Cyware Daily Threat Intelligence, July 01, 2020

Share Blog post

The infamous Maze ransomware gang has struck another business giant in its latest attack spree. This time, the printer manufacturer Xerox Corporation has been targeted by the attackers who claim to have pilfered over 100 GB of data. They have released a set of 10 screenshots of different directory listings stolen from the firm.

A new, sophisticated ransomware, called OSX.EvilQuest, has also been uncovered targeting macOS users. In addition to encrypting files on a victim’s computer, the ransomware is capable of installing a keylogger, a reverse shell, and stealing cryptocurrency wallet-related files from infected hosts.

Meanwhile, postal services continued to be a lucrative target for scammers to steal financial data of users. In one such phishing scam observed, phishers were found sending phony messages, under the name of postal services, that included a malicious link.

Top Breaches Reported in the Last 24 Hours

Xerox hit
Xerox Corporation has allegedly fallen victim to Maze ransomware attack. It appears that the attackers had stolen over 100 GB worth of data from the firm and completed the encryption process on June 25. To claim their attack, they have shared a set of 10 screenshots, showing directory listings from June 24 and June 25.

Taiwan’s population data sold
According to researchers, a Taiwanese database containing personal information of over 20 million citizens was posted for sale on the dark web. The source of the leak is believed to have originated from the Department of Household Registration. The database was offered for sale on May 19, 2020, and included details such as full names, landline numbers, ID numbers, and home addresses.

Leaky SQL databases
Two SQL databases containing information from 945 websites had emerged on the dark web on June 1 and June 10, respectively. The databases offered a broad range of personal data including full names and phone numbers, emails, usernames, hashed and non-hashed passwords, IP addresses, and physical addresses.

Unsecured databases
Two unsecured databases belonging to Xiaoxintong and Shanghai Smartech tools had leaked millions of records. The Xiaoxintong’s database contained more than 340,000 records of over 200 million elderly people in China. Shanghai Yanhua Smartech had leaked over 4.2 million records of its customers.

Top Malware Reported in the Last 24 Hours

EvilQuest ransomware
A new ransomware strain named OSX.EvilQuest, has been found targeting Mac users. It is mainly distributed via torrent platforms and online forums. Apart from encrypting files on a victim’s computer, the ransomware can also install a keylogger, a reverse shell, and steal cryptocurrency wallet-related files from infected hosts.

Top Vulnerabilities Reported in the Last 24 Hours

Microsoft releases updates
Microsoft has released emergency security updates for two vulnerabilities in Microsoft Windows Codecs Library. The two flaws, tracked as CVE-2020-1425 and CVE-2020-1457, impact Windows 10 and Windows Server 2019 distributions, respectively. The flaws can be exploited with the help of a specially crafted image file.

Attack through barcode scanner
Researchers claim that Industrial Control Systems (ICS) can be hacked through barcode scanners. They successfully demonstrated the experiment by hacking products made by SICK, a Germany-based provider of sensors for industrial automation applications. Attackers can misuse the barcode present on these products to take control of devices.

Vulnerable Windows drivers
New research has revealed that faulty Windows drivers are responsible for attacks on ATMs and Point-of-Sale (PoS) devices. One such issue was found affecting Diebold Nixford ATMs. The vulnerable hardware driver provided arbitrary access to I/O ports on the system, enabling access to devices connected via the PCI interface.

Netgear patches a few flaws
Netgear has patched 28 out of 79 vulnerable router models affected by a flaw that can potentially allow an attacker to remotely execute code as root. These flaws are as old as six months.

Top Scams Reported in the Last 24 Hours

Phishing through Instagram
Scammers have hijacked a verified Instagram account named ‘The North Face Chile’ to send fake copyright notices to its followers. The notice claims that one of their posts violates the network’s copyright policy and requires feedback. It states that failing to do so will result in the suspension of their accounts in the next 24 hours. The message contains a phishing link designed to steal the login credentials of users.

Impersonating postal services
FakeSpy operators have been found impersonating various postal services to target users in the U.S., China, and Europe. The scam is carried out through phony messages, which if clicked, installs malicious code capable of siphoning off financial data from mobile applications.

FBI warns about a scam
The FBI has warned users about a COVID-19 antibody test scam that steals personal information from people. The scammers pretend to sell the victims fake testing kits after the targeted users fill out an online form, asking for personal and credit card information.

HMRC SMS phishing scam
Self-employed workers are being targeted by a new SMS phishing scam that appears to be from Her Majesty's Revenue and Customs (HMRC). The message asks recipients to fill in a fake online form to claim a tax refund. The form is available on a spoofed HMRC website and is entitled, ‘Coronavirus guidance and support.’

 Tags

xiaoxintong
maze ransomware gang
taiwanese database
osxevilquest
shanghai smartech tools
xerox corporation

Posted on: July 01, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!