Cyware Daily Threat Intelligence, July 20, 2020

Share Blog post

Phishing continues to be a favorite attack vector for cyber crooks to infiltrate computers and steal personal data. In the last 24 hours, cyberspace saw two phishing campaigns that exploited three cloud services and a leading supermarket Tesco to trick users. The campaign leveraging cloud services - Microsoft Azure, Microsoft Dynamics, and IBM Cloud - mimicked the IT helpdesks to push a fake quarantined mail notification. However, the Tesco phishing campaign used a fake Facebook page as well as SMS and email communication to conduct a 4K TV giveaway scam. 

The infamous Emotet trojan also returned in action after lying dormant for a few months. Security experts noted that the operators are using weaponized documents to employ old URLs pointing to compromised WordPress sites. The targeted countries include Austria, Switzerland, Spain, the United Kingdom, and the United States.

Top Breaches Reported in the Last 24 Hours

Update on hacked Twitter accounts
Twitter has confirmed that hackers downloaded data from eight of 130 hacked accounts. The social media giant had suffered one of the biggest cyberattacks last week wherein attackers had compromised several high profile accounts to conduct a bitcoin scam.

Students’ records exposed
Nearly one million records containing the personal information of online students have been leaked due to misconfigured clouds. The data belongs to five e-learning platforms - Escola Digital, MyTopDog, Okoo, Square Panda, and Playground Sessions.

Site defaced
A group of hacktivists that goes by the online name of Ghost Squad has defaced a site of the European Space Agency (ESA) for the second time in a week. The group has done this by exploiting a server-side request forgery vulnerability in the site.

Top Malware Reported in the Last 24 Hours

Emotet re-emerges
After months of staying inactive, the infamous Emotet trojan has returned in a new massive spam campaign targeting users in Austria, Switzerland, Spain, the United Kingdom, and the United States. The operators of the trojan are using weaponized documents to employ old URLs pointing to compromised WordPress sites.

Top Vulnerabilities Reported in the Last 24 Hours

Bluetooth reconnection flaw
A group of researchers has discovered a vulnerability that affects many IoT devices running Bluetooth. The flaw arises due to design weaknesses in Bluetooth Low Energy devices and can lead to spoofing attacks. Apple has assigned CVE-2020-9770 to vulnerability.

BadPower attack technique
Chinese researchers have demonstrated a new technique that can alter the firmware of fast chargers. Named BadPower, the technique can cause damage to connected systems such as melt components or even set devices on fire.

Top Scams Reported in the Last 24 Hours

Phishing abuse cloud services
A new phishing campaign uses a trio of enterprise cloud services - Microsoft Azure, Microsoft Dynamics, and IBM Cloud - in an attempt to steal users’ login credentials. The campaign mimics the IT helpdesk domains in corporate environments - ‘servicedesk[.]com’ - to send phishing emails. These emails appear to be quarantined mail notifications that ask recipients to release messages stuck in the queue.

Tesco phishing scam
U.K consumers were targeted in a new phishing scam that impersonated the leading U.K supermarket chain, Tesco. The scam used a fake Facebook page as well as SMS and email communication to trick customers into handing over their personal and financial information.

 Tags

microsoft azure
twitter accounts
okoo
emotet trojan
microsoft dynamics
tesco
square panda

Posted on: July 20, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!