Go to listing page

Cyware Daily Threat Intelligence, January 26, 2021

Cyware Daily Threat Intelligence, January 26, 2021

Share Blog Post

Microsoft Office 365, a favorite attack channel, is reaping fortunes for phishers again. An ongoing phishing campaign that delivers fake Office 365 password expiration reports is targeting C-Suite executives with an aim to pilfer their credentials. The targets include CEOs, CFOs, and employees in the finance department across different sectors.    

Apart from high-level executives, security researchers are also on the radar of cybercriminals. A report reveals that North Korea-based threat actors have been secretly planting backdoor on the computer systems of several security experts to steal confidential data of companies. 
 
Top Breaches Reported in the Last 24 Hours

Cook county leaks data
Over 320,000 court records belonging to Cook county had leaked due to a misconfigured database. The records included full names, home addresses, email addresses, case numbers, and private notes. The exposed database was secured after being exposed for two days. 

Palfinger targeted
Palfinger, a global leader in crane and lifting manufacturing, has been targetted by a cyberattack that impacted its IT infrastructure. Currently, the company is yet to ascertain the scope of the attack.

Misconfigured Elasticsearch
A misconfigured Elasticsearch server had exposed nearly 23 million records belonging to over 60,000 gamers from feature games such as Hearts, Crazy Eights, Euchre, Rummy, Dominoes, Backgammon, Ludo, and Yatzy. The leaked data included usernames, email addresses, IP addresses, hashed passwords, Facebook, Twitter, and Google IDs. 

Security researchers targeted
North Korea-based hacker group has been found targeting security researchers that are working on vulnerability research at different companies and organizations. The approach involves creating a blog on publicly disclosed vulnerabilities and contacting the security researchers directly through fake Twitter, LinkedIn, Telegram accounts. 
  
Top Vulnerabilities Reported in the Last 24 Hours

CrowdStrike releases PoC for a flaw
CrowdStrike has issued PoC for a vulnerability tracked as CVE-2020-1678. The flaw can allow an attacker to relay NTLM authentication sessions and then execute code remotely. Using a printer spooler MSRPC interface.
 
Flawed TikTok
A security flaw in TikTok that could have allowed attackers to steal users’ private personal information has been fixed by ByteDance. To exploit the bug, the attackers would have to create a list of devices, a list of session tokens, and more. 

Top Scams Reported in the Last 24 Hours

Phishers target C-Suite executives
An ongoing phishing campaign is targeting C-Suite executives across finance, government, manufacturing, real estate, and technology sectors with an intent to steal their credentials. The campaign has so far claimed victims in Japan, the U.S, U.K., Canada, Australia, and several European countries. Additionally, the phishers have managed to compromise 40 legitimate email addresses of CEOs, directors, company founders, and owners, as well as those of other enterprise employees. 
COVID-19 vaccine phishing attack
Another active phishing campaign that pretends to be from the UK’s National Health Service (NHS) is found targeting U.K. citizens. The emails are sent with subject lines ‘IMPORTANT - Public Health Message| Decide whether if you want to be vaccinated’, to create a sense of emergency among recipients. 

 Tags

misconfigured elasticsearch
fake office 365 password
backdoor
cook county
crowdstrike
palfinger

Posted on: January 26, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Learn More About Cyware Solutions!