Cyware Daily Threat Intelligence, September 04, 2020

Share Blog post

Keeping phishers at bay is nearly impossible as long as they know how to exploit the fear of users. Two such phishing campaigns have come to notice in the past 24 hours that are designed to trick users into sharing their login credentials and personal information. In one campaign, the scam relies on impersonating several companies’ homepages that are distributed through phishing emails. The other involves redirecting Lloyds Bank customers to a fake site of the bank.

A wave of DDoS attacks that affected multiple ISPs in Belgium, France, and the Netherlands was also observed in the last 24 hours. Many of these attacks were directed towards routers and DNS infrastructure.

Top Breaches Reported in the Last 24 Hours

Cygilant hit in an attack
Cyber threat detection startup, Cygilant, suffered an attack from NetWalker ransomware. Following the attack, the operators posted screenshots of internal network files and directories associated with the firm and threatened to release more if a ransom was not paid. However, the attackers delisted the company name and the stolen data, after some time, from its dark web listing.

Warner Music Group affected
Warner Music Group has disclosed months-long web skimming attacks on some of its online stores. The incident occurred between April 25 and August 5, and might have resulted in the compromise of names, email addresses, telephone numbers, billing addresses, shipping addresses, and payment card details of users.

Multiple ISPs suffers DDoS attacks
Multiple ISPs across Belgium, France, and the Netherlands suffered a wave of DDoS attacks that targeted their DNS infrastructure. The affected ISPs include EDP, Bouygues Telecom, FDN, K-net, SFR, Caiway, Delta, FreedomNet, Online.nl, Signet, and Tweak.nl.

View Media exposes 39 million records
View Media had exposed close to 39 million records due to an unsecured data bucket. The records included users’ full names, email and street addresses, phone numbers, and ZIP codes. The bucket was secured after the firm became aware of it.

Top Malware Reported in the Last 24 Hours

New variant Inter skimmer
A new variant of Inter skimming kit has been discovered that can be used for other cybercriminal campaigns such as ransomware deployments and phishing. The skimming malware is widely available on underground forums and, so far, has affected over 1,500 websites. The new variant includes the ability to create fake payment forms using legitimate names, such as PayPal.

Top Vulnerabilities Reported in the Last 24 Hours

RCE vulnerability exploited in the wild
Researchers at Unit 42 discovered exploits in the wild leveraging the vBulletin pre-auth RCE vulnerability. The flaw, tracked as CVE-2020-17496, could be abused through a specially-crafted HTTP request. It could allow attackers to gain privileged access and take control over any vBulletin server running versions 5.0.0 through 5.5.4.

Vulnerable servers
The U.S. Department of Defense has disclosed details about four vulnerabilities affecting its cloud storage buckets and servers. The flaws could allow attackers to hijack a subdomain, execute arbitrary code remotely, or view files on the affected machine. The servers are vulnerable to CVE-2019-1092 and CVE-2019-0193. Exploit code for both of them is available.

Top Scams Reported in the Last 24 Hours

Imitating businesses for phishing
Scammers are impersonating several companies’ homepages to trick potential victims into providing their login credentials. Such attacks start with an email purporting to be from the company’s technical support team informing that some messages were blocked from reaching victims’ inbox because they were quarantined. To create a sense of urgency, the email further prompts the recipients to review the messages before they get deleted.

Lloyds Bank customers targeted
Lloyds Bank customers are being targeted in a phishing campaign. The scammers are using the bank’s logos and branding under the subject line ‘Alert: Document Report – We noted about security maintenance.’ It notifies the recipients that their online banking has been disabled due to recent activities on their accounts.

 Tags

department of defense
inter skimmer
vbulletin pre auth rce vulnerability
view media
lloyds bank customers

Posted on: September 04, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!