Cyware Daily Threat Intelligence, May 21, 2020

Share Blog post

Another day, another series of phishing attack campaigns. Security experts have uncovered that threat actors are using cloud services, such as Google Firebase and LogMeIn, to bypass email security. The purpose of these attacks is to pilfer the credentials of users. Another phishing campaign that impersonated the U.S. Supreme Court was also carried out to target high-profile Microsoft Office 365 users.

In different news, Microsoft issued a security advisory to mitigate NXNSAttack vulnerability. It affects DNS servers and can be abused to launch large-scale DDoS attacks. Google has also released Chrome 83 with fixes for 37 vulnerabilities.

Top Breaches Reported in the Last 24 Hours

Toll’s stolen data on sale
Confidential data stolen from the Australia-based Toll Group has made its way onto the dark web. The stolen information contained data related to some of its past and present employees, commercial agreements, and other operational information.

40 million records on sale
A hacker has put up for sale the details of 40 million users registered on the Wishbone app. The data is being sold at a price of 0.85 bitcoin and contains usernames, emails, phone numbers, and physical addresses of users.

Mitsubishi breach under investigation
Japan’s defense ministry is investigating a possible data leak incident that occurred earlier this year at Mitsubishi Electric Corp. The ministry suspects that hackers stole a prototype of a high-speed gliding missile known as HGV. The other stolen information includes sensitive documents sent by several defense equipment makers.

Source code of Ghost kit leaked
The source code of the Ghost DNS exploit kit was uploaded by crooks to a file-sharing platform without any password. This enabled security experts from Avast to take a closer look at the malware. Upon analyzing the code structure, the experts claimed that the tool uses DNS hijacking and keylogging to obtain sensitive information from victims’ machines.

Medical Care data leaked
The operators of Snake ransomware have leaked the personally identifiable information of patients stolen from the Fresenius Medical Care unit, online. It contains patient details from Fresenius Medical Care center in Serbia, which provides dialysis services for people with chronic kidney failure.

Israeli websites defaced
More than 2,000 Israeli websites have been defaced by exploiting a vulnerability in a plugin. Efforts are currently underway to restore all affected sites.

Top Malware Reported in the Last 24 Hours

Phishing attacks
A series of phishing attack campaigns that leverage the reputation of Google Firebase has been found duping victims into handing over their login details. The attack starts with spam emails that encourage recipients to click on a Firebase link included in the email. This redirects the victims to one of the phishing login pages of Outlook, Office 365, or other banking apps.

Another phishing attack
Cybercriminals are sending phishing emails that spoof the U.S. Supreme Court with an aim to collect the login credentials of Office 365 users. The ongoing campaign has so far targeted C-Suite level officers.

Steam phishing campaign
A phishing campaign is underway that targets online gamers by using Steam skins as a lure. The main goal of the threat actors is to steal credentials of ‘Counter-Strike: Global Offensive’ players.

LogMeIn phishing
Phishing emails pretending to be from LogMeIn are alerting recipients to patch a zero-day vulnerability affecting the company’s products. These emails include a link that redirects victims to a phishing page.

Top Vulnerabilities Reported in the Last 24 Hours

VMware addresses a bug
VMware has addressed a remote code execution vulnerability found in its Cloud Director product. The vulnerability, tracked as CVE-2020-3956, can be exploited through the HTML5- and Flex-based UIs, the API Explorer interface, and API access.

Chrome 83 released
Google has released Chrome 83 with fixes for 38 vulnerabilities. Of these, five are high severity flaws, seventeen are medium-severity issues, and five low-risk bugs.

Drupal patches flaws
The latest version of Drupal has been released with patches for cross-site scripting and open redirect vulnerabilities. Both the vulnerabilities are rated as ‘Critical.’

Mitigation for NXNSAttack
Microsoft has released a security advisory to mitigate the NXNSAttack vulnerability that affects DNS servers. The vulnerability could be abused to amplify a single DNS request into a DDoS attack against authoritative DNS servers. The flaw is tracked as CVE-2020-8616.

 Tags

large scale ddos attacks
google firebase
mitsubishi electric corporation
ghost kit
nxnsattack vulnerability
logmein

Posted on: May 21, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!