Go to listing page

Cyware Daily Threat Intelligence, June 26, 2020

Cyware Daily Threat Intelligence, June 26, 2020

Share Blog Post

As several organizations prepare to re-open after a lockdown period, threat actors have come up with a new phishing scam that leverages the theme of compliance with coronavirus regulations in the workplace. The campaign targets Office 365 users and includes a fake link to register for COVID-19 training.

Furthermore, web skimmers came up with a new evasion technique with an intention to steal more credit card details. In this attempt, the attackers are hiding a malicious card stealing script in the EXIF data of a favicon image.

Top Breaches Reported in the Last 24 Hours

Breach at Preen.Me
A security breach at social media marketing firm Preen.Me may have affected the personal data of an estimated 100,000 social media influencers. The same breach has also led to the leak of personal information of more than 250,000 social media users on a deep web forum.

OneClass data leak
An unsecured Elasticsearch database belonging to remote learning platform OneClass had exposed information of nearly one million students in North America. The exposed information included full names, email addresses (some masked), schools and universities attended, phone numbers, school, and university course enrollment details.

Top Malware Reported in the Last 24 Hours

Attack campaign
A new attack campaign from a DarkCrewFriends hacker group has been observed by security researchers. The attack chain involves the exploitation of an unrestricted file upload vulnerability to upload a malicious PHP web shell. The malware’s capabilities include launching DDoS attacks, extracting all the services running on the target computer, and executing multiple IRC commands.

Skimming attack evolves
Web skimmers have evolved the attack technique by hiding the malicious card stealing script in the EXIF data of a favicon image. The malicious script is inserted on hacked websites to steal credit card information of users.

New variant of Cryptomining malware
A new variant of the Golang cryptomining malware is targeting both Windows and Linux machines. This new malware variant attacks web application frameworks, application servers, and non-HTTP services such as Redis and MSSQL. It spreads like a worm, searching and infecting other vulnerable machines.

Top Vulnerabilities Reported in the Last 24 Hours

Microsoft Exchange server flaw
Microsoft has warned Exchange customers to patch their servers following the rise in attacks that exploit an Internet Information Service (IIS) vulnerability. The flaw, identified as CVE-2020-0688, can allow attackers to steal credentials of employees and users from compromised servers.

GeoVision patches flaws
GeoVision has patched three of the four critical vulnerabilities impacting its card and fingerprint scanners. The flaws can be exploited to intercept network traffic and stage man-in-the-middle attacks. In total, 6 models of the devices are affected by the flaws.

Top Scams Reported in the Last 24 Hours

Facebook phishing scam
Scammers are using an old tactic to lure Facebook users into clicking on a malicious video link. The scam, which spread through Facebook Messenger like a chain reaction, uses a compromised account to send automatic messages to other persons in the victim’s friends list. The malicious video link includes catchy lines to trick users.

Phishing scam
A new phishing scam has been found targeting Office 365 users under the pretext of providing Coronavirus training. The subject of the email reads as ‘COVID-19 Training for Employees: A Certificate for Health Workplaces.’ It includes a link, wherein the victims are prompted to register to attend the training.


elasticsearch database
darkcrewfriends hacker group
web skimmers
microsoft office 365 users
golang cryptomining malware

Posted on: June 26, 2020

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.