Phishers are finding success in using compromised accounts to send malicious emails. As if this is not enough, they are now leveraging legitimate services to stay under the radar. These two conditions have proved favorable for a phishing campaign dubbed ‘Compact’ that has been active since 2020. Having got hold of more than 400,000 Office 365 Outlook Web Access credentials, the phishers are in the process of expanding the campaign by using Amazon Simple Email Service (SES) and the Appspot cloud computing platform.
The new Purple Fox’s worm-like capabilities are turning out to be a danger for Windows machines. The malware is being spread through indiscriminate port scanning and exploitation of exposed SMB services with weak passwords and hashes. Adding more troubles for online users, two dozen malicious Chrome browser extensions and 40 associated malicious domains have been discovered distributing adware with an aim to steal credentials.
Top Breaches Reported in the Last 24 Hours
Over 20TB of sensitive data belonging to Forex Broker
was leaked online due to an unprotected Elasticsearch database. The database contained over 16 billion records of customers’ personally identifiable information.
Attack on Flagstar Bank
Michigan-based Flagstar Bank
reportedly fell victim to a ransomware attack in January this year. Following the attack, the ransomware operators not only encrypted the database but also, siphoned banking data that includes social security numbers. In another incident, Stratus Technologies disclosed a ransomware attack that forced the company to take the systems offline.
Hobby Lobby exposes data
Arts and crafts retailer Hobby Lobby
has suffered a cloud-bucket misconfiguration, exposing
138GB of sensitive information of around 300,000 customers. The exposed details include customers’ names, partial payment card details, phone numbers, and email addresses.
6.5 million Israel citizens affected
A threat actor calling itself ‘The Israeli Autumn’ took credit
for leaking registration and personal details of millions of Israeli citizens. The details include full names, phone numbers, ID card numbers, home addresses, gender, age, and political preferences.
Honeywell’s IT systems disrupted
Industrial giant Honeywell
revealed that some of its IT systems were disrupted as a result of malware attacks. Although an investigation into the incident is ongoing, Honeywell stated it has found no evidence of data being exfiltrated from systems.
University of Colorado’s data leak
The Clop ransomware group has posted online sensitive data belonging to students of the University of Colorado and patient data of University of Miami patient data. The universities are victims of a breach that affected Accellion FTA servers.
Top Malware Reported in the Last 24 Hours
Malicious Chrome extensions
Researchers have discovered two dozen malicious Chrome browser extensions and 40 associated malicious domains
that are being used to distribute adware on victim systems. The adware is designed to steal credentials or quietly redirect victims to malicious sites.
Purple Fox malware evolves
An upgraded variant of Purple Fox malware with worm capabilities has been found to be deployed in an ongoing attack campaign. The malware is being spread through indiscriminate port scanning and exploitation of exposed SMB services with weak passwords and hashes. The malware targets Microsoft Windows machines and repurposes compromised systems to host malicious payloads.
Top Scams Reported in the Last 24 Hours
Compact phishing campaign
A phishing operation dubbed ‘Compact’ that has been active since early 2020 has now expanded to abuse new legitimate services—Amazon Simple Email Service (SES) and the Appspot cloud computing platform—to bypass secure email gateways. By the end of December, scammers managed to pilfer more than 400,000 Office 365 Outlook Web Access credentials. The phishing emails are sent on the pretext of notifications from video conferencing services, various security solutions, and productivity tools. The campaign also leverages compromised accounts for SendGrid and MailGun email delivery services to evade detection.