques involve the use of G Suite and physical checks for collecting fraudulent payments. The group has managed to target nearly 2100 companies in four months by leveraging the techniques.

Two app-related security issues were also detected in the last 24 hours. In one case, ClevGuard has fixed a misconfiguration issue in its KidsGuard app after it uncovered that the apps were inadvertently leaking private data to unsecured Alibaba cloud storage bucket. On the other hand, researchers came across 23 iOS file management apps created by Cometdocs, transferring files without using encryption. These apps have more than three million downloads and the newly discovered vulnerability can potentially put users’ data at risk.

Top Breaches Reported in the Last 24 Hours

109K patients affected
Overlake Medical Center and Clinics in Washington are notifying about 109,000 patients that some of their health information was potentially compromised during a phishing attack. The attack was first detected on December 9, 2019. The compromised accounts included names, contact information, dates of birth, diagnoses, treatment information, health insurance identification numbers, and health insurance provider names of patients.

DISA suffers a breach
The Defense Information System Agency (DISA) has disclosed a data breach that took place between May and July 2019. The incident had affected the personal information including social security numbers of employees. Though the number of individuals affected in the breach is not disclosed, the agency has been reportedly offering free credit monitoring services to all those who were impacted.

ISS World attacked
A ransomware attack at Denmark-based ISS World has crippled parts of its IT environment worldwide. The firm has disabled access to shared IT services across its different sites and countries to limit the impact of the incident. Additionally, ISS World has recommended few tips to its employees to keep crooks out of the network.

INA Group impacted
Croatia’s biggest oil company INA Group had suffered a cyberattack on February 14, 2020. The ransomware used in the attack encrypted some of the company’s backend servers. However, it did not affect the company’s ability to provide petrol fuel to its customers.

Misconfigured KidsGuard app
KidsGuard app was found exfiltrating the content from victims’ devices to an unsecured Alibaba cloud storage bucket. The content included real-time location, text messages, browser history, videos and app activities, and recordings of phone calls of victims. ClevGuard, the provider of the app, had immediately shut down the exposed cloud storage after being contacted by researchers.

Top Malware Reported in the Last 24 Hours

Exaggerated Lion
Researchers have uncovered a new business email compromise (BEC) threat actor group that is targeting thousands of U.S. companies. Called Exaggerated Lion, the group leverages Google’s cloud-based productivity suite, G-Suite, to pilfer money through scams. They use very long domain names hosted on G Suite containing words that give the appearance that an email was sent from secure infrastructure.

Top Vulnerabilities Reported in the Last 24 Hours

Adobe release updates
Adobe has released out-of-band security updates for two new vulnerabilities affecting After Effects and Media Encoder applications. The two vulnerabilities are tracked as CVE-2020-3765 and CVE-2020-3764. The two issues are classified as out-of-bounds write memory corruption flaws and can allow attackers to execute arbitrary code on targeted systems.

Security lapses in apps
Researchers have found that some 23 iOS file-conversion apps used by three million people fail to use encryption when transferring documents. These apps are from a single developer, Cometdocs and are available on Apple’s App Store.

Microsoft issues a patch
Microsoft has issued a patch for an Internet Explorer scripting engine memory corruption vulnerability that could lead to remote code execution and that has been detected in the wild. The vulnerability, CVE-2020-0674, carries a CVSS rating of 7.5.


 Tags

iss world
overlake medical center and clinics
exaggerated lion
kidsguard app

Posted on: February 21, 2020



More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.