Cyware Daily Threat Intelligence, July 07, 2020

Share Blog post

In a world that's growing increasingly digital, credit card skimming attacks have emerged as a key cybersecurity threat to e-commerce websites. In the latest revelation, researchers have uncovered a new digital skimming attack that has been active since mid-April. The skimmer code used in the campaign targets websites hosted on Microsoft IIS servers and running the ASP[.]NET web application framework.

Besides this, a lesser-known Purple Fox exploit kit has emerged with new features in the last 24 hours. It now includes the exploit for two critical vulnerabilities affecting Internet Explorer and Win32k.

Meanwhile, a study by a group of academics revealed that nearly 127 routers from seven different vendors are still affected by several vulnerabilities. The affected vendors include Netgear, D-Link, TP-Link, Linksys, and ASUS.

Top Breaches Reported in the Last 24 Hours

EDPR NA discloses an attack
EDP Renewables North America (EDPR NA) has disclosed an attack by the Ragnar Locker ransomware. The incident affected systems at its parent corporation, Energias de Portugal (EDP). The attack occurred on May 8, 2020, after unauthorized third parties gained access to its computing systems.

X-FAB Group targeted
The Germany-based semiconductor company, X-FAB Group, had fallen victim to a cyberattack. Following the attack, it halted the production at all six manufacturing sites. It promptly took the help of security experts to resolve the problem and recover all its affected systems.

Top Malware Reported in the Last 24 Hours

WastedLocker’s terror
WastedLocker is one such ransomware that allows adversaries to perform privilege escalation and make lateral movements to cause significant operational and financial damages to organizations across the globe. Furthermore, the use of ‘dual-use’ tools and ‘LoLBins’ by the ransomware operators enables them to stay under the radar as they proceed.

Credit-card skimmer attack
A credit-card skimmer has been found targeting websites that are hosted on Microsoft IIS servers and running ASP.NET. The campaign likely started in April 2020 and has affected a range of victims, including sports organizations, health and community associations, and a credit union.

Purple Fox EK
The Purple Fox exploit kit has added two new exploits to its bag of tricks. The exploits include a critical vulnerability in Internet Explorer (CVE-2020-0674) and a high-severity vulnerability (CVE-2019-1458) in Microsoft Windows. Previously, the exploit kit used CVE-2018-8120 and CVE-2015-1701 vulnerabilities to target victims.

Top Vulnerabilities Reported in the Last 24 Hours

Faulty routers
According to a study, it has been found that 127 routers from seven different vendors are affected by several vulnerabilities. These vendors have failed to fix these vulnerabilities despite the available security patches. Names of these vendors include AVM, D-Link, Linksys, TP-Link, Zyxel, and Netgear.

Flawed Zimbra software
A flaw in the email server software Zimbra had exposed clear text credentials stored in the popular Cafe Bazaar app. The flaw was identified as a server-side request forgery vulnerability and could even allow attackers to conduct man-in-the-middle attacks.

Citrix patches 11 flaws
Citrix has released patches for a set of 11 vulnerabilities found in its ADC, Gateway, and SD-WAN WANOP networking products. The vulnerabilities include cross-site scripting, code injection, and information disclosure flaws. Customers have been advised to apply the latest builds to address these vulnerabilities.

 Tags

d link router
wastedlocker ransomware
x fab group
credit card skimming attacks
popular fox exploit kit

Posted on: July 07, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!