Cyware Daily Threat Intelligence, June 18, 2020

Share Blog Post

The cyber risk landscape is rapidly evolving as threat actor groups continue to launch sophisticated cyberespionage campaigns with a myriad of malicious intentions. In the last 24 hours, researchers discovered a new phishing campaign that targeted Microsoft Office 365 users. The attack involved several evasion techniques including the use of Adobe Campaign server located on Samsung’s domain.

A new variant of the Shlayer macOS malware was also found leveraging poisoned Google search results to lure victims. The malware variant was distributed as a fake Adobe Flash Player installer. In addition to this, new details about the notorious Turla group have emerged in the past 24 hours. It has been found the group had exploited vulnerabilities in VirtualBox driver to spread an advanced malware dubbed AcidBox.

Top Breaches Reported in the Last 24 Hours

Cognizant confirms data breach
Cognizant revealed that Maze ransomware attackers have pilfered a limited amount of data from its systems. The attack had occurred between April 9 and 11, 2020. The compromised data includes social security numbers, tax identification numbers, financial account information, and driver’s license numbers.

Top Malware Reported in the Last 24 Hours

Phishing campaign
A phishing campaign, launched in April 2020, had targeted Microsoft Office 365 users in European, Asian, and Middle East countries. The attackers were found delivering ‘missed voice message’ emails to redirect recipients to a phishing page masquerading as the Office 365 page. The redirection mechanism was carried out via an Adobe Campaign server located on Samsung’s domain.

New version of Shlayer malware
A new variant of Shlayer Mac malware has been spotted in the wild. It is delivered as a DMG disk image, masquerading as an Adobe Flash Player installer. The new version uses poisoned Google search results to lure victims and stealthily infect their system. Researchers believe that other search engines, such as Bing, Yahoo, and DuckDuckGo, are also susceptible to the tactic.

AcidBox malware uncovered
Researchers found that the Turla threat actor group had abused vulnerabilities in VirtualBox driver to spread an advanced malware dubbed AcidBox. The malware was used twice against Russian organizations in 2017.

Top Vulnerabilities Reported in the Last 24 Hours

Cisco fixes flaws
Cisco has fixed two severe flaws affecting its Webex Meetings for Windows and macOS. The flaws are tracked as CVE-2020-3263 and CVE-2020-3342. They can be abused to allow unprivileged attackers to run malicious programs and code on vulnerable machines.

Netgear router flaw
A zero-day vulnerability found in Netgear routers can allow hackers to bypass the authentication process and steal victims’ data from their laptops. The flaw arises from the way routers handle incoming data. It impacts the version of Netgear firmware dating back to 2007.

Flawed remote USB protocol
An unpatched vulnerability, identified as CVE-2020-9332, has been residing in a USB protocol developed by FabulaTech that is used in its “USB for Remote Desktop” software. The flaw can be used by attackers to elevate privileges on a target machine by adding fake devices. The protocol is used by a large number of high-profile organizations, such as Google, Microsoft, Texas Instruments, BMW, MasterCard, Intel, and Xerox.


microsoft office 365 users
shlayer macos malware
netgear router
acidbox malware

Posted on: June 18, 2020

Get the Daily Threat Briefing delivered to your email!

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

Join Thousands of Other Cyware Followers!