Cyware Daily Threat Intelligence, July 31, 2020

Share Blog post

The detection of new attack techniques indicates the pace at which cyber threats are evolving. In the last 24 hours, security experts came across three new attack techniques, one of which has already been spotted in the wild. The three new attack methods are EMV-Bypass Cloning, Timeless Timing attacks, and Hidden Property Abusing.

While the EVM-Bypass Cloning - massively used this year - relies on creating a duplicate copy of an EVM card by collecting information from the original card’s magnetic stripe, the Timeless Timing attacks rely on the abuse of WPA3 and HTTP/2 protocols to leak sensitive data such as encryption keys, private conversations, and browsing habits.

The newly discovered Hidden Property Abusing technique can allow a remote attacker to exploit Node.js applications by manipulating the hidden properties used to track internal program states.

Top Breaches Reported in the Last 24 Hours

Moderna targeted
According to a U.S. security official, China-backed hackers have targeted a biotech company Moderna Inc. in a bid to steal coronavirus-related vaccine research. Meanwhile, China has rejected the claim of hackers targeting Moderna.

IndieFlix data leak
IndieFlix streaming service has leaked thousands of confidential agreements and social security numbers of filmmakers due to an unsecured Amazon S3 bucket. The bucket contained over 90,000 files related to IndieFlix.

Athens ISD to pay ransom
Athens ISD Board of Trustees has agreed to pay $50,000 in ransom to recover from a ransomware attack. The attack had targeted data stored on district servers, backup systems, and hundreds of computers.

Top Malware Reported in the Last 24 Hours

A new njRAT variant
A new variant of njRAT has been found to be active in the wild. The trojan variant uses scripts, such as PowerShell, to implement memory code execution and steal data. It also includes different obfuscation techniques to evade detection.

Top Vulnerabilities Reported in the Last 24 Hours

EMV-Bypass Cloning
EMV-Bypass Cloning technique that was first discovered in 2008, is being used actively by hackers this year. The attack method allows criminals to create cloned payment cards by copying information from the original EVM cards’ magnetic stripes. As a result, they can conduct fraudulent transactions and purchases.

KDE vulnerability
A vulnerability existing in the ARK extraction utility of the KDE desktop environment can allow attackers to overwrite files and execute code on victims’ computers. The flaw can be triggered by tricking the victim into downloading an archive that contains malicious code.

‘Timeless Timing’ attacks
An attack technique that abuses WPA3 and HTTP/2 protocols has been demonstrated by researchers. Termed as Timeless Timing attacks, it can enable malicious actors into leaking sensitive information such as encryption keys, private conversations, and browsing habits.

Hidden Property Abusing technique
Security researchers have demonstrated a new attack technique that targets properties in Node.js. Dubbed as Hidden Property Abusing, the attack method can allow a remote attacker to exploit Node.js applications by manipulating the hidden properties used to track internal program states.

Top Scams Reported in the Last 24 Hours

Another Office 365 phishing
A new Office 365 phishing campaign is underway that abuses Google Ads to bypass secure email gateways. The purpose of the campaign is to redirect employees of targeted organizations to phishing pages and steal their Microsoft credentials. The phishing emails are sent to employees from compromised accounts. Potential victims are informed of recent policy changes and are asked to accept the changes to be able to continue using services.

 Tags

hidden property abusing
office 365 phishing
kde vulnerability
njrat
evm bypass cloning

Posted on: July 31, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!