Cyware Daily Threat Intelligence, July 21, 2020

Share Blog post

Another day, another series of phishing attack campaigns. After hijacking high-profile Twitter accounts, scammers have now impersonated the Bill & Melinda Foundation to conduct a bitcoin scam. It is executed through phishing emails that prompt recipients to make small investments in return for high returns.

In a different incident, threat actors were found pitching a subscription renewal for Microsoft Office as a bait to steal targeted users’ credentials. In this case, the phishing emails were designed to appear as legitimate notices from Microsoft.

Top Breaches Reported in the Last 24 Hours

Sensitive health information published
Over 400 webpages containing sensitive health information of several West Australians have been published on a public forum related to the management of the COVID-19 crisis in the state. These pages include details of people in quarantine, phone numbers, addresses, and the method of their case management. 

Lorien Health Services affected
Lorien Health Services in Maryland announced a ransomware attack incident that occurred in June. The attack was carried out by Netwalker operators, who leaked the information after the nursing home refused to pay the ransom. The leaked data included residents’ names, social security numbers, dates of birth, addresses, and health diagnoses.

VPN providers leak data
Seven VPN providers have leaked 1.2 terabytes of private data, which belongs to nearly 20 million users, due to a misconfigured server. The exposed data includes the users’ email and home addresses, clear text passwords, and IP addresses. The seven affected VPN providers are UFO VPN, FAST VPN, FREE VPN, SUPER VPN, Flash VPN, Secure VPN, and Rabbit VPN.

Family Tree Maker software data leak
An unsecured Elasticsearch server belonging to the Family Tree Maker software has exposed 25GB of its user data. Among the data leaked to the public-facing internet are email addresses, geolocation data, IP addresses, system user IDs, support messages, and technical details.

Blackbaud pays ransom
Cloud software provider Blackbaud has admitted to paying a ransom following an attack in May 2020. According to the firm, the attackers did not access credit card data, bank account information, or social security numbers. Even so, the company decided to pay the cybercriminals to delete the data that was exfiltrated during the incident.

DeepSource resets passwords
DeepSource has reset logins following a potential spear-phishing attack by Sawfish operators. The attackers intended to steal employees’ credentials using a phishing page that mimicked GitHub’s login page.

Top Vulnerabilities Reported in the Last 24 Hours

PoC for critical RCE flaw released
Security experts have released the Proof-of-Concept for a recently discovered ‘wormable’ remote code execution flaw that affects the Windows DNS Server service. Identified as CVE-2020-1147, the flaw is triggered when the software fails to check the source markup of XML file input. The issue was patched by Microsoft in July 2020 Patch Tuesday.

Adobe releases updates
Adobe has released security updates to address twelve critical vulnerabilities in its Photoshop, Prelude, and Bridge. The flaws could allow attackers to execute arbitrary code on Windows devices.

Top Scams Reported in the Last 24 Hours

Bill & Melinda Foundation impersonated
Scammers have impersonated Bill & Melinda Gates Foundation in a new bitcoin scam that is carried through phishing emails. The email is sent from the domain, gatesfoundatlon[.]com, that resembles the institution’s legitimate site. It promises the recipients of high returns in bitcoins for a small investment.

Microsoft Office phishing 
Researchers have come across two phishing attacks that use a subscription renewal as the pitch to trap unsuspecting users. Both the attacks impersonate actual notices from Microsoft and are aimed at stealing sensitive information from Microsoft Office 365 users.

 Tags

microsoft office
free vpn
rabbit vpn
super vpn
lorien health services
bill melinda foundation

Posted on: July 21, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!