Cyware Daily Threat Intelligence, July 28, 2020

Share Blog post

A new Office 365 phishing bait has come to notice in the last 24 hours. This time, the threat actors are using a fake automated SharePoint notification to trick Office 365 users into sharing their account credentials.

Talking more about credential phishing, scammers have also been found targeting Netflix users with a spoofed email that warns them about a failed payment. The scam uses a CAPTCHA page to bypass email security controls.

The past 24 hours also saw the discovery of a new malware, named Ensiko. It is capable of encrypting files on any system running PHP. 

Top Breaches Reported in the Last 24 Hours

Avon leaks 19 million records
A misconfigured Elasticsearch database belonging to Avon was found exposed to the Internet for nine days before it was fixed. The leaked data included 19 million records containing personal information of users, such as their full names, phone numbers, dates of birth, and email and home addresses.

Promo.com discloses data breach
Promo.com has disclosed a data breach that may have affected 22 million user records. The incident came to light after a hacker leaked a database from the firm for free on a hacker forum. The leaked data includes email addresses, names, gender, and geographic location of users.  

Walgreens breached
Multiple Walgreens stores were breached between late May and early June. This had enabled the attackers to steal prescription information and other data from some 70,000 customers.
  
Top Malware Reported in the Last 24 Hours

Emotet payloads replaced
A hacker managed to replace the payloads delivered by the Emotet trojan with GIF images. The hacker was able to accomplish it as the payload method employed by Emotet is not secure. Usually, Emotet’s operators use web shells, Word documents, and a large hacked infrastructure for distribution. 

New Ensiko malware
A new malware named Ensiko is capable of encrypting files on any system running PHP. Attackers can use it to remotely control a compromised system and run a host of malicious activities. Ensiko uses the symmetric Rijnadel-128 cipher in CBC mode to encrypt files and later appends them with the .BAK extension. 

New details on QSnatch malware
Federal authorities have revealed that there are approximately 62,000 QNAP NAS devices that are infected with QSnatch malware. Upon infecting a device, the sophisticated malware can log passwords, scrape credentials, set up an SSH backdoor, and exfiltrate files.

Cerberus source code on sale
The source code of Cerberus banking trojan has been put up for auction for a price up to $100,000. It includes the Trojan's .APK source code, module code, the code for administrator panels, and servers.

Top Vulnerabilities Reported in the Last 24 Hours

A high-severity flaw in Dell
Researchers have disclosed a path traversal vulnerability in the iDRAC remote access controller, a technology embedded within the latest versions of Dell PowerEdge servers. The flaw can allow remote attackers to take control of server operations. It is assigned CVE-2020-5366 and has a CVSS score of 7.1.
 
Top Scams Reported in the Last 24 Hours

Netflix credential phishing
Threat actors have been targeting Netflix streaming service in a recent wave of phishing attacks to steal payment card information and credentials. They are using a failed payment theme to engage potential victims and redirect them to a CAPTCHA page to bypass email security controls. The email comes from an address - netfiix@csupport[.]co - that appears to impersonate Netflix’s customer support.   

Office 365 phishing bait
Microsoft Office 365 users are targeted in yet another phishing campaign that makes use of a fake automated SharePoint notification as bait to steal their credentials. The goal of these phishing messages is to make the targets click on an embedded hyperlink that sends them to a SharePoint themed landing page through a series of redirects

 Tags

elasticsearch database
microsoft office 365 users
emotet trojan
webshells
walgreens stores
ensiko

Posted on: July 28, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!