Cyware Daily Threat Intelligence, June 04, 2020

Share Blog post

VPNs are a vital part of the security infrastructure but they can be vulnerable or hackable and can be weaponized against you. Security experts have uncovered a new phishing campaign that attempts to trick Microsoft Office 365 users with fake VPN configuration update requests. The purpose of the campaign is to steal login credentials from users. In a different incident, three fake iOS VPN apps - Beetle VPN, Buckler VPN, and Hat VPN Pro - duped users with high subscription charges without providing the services they claimed.

Cyberespionage campaigns wherein attackers used different obfuscation techniques to target organizations also came to notice in the last 24 hours. While the Ursnif trojan used Excel 4.0 macro to spread laterally across networks, the Metamorfo banking trojan leveraged the DLL hijacking technique to conceal its presence on targeted systems.

Top Breaches Reported in the Last 24 Hours

WordPress sites targeted
Security experts have found a large-scale attack campaign that targeted 1.3 million WordPress sites between May 29 and May 31. The attackers intended to harvest database credentials from these sites by downloading their configuration files.

Netwalker ransomware wreaks havoc
The operators of Netwalker ransomware have claimed to have successfully attacked the University of California San Francisco (UCSF). Following the attack, they have stolen confidential data and encrypted their computers.

SFERS breached
The San Francisco Employees’ Retirement System (SFERS) suffered a data breach that affected the information of approximately 74,000 members. The vendor learned about the incident on March 21, 2020, and had immediately shut down the targeted server to prevent any unauthorized access to its data.

Top Malware Reported in the Last 24 Hours

New Ursnif campaign
Security researchers have discovered a new Ursnif campaign that leverages Excel 4.0 macro to evade detection and propagate across systems. The campaign, which was first observed in January, asks the victims to enable editing and content in written text.

Metamorfo banking trojan
A new Metamorfo campaign that uses legitimate software components to compromise computers has been uncovered by researchers. It uses a DLL hijacking technique to conceal its presence on the system. Furthermore, it also tries to download malicious files from the C2 server including an updated version of itself.

Newly USBCulprit malware
The Cycldek APT group has added a new malware, dubbed USBCulprit, as part of its arsenal. The malware has been deployed against targets in Vietnam, Thailand, and Laos. The primary characteristic of malware is to steal data from the targeted networks. The malware propagates via air-gapped systems.

ZLoader malware campaign
Cybercriminals took advantage of the massive uptick in unemployment across the U.S. to target users with ZLoader malware in a phishing campaign. The malware was distributed via malicious files masquerading as resumes and CVs. The subject lines of these emails read as “applying for a job” or “regarding job.”
  
Top Vulnerabilities Reported in the Last 24 Hours

Two critical flaws in Zoom patched
Two critical flaws in the Zoom software that could have allowed attackers to hack into the systems of group chat participants remotely have been fixed. Both flaws in question are path traversal vulnerabilities.

Flaws in Firefox 77 patched
Mozilla has issued security updates for eight security flaws found in Firefox 77. Five of them are considered to be high-risk vulnerabilities. Of these five, three are remote code execution vulnerabilities.

Details of flaws in SAP disclosed
Researchers have disclosed the details of six vulnerabilities found in SAP Adaptive Server Enterprise (ASE). These security flaws could allow unprivileged attackers to gain complete control of the database and even the underlying operating system.

Faulty routers
Cisco has disclosed four security flaws affecting router equipment that uses its IOS XE and IOS software. The four flaws are CVE-2020-3227, CVE-2020-3205, CVE-2020-3198, and CVE-2020-3258. The affected routers are Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Routers (CGR1000).

Top Scams Reported in the Last 24 Hours

Fake VPN apps
Three fake iOS VPN apps - Beetle VPN, Buckler VPN, and Hat VPN Pro - that do not provide the services they claim are tricking users with false subscription charges. These apps have been downloaded over 420,000, 271,000, and 96,000 times respectively. With many people turning to VPN apps to protect their data while working remotely, it is important to scrutinize such apps before installing them.

Microsoft Office 365 users targeted
Microsoft Office 365 customers are being targeted by phishing emails impersonating VPN configuration update requests sent by their organizations. So far, the emails have landed in the inboxes of up to 15,000 targets. With this campaign, the scammers intent to steal login credentials from users.

 Tags

usbculprit malware
microsoft office 365 users
firefox 77
netwalker ransomware
san francisco employees retirement system sfers
zloader malware

Posted on: June 04, 2020

Get the Daily Threat Briefing delivered to your email!



More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.



Join Thousands of Other Cyware Followers!