Cyware Daily Threat Intelligence, October 20, 2020

Share Blog Post

Messing with previously-known vulnerabilities for cyberattacks has never been out-of-fashion for threat actors. Throwing light on the growing threat, seven mobile browsers have been found to be impacted by an address spoofing vulnerability that can open the door for malware delivery, phishing, and disinformation campaigns. The affected browsers are Apple Safari, Opera Touch/Mini, Yandex, Bolt Browser, RITS Browser, and UC Browser.

Widespread phishing attacks designed to steal Microsoft Office 365 and Facebook credentials have also been observed in the last 24 hours. While the Office 365 operation has reached tens of thousands of emails by spoofing applications such as Microsoft Office, Microsoft Teams, and Zoom, the phishing on Facebook is launched via Messenger.

Moreover, the Nefilim ransomware gang made headlines for posting sensitive information stolen from eyecare giant Luxottica. The attack had occurred on September 18.

Top Breaches Reported in the Last 24 Hours

Around 15 million voters’ data leaked
A popular Russian hacking forum has leaked the data of roughly 15 million Florida voters. Among the compromised data includes the voters’ names, voter IDs, phone numbers, addresses, dates of birth, gender, race, and party affiliation. The scraped data seems to date from August 2018.

Google reveals about a DDoS attack
Google revealed that it was hit in a DDoS attack campaign in September 2017. Recorded at 2.5Tbps, the attack was carried out by spoofing several networks - to send 167 millions of packets per second.

SS7 mobile attacks
Hackers with access to Signaling System 7 (SS7) mobile networks were able to breach Telegram messenger and email data of several high-profile individuals in the cryptocurrency business. The attack had occurred in September and targeted at least 20 subscribers of the Partner Communications Company.

Luxottica’s stolen data posted
Nefilim ransomware operators have posted online a list of sensitive data stolen from Italian eyewear and eyecare giant Luxottica. The attack had occurred on September 18. Security experts believe that threat actors exploited a prominent Citrix flaw to infect the systems at the company with ransomware.

Top Malware Reported in the Last 24 Hours

Basecamp abused
Hackers have started using Basecamp project management solution to distribute malware or steal login credentials. In one instance, the product was used to distribute BazarLoader executables. By abusing safe services such as Basecamp to host malicious files and phishing pages, users can be lulled into a false sense of trust and open files that they normally would not.

Top Vulnerabilities Reported in the Last 24 Hours

Address bar spoofing flaw
Seven mobile browsers are vulnerable to an address bar spoofing flaw that can allow threat actors to spoof a legitimate site. The impacted browsers include Apple Safari, Opera Touch, Opera Mini, Bolt, RITS, UC Browser, and Yandex Browser. The issue was discovered earlier this year, with some of the vendors coming forward to patch their respective browsers.

Vulnerable Waze
A vulnerability discovered in Google’s GPS navigation software app, Waze, was fixed in December after being reported by a researcher. The flaw could have allowed threat actors to access the name and location of users.

Top Scams Reported in the Last 24 Hours

Spoofed domains
The FBI has issued an alert to warn about the potential use of spoofed US Census Bureau domains for phishing attacks and credential thefts. So far, the FBI has observed 65 malicious domains registered similar to the US Census Bureau. Some of these spoofed websites are Censusburea[.]com or census-gov[.]us. Following the rise in this trend, the agency has provided a list of recommendations to detect legitimate-looking fake domains.

Phishing campaigns
Two massive phishing campaigns aimed at Microsoft Office 365 users and Facebook Messenger have been uncovered by researchers. While the campaign targeting Office 365 users is launched through multiple applications, the other abusing Facebook Messenger has targeted nearly 500,000 victims across the globe.

Another phishing
Scammers are using a Coinbase-themed phishing email to trick users into installing an Office 365 consent app that gives attackers access to their email. The email pretends to be a ‘New terms of service’ for Coinbase users.

 Tags

luxottica
ss7 mobile
microsoft office 365
bolt browser
ddos attack
address spoofing vulnerability

Posted on: October 20, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!