Threat actors have found a new phishing tool in the form of web analytics to measure metrics of their phishing campaigns. They are misusing third-party analytic products developed by Google, Bing, and Yandex to collect technical data such as OS type, geo-location, browser type, etc. With this new tactic, cybercriminals aim to optimize their phishing efforts.
Talking about malware, researchers have uncovered a new variant of Emotet that includes a variety of obfuscation techniques that are already used by TrickBot. The past 24 hours also saw the return of NanoCore RAT which is distributed via a specially crafted ZIP file.
Google has also come up with a series of security updates for vulnerabilities found across multiple components of Android. A total of 40 vulnerabilities that could lead to code execution, escalation of privileges, information disclosure have been fixed as a part of November 2019 Android Security Bulletin.
Top Breaches Reported in the Last 24 Hours
Alfa bank data breach
The data of Alfa-Bank credit cardholders, as well as Alfa Insurance customers, was put up for sale on the Darknet. The incident has affected 3,500 Alfa-Bank customers and about 3,000 Alfa Insurance customers. The compromised information included full names, phone numbers, passport data, registration addresses, and insurance details of individuals.
Veritas Genetics suffers a breach
DNA-testing firm Veritas Genetics has experienced a security breach that included customer information. The incident occurred after a hacker gained unauthorized access to the firm’s web portal. The company said that the portal didn’t contain genetic data, DNA-test results, or health records.
Top Malware Reported in the Last 24 Hours
Predator The Thief malware
A phishing campaign has been found targeting employees in the insurance and retail industries with malware named Predator The Thief. This information-stealing malware is sent via a phishing email that impersonates the UK Ministry of Justice. The email asks victims to comply with the subpoena notice in 14 days by clicking on an attached URL.
Researchers have uncovered that attackers are using a specially crafted ZIP file to bypass secure email gateways to distribute the NanoCore RAT. The file is distributed via a spam email pretending to be shipping information from an Export Operation Specialist of USCO Logistics.
Emotet has returned with upgraded functions in a new wave of attacks. Researchers have found that the trojan now includes a number of obfuscation techniques that are already used by Trickbot. The authors have also included a new list of words to generate process names and keep track of installed modules.
Web analytics as phishing tools
Cybercriminals are leveraging key technical makers used in Google Analytics to measure the effectiveness of phishing campaigns. Apart from Google Analytics, threat actors are also misusing analytic products developed by Bing and Yandex to collect necessary details such as browser identification, geo-location, and operating system. Researchers note that this can allow threat actors to gain better visibility of phishing websites and use them further for more targeted attacks.
Top Vulnerabilities Reported in the Last 24 Hours
Google addresses 40 flaws
Google has addressed nearly 40 vulnerabilities in the first part of November 2019 Android Security Bulletin. Out of these, 17 flaws exist in the Framework, Library, Media framework, and System. The affected components include Bootloader, Broadcom Firmware, Bluetooth, Crypto, EcoSystem, Audio, WLAN host, Boot, Services, Kernel, and Display.
NVIDIA releases updates
NVIDIA has released security updates to fix 12 high and medium severity vulnerabilities in the Windows GPU display driver and the NVIDIA GeForce Experience (GFE) software. The flaws addressed could lead to code execution, escalation of privileges, information disclosure, and denial of service on vulnerable Windows computers.