Cyware Daily Threat Intelligence, June 01, 2020

Share Blog post

The COVID-19 outbreak has also heightened the risk of more sophisticated cybersecurity incidents. It has been found that the people of Kentucky have fallen victim to a data leak that occurred due to a faulty Pandemic Unemployment Assistance (PUA) program. Prior to Kentucky, the states of Arkansas, Illinois, Colorado, Ohio, and Florida had all separately disclosed the accidental exposure of personal information due to the vulnerable PUA program.

That’s not all. A phishing campaign that used COVID-19 as a lure was also found by security experts. The attackers had sent phishing emails under the pretext of the Family and Medical Leave Act to trick users in downloading two versatile cybercriminal tools: Himera and Absent-Loader.

Top Breaches Reported in the Last 24 Hours

Database of DH leaked
A hacker going by the name of KingNull has leaked online a database belonging to Daniel’s Hosting (DH). The leaked data includes 3,671 email addresses, 7205 account passwords, and 8580 private keys for .onion domains. The database was hacked in a security breach that occurred on March 10, 2020.

NFN attacked
The administration of the Nipissing First Nation (NFN) stopped a massive ransomware attack by shutting down all servers and discontinuing remote access. The attack took place on May 8 and had affected nearly all departments of the administration. However, most of the services remained unaffected due to the quick action by the administrators.

Amtrak resets passwords
The National Railroad Passenger Corporation (Amtrak) disclosed a data breach that led to the compromise of personal information of some Guest Rewards members. The incident was discovered on April 16, 2020, after Amtrak detected unauthorized access to certain Guest Rewards accounts.

Kentucky becomes a victim
Kentucky has become the latest victim of a data leak that occurred due to a vulnerable Pandemic Unemployment Assistance (PUA) program. Although it is not known how many claimants were compromised, Kentucky officials say the risk is low and there have been no reports of identity theft or financial crimes resulting from the incident.

Joomla discloses a data breach
Joomla suffered a security breach after a member of the Joomla Resources Directory (JRD) team had left a full backup of the JRD site on an Amazon S3 bucket. The bucket contained details of roughly 2700 users who had registered and created profiles on the JRD website. The data was available in plain text format.

Top Malware Reported in the Last 24 Hours

Octopus Scanner malware
GitHub has uncovered a new malware that spreads via infected Apache NetBeans repositories. Named as Octopus Scanner, the malware can run on Windows, Linux, and macOS systems and deploy a Remote Administration Tool (RAT) via the GitHub supply chain attack. So far, GitHub has found 26 repositories on its platform that were infected with Octopus Scanner. The malware’s primary goal is to infect a developer’s computer and spread through their Netbeans projects.

Phishing campaign
Researchers have found a new phishing campaign that uses COVID-19 lures to spread Himera and Absent-Loader. The phishing emails are sent under the pretext of the Family and Medical Leave Act to trick users. These emails include a malicious word document designed to disperse the two malicious payloads.

Top Vulnerabilities Reported in the Last 24 Hours

Critical Sign-in bug
A critical Sign-in flaw in Apple could allow an attacker to potentially take over an account with just an email ID. This affects third-party apps that used Sign-in with Apple ID without implementing necessary security measures. The flaw was discovered and patched in April. Meanwhile, Apple has claimed that there was no evidence of accounts being compromised as a result of the flaw.

 Tags

pandemic unemployment assistance pua program
himera
daniels hosting dh
absent loader
amtrak

Posted on: June 01, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!