Cyware Daily Threat Intelligence, May 19, 2020

Share Blog post

Phishing in the time of COVID-19 has turned out to be a golden opportunity for threat actors. A report has revealed that attackers had spoofed websites of several government agencies in the past two months to conduct more than 300 phishing campaigns. The affected agencies include the Center for Disease Control (CDC), Federal Emergency Management Agency (FEMA), Internal Revenue Service (IRS), and the White House.

Moreover, researchers detected a new phishing attack that targeted Microsoft Office 365 users. In this attempt, the attackers leveraged the  OAuth2 framework and OpenID Connect (OIDC) protocol to bypass the multi-factor authentication. The ultimate purpose of these two phishing attacks was to steal credentials from victims.

Top Breaches Reported in the Last 24 Hours

129 million records on sale
A database containing 129 million records of Russian car owners is sold at a price between $2,900 and $14,500, on a dark web forum. The exposed data includes the manufacture dates, models, and places and dates of registration of the cars.

EasyJet exposes 9 million records
EasyJet disclosed that the personal information of 9 million customers was accessed in a highly sophisticated cyberattack. Of the 9 million people, 2,208 had credit card details stolen. However, no passport details were affected in the attack.

Taiwan President’s office hacked
The office of Taiwanese President Tsai Ing-wen was compromised in a cyberattack. According to reports, the stolen files included minutes of a meeting conducted to discuss cabinet appointments and other strategies.

Covve reports security incident
Covve has reported a security incident that may have resulted in the compromise of data of around 90,000 users. The incident occurred due to a legacy Covve web app. The data includes names and contact details of users.

Food company attacked
Sherwood Forest and Harvest Distributors is the latest victim of the REvil ransomware. The threat actors threatened to release eight of the company’s proprietary files online. These files contain highly sensitive data, including cash-flow analysis, sub-distributor info, and detailed insurance information.

Top Malware Reported in the Last 24 Hours

Phishing attack
A new phishing attack, targeted against Office 365 users, was found leveraging the OAuth2 framework and OpenID connect (ODIC) protocol to bypass multi-factor authentication. The purpose of the attack was to harvest credentials from users. The email used in the attack appears like a typical invite with a SharePoint file URL.

New Netwalker variant
A newly discovered Netwalker ransomware variant has adopted a fileless technique called reflective dynamic-link library (DLL) injection to evade detection. It renames encrypted files using 6 random characters as an extension.

  
Top Vulnerabilities Reported in the Last 24 Hours

Old flaw exploited
A 2017 bug found in the MAGMI plugin is being exploited to take over Magento-based online stores and plant a malicious script that records and steals buyers’ payment card details. The flaw in question is a cross-site scripting flaw, identified as CVE-2017-7391.

Vulnerable Nitro PDF
Two remote code execution vulnerabilities and an information disclosure flaw were found affecting Nitro PDF reader. These vulnerabilities can allow adversaries to carry out a variety of actions. The flaws tracked as CVE-2020-6093, CVE-2020-6092, and CVE-2020-6074, have been addressed in Nitro Pro PDF version 13.9.1.55.

Top Scams Reported in the Last 24 Hours

Spoofing government websites
According to a report from Proofpoint, scammers have spoofed the websites of several government agencies in more than 300 phishing campaigns over the past two months. These affected agencies are actively involved in COVID-19 relief. These include the CDC, FEMA, IRS, and the White House. The purpose of these scams was to steal credentials from employees.

 Tags

magmi plugin
nitro pdf pro
microsoft office 365 users
netwalker ransomware
sherwood forest and harvest distributors

Posted on: May 19, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!